Security overview
Your org data, protected.
Security is a baseline, not a feature. Here’s what that means for Orgstack.
Encryption
- ·TLS 1.2+ in transit for all traffic.
- ·AES-256 at rest for all customer data.
- ·Encrypted daily backups with monthly restore drills.
Authentication
- ·2FA available on all plans (TOTP + WebAuthn passkeys).
- ·SAML SSO on Enterprise plans (Okta, Entra ID, Google).
- ·SCIM provisioning on Enterprise (coming soon).
Infrastructure
- ·Hosted on AWS in us-east-1 (Ashburn, VA). EU region coming.
- ·Isolated tenant data with row-level security.
- ·Continuous dependency scanning and automated security updates.
Access & operations
- ·Audit log on Business and Enterprise plans.
- ·Least-privilege access for staff with hardware-key MFA required.
- ·All production access logged and reviewed quarterly.
Compliance
- ·SOC 2 Type II in progress.
- ·GDPR-ready data processing addendum available.
- ·Subprocessor list published and updated.
Have a security question?
Security disclosures, vendor reviews, and compliance questionnaires go to security@orgstack.app.