Enterprise-Grade Security

Security is foundational to everything we do. We implement comprehensive controls across our organization, infrastructure, and products to protect your data and earn your trust.

Built for Enterprise Trust

We understand that security teams need vendors they can trust. Our security program is designed to meet the requirements of the most demanding enterprises.

Organizational Security

Security-first culture with dedicated security team, employee training, and background checks.

Infrastructure Security

Defense-in-depth architecture with encryption, access controls, and continuous monitoring.

Compliance

Working toward SOC 2 Type II. GDPR and CCPA compliant. Regular third-party audits.

Compliance & Certifications

We maintain rigorous compliance programs to meet enterprise requirements.

SOC 2 Type II

Comprehensive audit of security, availability, and confidentiality controls. Covers access management, change management, risk assessment, and incident response.

In Progress

GDPR

Full compliance with EU data protection requirements. Data Processing Agreements available. Standard Contractual Clauses for international transfers.

Compliant

CCPA

Compliant with California Consumer Privacy Act requirements for data access, deletion, and disclosure.

Compliant

NIST 800-53

Security controls aligned with NIST framework covering access control, audit logging, incident response, and system protection.

Aligned

Organizational Security

Security starts with our people and processes.

People

  • Background checks for all employees
  • Security awareness training on hire and annually
  • Confidentiality agreements for all staff
  • Role-based access with least privilege

Policies & Procedures

  • Documented security policies reviewed annually
  • Incident response plan with defined procedures
  • Business continuity and disaster recovery plans
  • Vendor security assessment program

Infrastructure Security

Defense-in-depth architecture protects your data at every layer.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Strong key management with regular rotation.

Access Control

Multi-factor authentication required. SSO integration available. Just-in-time access for production systems.

Network Security

DDoS protection via Cloudflare. Web Application Firewall. Network segmentation and private networking.

Monitoring & Logging

24/7 security monitoring. Centralized logging with tamper-proof audit trails. Automated alerting for anomalies.

Data Protection

Automated encrypted backups. Point-in-time recovery. Geographically distributed for resilience.

Vulnerability Management

Regular vulnerability scans and penetration testing. Dependency updates and patch management. Bug bounty program.

Application Security

Security built into our development lifecycle.

Secure Development

  • Secure coding guidelines and training
  • Code review required for all changes
  • Static analysis and dependency scanning
  • Automated security testing in CI/CD

Supply Chain Security

  • Container images signed with Sigstore Cosign
  • SLSA Level 3 build provenance attestations
  • Software Bill of Materials (SBOM) for all releases
  • Vulnerability scanning blocks critical CVEs

Obsyk Operator Security

Our Kubernetes operator is designed with security as the top priority.

Metadata Only

The operator collects only resource metadata—names, namespaces, labels, and specifications.

We never collect:

  • • Secret values (encoded or decoded)
  • • ConfigMap data values
  • • Environment variable values
  • • Application logs or data

Security Controls

  • Read-only RBAC (list/watch only)
  • Non-root execution (UID 65532)
  • Read-only filesystem, no capabilities
  • Distroless base image (no shell)
  • CIS Kubernetes Benchmark compliant
  • Optional NetworkPolicy enforcement
Read detailed operator security documentation

Data Handling

Clear policies for how we handle your data.

Data Residency

Data stored in EU or US regions based on your preference. Enterprise plans support custom regions.

Data Retention

Configurable retention periods. Data deleted upon account termination per your DPA terms.

Data Portability

Export your data at any time. No vendor lock-in. Standard formats for easy migration.

Security Resources

Documents and resources for your security review.

Privacy Policy

How we collect, use, and protect your data

Subprocessors

Third-party services that process data on our behalf

Terms of Service

Service terms and conditions

Security Questionnaire & DPA

Contact us for security questionnaires, penetration test reports, or DPA

Request

Report a Security Issue

We appreciate responsible disclosure. If you discover a security vulnerability, please report it privately. We commit to acknowledging reports within 24 hours.

[email protected]