Security & Privacy

Your team's data, treated like ours.

Encryption everywhere, EU and US data regions, single sign-on, and a security contact who actually replies. Plain-English answers below.

SOC 2 Type II

Audit window 2026

In progress

GDPR

EU data subjects

Compliant

ISO 27001

Controls mapped

Q4 2026

DPA on file

Signed in 1 click

Available

Data protection

Modern, boring cryptography in the right places. No clever schemes — just the things that auditors and your CISO expect.

Encryption at rest

AES-256 on every database volume, blob, and backup. Keys rotate every 90 days through AWS KMS / GCP KMS, depending on region.

Encryption in transit

TLS 1.3 only, with HSTS preloaded. We also pin certificates in our native mobile clients.

Backups, tested

Hourly incremental, daily full, encrypted and stored in a separate AWS account. Restore drill runs the first Monday of every month.

Audit log

Every access to admin surfaces, every role change, every data export — written to an append-only log with a 12-month retention. Owners can stream it to SIEM.

Identity & access

RBAC scoped per team, SSO ready out of the box, and SCIM for the day someone leaves.

Roles that match your org

Owner / Admin / Lead / Member with per-team scope. A team lead in Helsinki can't see what Berlin is up to unless you say so.

SAML SSO + SCIM

Wire up Okta, Google Workspace, Microsoft Entra ID, or any SAML-compliant IdP. SCIM 2.0 keeps roster changes in sync — auto-deactivate seats when someone leaves your IdP.

2FA, including hardware keys

TOTP, push, and WebAuthn (YubiKey, Touch ID, Windows Hello). Owners can require MFA for the whole workspace.

Sessions you can see

Every active session shows up in your account — device, location, last activity. One-click sign-out remotely.

Privacy

You own your team's data. We hold it under a clear DPA, in the region you pick, and we delete it when you say so.

One-click DPA

A standard EU-style Data Processing Agreement, signable from your billing settings. No legal back-and-forth.

You choose the region

EU (Frankfurt) or US (Virginia) when you create the workspace. Data never leaves your region for storage or backups.

Delete means delete

Account deletion purges your data within 30 days — including from backups on the next rotation. We send you a confirmation when the last byte is gone.

No selling, no ads, no training

Your data is never sold, never used to train models, never shared with third parties. The only sub-processors are infrastructure (AWS, Cloudflare, Stripe) and they're listed publicly.

Where your data lives.

Pick a region when you create the workspace. We won't move your data without telling you, and your billing region is independent of where your data sits.

🇩🇪EU — Frankfurteu-central-1

🇺🇸US — Virginiaus-east-1

🇸🇬APAC — Singaporeap-southeast-1

🇦🇺Australia — Sydneyap-southeast-2

Found a vulnerability?

We pay bounties, we reply within 24 hours, and we credit researchers in our hall of fame. No legal sabre-rattling — just a fast, respectful process.

Email security@altorbit.app — encrypt with our PGP key →

PGP fingerprint 4AF2 9C8B 7E1D 3F0A
6B5C 2D8E 9F4A 1C7B
E03D 5A91 B2F8 6C42
— full key: keys.openpgp.org

Frequently asked, by your CISO.

Where exactly is our data stored?

In one of two regions — EU (Frankfurt, AWS eu-central-1) or US (Virginia, AWS us-east-1). You pick when you create the workspace. Data, backups, and processing all stay inside that region. We do not replicate across regions.

Do you have SOC 2 / ISO 27001?

SOC 2 Type II is in progress with a Q3 2026 target. ISO 27001 controls are mapped and we expect certification in Q4 2026. We can share our internal security questionnaire and a SIG Lite under NDA today — just email security@altorbit.app.

Who can access our workspace internally?

A small on-call team. Production access is short-lived (max 8 hours), tied to a ticket, and logged. We never read your team's content unless you explicitly grant access for a support ticket — and even then it's read-only and time-boxed.

Can we use our own SSO?

Yes — SAML 2.0 with Okta, Google Workspace, Microsoft Entra ID, JumpCloud, and any SAML-compliant IdP. SCIM 2.0 for provisioning. SSO is included on Pro and above; not gated as a "talk to sales" extra.

What happens to our data if we cancel?

You can export everything (CSV + JSON) from settings until the end of your billing period. After that, your workspace enters a 30-day grace period — read-only, recoverable. Then it's purged from primary storage and from backups on the next 90-day rotation.

Do you train AI on our data?

No. AI features are opt-in per workspace and run through inference-only providers with zero-retention agreements. Your prompts and content are not used to train any model — ours or anyone else's.