Your trust and data security are central to everything we do at Onna.

Get insight into your data in a secure and private environment.

Book a Demo

Trusted by innovative organizations including

Oracle Lgo
Newscorp Logo
Dropbox Logo
Lyft Logo
EA Logo
Carvana Logo
Chan Zukerberg Initiative Logo
HackerOne Logo
CoreSite Logo
Instacart Logo
HRT Logo
Mailchimp Logo
Wish Logo
MTC Logo
OLO Logo
Tait Logo
Tibco Logo

Enterprise-grade data protection

We adhere to industry accepted best practices and standards in secure software development, defined by NIST 800-53, SANS and OWASP. We use HackerOne to manage our private bug bounty program. We protect all of our data including customer, financial, medical information, intellectual property, as well as company patents, business records and planning materials.

If you have any questions, please contact us on or check our privacy policy.

Internal controls and permissions

User roles

Assign user roles for every user on Onna to control what data they can view and what actions they can perform.


Set permissions for specific files or workspaces to have a more precise control.

World class security architecture

  • Encryption

    We encrypt data while in transit and at rest. Data is stored on encrypted storage volumes. Data at rest is secured using AES-256. Transport Layer Security (TLS v1.2) protocol is used to secure all communication between the desktop and web client to the backend servers – nothing is ever sent in clear text.

  • Data storage

    Your data is stored on the highly trusted Google Cloud Platform. Google Cloud has numerous attestations from third parties with regard to physical security, data center operations and personnel security, including, but not limited to, PCI, SOC, FINRA and ISO27001.

  • Third parties

    We use OAuth 2.0 protocol (token-based authentication) to connect to third-party data providers, such as Gmail, Dropbox, Office 365, and Slack. We will never ask for your credentials to these services and will securely store the authentication token that is generated by the service when you authorize our access.

“As mutual clients, Onna uses HackerOne for their bug bounty program, showing they go the extra mile to ensure every aspect of their security is world-class. They truly believe in the power of security.”

Aaron Zander | Head of IT at HackerOne


  • ISO 27001 Audited
  • AICPA SOC, SOC For Service Organizations
  • SOC Audited Type 2

Our Knowledge Integration Platform

Integrate any number of our connectors to automatically process, classify, and secure your information in one place, enabling you to utilize your information in new and intuitive ways.