Our mission is to give customers insight into their data. Our responsibility is to make sure that data is kept in a system using the highest security standards. Onna has numerous attestations from numerous third-party industry leaders.



Onna has passed several Web Application Security Assessments using the industry best practices, such as ISO 27001, NIST 800-115, OWASP, and PTES. To request a certification, please contact us. 

Network security

All of our servers run on private networks behind tightly controlled firewalls. We keep our development and production environments separate and limit production access to a few trusted individuals. 

Audit & Logging

Logging is used for all our infrastructure and application systems. We periodically review audit logs to ensure we’re always operating within the guidelines and above industry standards.

Data security

Your data is stored on a highly trusted cloud platform that has numerous attestations from third parties with regard to physical security, data center operations, and personnel security. We have two-factor authorization and SAML available for your organization.


What ways can Onna be deployed in an organization?

Onna can be deployed as a SaaS product, private cloud or on-premise. We also integrate with SAML & SSO services like Okta, GSuite or Active Directory.

Can you collect from sources behind a firewall?

Yes, we offer Onna Bridge, a Windows and MacOS based application, that connects to these services directly. Onna Bridge synchronizes directories to Onna’s processing servers. 

Who can see my files and how can I manage privacy?

Only people to whom you give permission. You can always review your privacy settings relating to each data source and file associated to your account.