Security and Privacy
Your data security and privacy is a top priority for OctoAI. We continually invest in security capabilities and practices in our platform and processes. We are SOC 2 Type II certified.
If you have questions about using OctoAI and meeting your specific compliance needs, let's setup a time to talk.
![OctoAI is SOC 2 Type II certified as of fall 2023 OctoAI is SOC 2 Type II certified as of fall 2023](https://www.datocms-assets.com/45680/1698699309-aicpa-soc-2-type-2-compliance-badge-octoai-security.png?auto=format&w=382)
Product Security
The below is a list of some of security measures we take to ensure our platform and data are secure. Your data is never used for training purposes.
![blue Authentication icon blue Authentication icon](https://www.datocms-assets.com/45680/1698699593-blue-security-authetification-icon.png?auto=format&w=32)
Authentication
OctoAI uses third party authentication from Frontegg. We do not store any passwords.
![red physical security icon red physical security icon](https://www.datocms-assets.com/45680/1696875840-red-sheild-protection-icon.png?auto=format&w=45)
Physical Security
OctoAI production data is processed and stored within tier one cloud providers and commercial data-centers.
![yellow system security icon yellow system security icon](https://www.datocms-assets.com/45680/1698699801-yellow-system-security-icon.png?auto=format&w=64)
System Security
All OctoAI servers and databases are protected by firewalls and secure system settings. All of our production servers run Linux.
![blue storage security icon blue storage security icon](https://www.datocms-assets.com/45680/1698699942-blue-security-storage-icon.png?auto=format&w=90)
Storage
We meet SOC2 requirements for data handling, and all persistent data is encrypted at rest and in transit.
Operational Security
![blue policies security icon blue policies security icon](https://www.datocms-assets.com/45680/1698700308-blue-security-policies-icon.png?auto=format&w=68)
Policies
OctoAI has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
![red employee training security icon red employee training security icon](https://www.datocms-assets.com/45680/1698700390-red-security-employee-training-icon.png?auto=format&w=90)
Employee Training
Each OctoAI employee is trained on security best practices and awareness during onboarding and continue with ongoing training programs. We perform disaster recovery and data restoration tests on an annual basis.
![yellow change control security icon yellow change control security icon](https://www.datocms-assets.com/45680/1698700478-yellow-change-control-security-icon.png?auto=format&w=90)
Change control
OctoAI uses robust change control policies to balance control and speed when making changes to the system.
![blue backup and recovery security icon blue backup and recovery security icon](https://www.datocms-assets.com/45680/1698700562-blue-backup-and-recovery-security-icon.png?auto=format&w=90)
Backups and Recovery
OctoAI takes regular backups of data and performs regular tests of restoring that data in the event of a serious incident.
![red pentest security icon red pentest security icon](https://www.datocms-assets.com/45680/1698700694-red-pentest-security-icon.png?auto=format&w=90)
Pentests
We engage third-party security experts to perform detailed penetration tests on the OctoAI platform.