TRUST CENTER

Security and compliance at Onna

Customer trust and data security are central to everything we do at Onna.

Get a demo

In-platform security

Role-based access control

Onna has role-based user types to ensure different levels of access for administrators and standard users.

Permissions

Not only do each user type have specific rights within Onna, but special permissions can also be granted for access to additional features or the ability to perform tasks.

Encryption

Onna encrypts data while in transit and at rest. The Transport Layer Security (TLS) v1.2 protocol is used to secure all communication between the desktop and web client to the backend servers. At storage, Onna encrypts via AES256. Nothing is ever sent across the internet in clear text.

Learn more about our platform

Network and application security

Web application firewall All HTTPS traffic in and out of Onna is protected against DDoS attacks, zero-day exploits, and hacking attempts. This prevents unauthorized data from leaving the application.

Data hosting and storage Onna is deployed on the Google Cloud Platform for scalability, business continuity, and reliability. The platform leverages state-of-the-art Kubernetes clusters for managing containerized workloads.

Secure development Onna leverages technologies such as SCA, SAST, and build/runtime vulnerability scanning to ensure quality code and reduce vulnerabilities. We also run a ‘bug bounty' program to improve application security.

Encryption and key security Platform data is encrypted in transit using TLS1.2 or higher and is continuously monitored. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm. Keys are managed and stored using Google KMS and are regularly rotated.

Pentests and vulnerability scanning Onna uses third-party security tools to continuously scan for vulnerabilities. Additionally, we conduct regular internal scans on our infrastructure, containers, and systems. Discovered issues are tracked until remediated.

User and endpoint security Onna’s endpoints are protected with next-generation EDR and MDM technologies to protect against cyber threats and to ensure systems are controlled and secured. All employees complete Security and Awareness training at hire and annually.

COMPLIANCE

We are committed to maintaining the highest security and compliance standards

To access a copy of the SOC 2 report, please click here:

Access SOC 2 report

Policies

Acceptable Use Policy

To review Onna’s Acceptable Use Policy, which sets forth the acceptable use of the Onna Service, click here.

The use of cookies is common practice with all professional websites. To learn about how we use cookies, please review our cookie policy.

Data Processing Addendum

The Data Processing Addendum (the “DPA”) is incorporated into the Master Subscription Agreement (the “Agreement”). Click here to learn more.

Our Privacy Policy discloses the ways that Onna uses, discloses, and manages individual’s data when they interact with our website or use the Onna Service. To learn more, click here.

Privacy Shield Policy

Privacy Shield is a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and Switzerland to the United States. Onna’s Privacy Shield Policy describes how we comply with these frameworks, handle certain types of data and information, and the Privacy Shield Privacy Principles. Click here to read our Privacy Shield Policy.

Terms

Onna’s online Master Subscription Agreement describes the terms of service, rights, and other terms. Click here to review.