Data Storage

Your data is stored on a highly trusted cloud platform that has numerous attestations from third parties with regard to physical security, data center operations, and personnel security. We support two-factor authentication through SAML.

All of our servers run on private networks behind tightly controlled firewalls. We keep our development and production environments separate and limit production access to a few trusted individuals.

Learn more about Onna’s security practices

Data Encryption

We encrypt data while in transit and at rest. Data is stored on encrypted storage volumes. Transport Layer Security (TLS v1.2) protocol is used to secure all communication between the desktop and web client to the backend servers – nothing is ever sent in clear text.

Learn more about how Onna protects your data

Third Party Applications

We use OAuth 2.0 protocol (token-based authentication) to connect to third-party data providers, such as Gmail, Dropbox, Office 365, and Slack. We will never ask for your credentials to these services and will securely store the authentication token that is generated by the service when you authorize our access. We only request from you the “must-have” permissions for these service providers, which in most cases is read-only.

All public facing services shall provide communication strictly through the Transport Layer Security protocol TLS v1.2. No data shall ever be exchanged with Onna systems in plain text or known less secure SSL implementations.