Skip to content
Get a Demo

Optery Security & Architecture

As a data privacy and security company, Optery understands the trust our customers place in us. When you sign up for our services, you are entrusting us with your personal information, and we take that responsibility very seriously.

Optery has completed its AICPA SOC 2, Type II security audit and makes its audit report available to Optery for Business corporate customers under a Non-Disclosure Agreement (NDA).

This page provides a plain-language overview of how we secure registered users’ data in our apps. For details, see our Statement on Data Security, Privacy Policy, and Subprocessors list.

Contact the Team
Learn More
Strengthen External Attack Surface Management with Optery

Third-Party Vendors and Subprocessors

Optery uses third-party vendors and service providers to operate, support, secure, and deliver its services. These providers are given access only as reasonably necessary for those purposes. A current list of subprocessors is maintained on our Subprocessors page.

AI processing for Removals Reports is opt-in, with instructions available in our Help Desk article.

Security Platform Design

Not a Data Broker

Optery is not a data broker and does not sell or rent personal information for monetary consideration to any third party. Optery is not affiliated with any data broker.

Least-Privilege Access

Optery minimizes the number of individuals who have access to user data and critical systems using the least-privilege principle. Access is protected using strong passwords and multi-factor authentication wherever possible.

Confidentiality and
Access Revocation

Employees and contractors are required to sign confidentiality and non-disclosure agreements. When an employee or contractor leaves, their access privileges are revoked immediately.

Security & Architecture

Cloud infrastructure hosted in the United States

Hosted on AWS in access-controlled environments

Optery products run on infrastructure hosted in the United States in separate, access-controlled environments provided by Amazon Web Services (AWS).

Encryption in transit and at rest

All user data in transit is encrypted using TLS v1.3 (HTTPS/SSL). Data at rest is encrypted using AWS RDS with AES-256 encryption. Encryption keys and encrypted data are stored separately using AWS Key Management Service (KMS).

Password protection and MFA

User account passwords are encrypted using PBKDF2 with a SHA-256 hash and must meet strength requirements. Optery supports multi-factor authentication (MFA/2FA) for all user accounts and requires MFA for employees and contractors wherever possible.

Keeping systems up to date

Applications and systems are kept up to date and patched with the latest security updates.

Reporting Security Concerns

If you believe you’ve found a potential user data security vulnerability with Optery, please contact us with as much information as possible. We will review and act on your inquiry carefully as necessary.

Resources

Have questions about our security?
Reach out for additional details.

Complete the form and an Optery team member will be in touch shortly.

 

Ready to safeguard your employees’ data?

See why Optery is the leader in enterprise-grade personal data removal.
Request a Demo