Security at Oditfy
We take protecting your sensitive financial data seriously. Learn about our security practices and commitment to your trust.
Data Protection & Encryption
Your data is protected with military-grade encryption, both in transit and at rest.
Encryption in Transit
All data transmitted between your devices and Oditfy servers is encrypted using TLS 1.2 or higher.
Encryption at Rest
Data stored in our systems is encrypted using AES-256 encryption.
Key Management
We follow industry best practices for cryptographic key management, with keys stored securely and rotated regularly.
Enterprise Infrastructure
Built on reliable, secure cloud infrastructure with redundancy and monitoring.
Cloud Hosting
Hosted on enterprise-grade cloud infrastructure with high availability, automatic backups, and disaster recovery.
Monitoring & Alerts
Continuous infrastructure monitoring for anomalies, threats, and performance issues.
Automated Backups
Continuous automated backups with point-in-time recovery ensure data durability and business continuity.
Access Control & Authentication
Strict controls ensure only authorized users can access data.
Role-Based Access
Principle of least privilege ensures users only access data necessary for their role.
Multi-Factor Authentication
MFA for all accounts, requiring a second verification method beyond passwords.
Single Sign-On (SSO)
Secure SSO via Google and Microsoft, leveraging enterprise-grade authentication.
Data Isolation & Tenant Security
Your data is logically separated and never commingled with other customers.
Logical Isolation
Database-level segregation and application-level controls for customer data.
No Data Commingling
Strict separation between customer datasets. Your records are never visible to other organizations.
Isolation Testing
Regular audits and tests to ensure no cross-tenant data leakage.
Privacy & Data Governance
Built with privacy-first principles and responsible data handling.
Privacy by Design
Privacy considerations are embedded into our product architecture and development process from the ground up.
Data Minimization
We collect and retain only the data necessary to deliver our services, reducing exposure and risk.
User Rights Support
We support data access, correction, and deletion requests for all users regardless of jurisdiction.
Incident Response & Notification
Dedicated incident response plan with timely notification.
Dedicated Response Team
Security team ready to respond to any suspected or confirmed incidents immediately.
Timely Notification
In the event of a breach, we notify you within timeframes required by applicable law.
Incident Documentation
Detailed logs of all incidents, remediation steps, and preventive measures.
Third-Party Vendor Security
We carefully vet all third-party service providers.
Vendor Vetting
Thorough security assessments of all third-party vendors before they access customer data.
Data Processing Agreements
All vendors have signed DPAs guaranteeing data protection and compliance.
Continuous Oversight
Ongoing monitoring of vendor security posture and compliance certifications.
Responsible Vulnerability Disclosure
We welcome security researchers and encourage responsible disclosure.
Report Vulnerabilities
Report security vulnerabilities to security@oditfy.com.
Prompt Response
We acknowledge vulnerability reports within 24 hours and provide a remediation timeline.
Good Faith Cooperation
We work in good faith with security researchers and may offer recognition.
Have Security Questions?
We're happy to discuss our security practices, provide additional documentation, or answer any concerns.
Contact Our Security Team