Keeping our customers' data protected at all times is our highest priority

This page provides a high-level overview of Oscilar's security practices to protect our customers' data.

GDPR-Compliant

SOC2 Type 2

The American Institute of Certified Public Accountants (AICPA) and Service Organization Controls (SOC) reports give assurance over control environments as they relate to the storage, retrieval, processing, and transfer of data. The SOC 2 reports is regularly refreshed and focuses on controls around security, availability, and confidentiality of customer data. Click here to request Oscilar's SOC 2 Type 2 report.

Request SOC2 Type 2 Certification

Request Certification

ISO 27001 Compliant

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits. Click here to request Oscilar’s ISO 27001 Certification.

Request ISO 27001 Certification

Request Certification

Secure

Secure by design

We design our systems from the ground-up to be secure. Our engineering team has expertise with building secure systems at scale in an adversarial environment. In our system design process we follow a zero-trust security model and we add multiple layers of security controls. In the process of implementing our systems we are using an attacker mindset and we are exploring all the ways our systems can be attacked.

Penetration tested

Oscilar employs a third party security firm to perform Security, Vulnerability, and Penetration testing for all our products. These are run at least annually and findings are remediated according to their criticality and prioritization. Oscilar’s penetration and security assessment test summaries can be requested here.

Security pracrices

Data encryption

We encrypt your data in storage using the industry-standard AES-256 encryption algorithm using a 256-bit key. All the data in transit is encrypted using SSL/TLS. You can see our SSLLabs report here.

Network security

We use industry-standard secure protocols to encrypt data in transit in both our external and internal traffic. Our network is continuously monitored for malicious or abnormal activity, and all the anomalies detected are thoroughly investigated.

API

We only allow sending data to Oscilar API using SSL/TLS. Access to the API is restricted using an industry-standard 256-bit authorization key.

Secure authentication

We offer secure authentication for your Oscilar users. We support federated identity by signing in with a Google account, as well as creating a dedicated Oscilar account. All your accounts are backed by a dedicated and secure identity system that is independent of the rest of the Oscilar infrastructure and has limited access.

Application security

We are continuously monitoring for vulnerabilities in the third-party software we use to protect against supply chain attacks. We have an automated process for detecting vulnerabilities in our third-party dependencies and a comprehensive process for investigating and remediating them.

Internal access

Access to our internal systems is protected by multi-factor (or multi-step) authentication. We grant a minimum level of access required for an employee to fulfill their role. All our employees are required to take periodical security training.

Speed up fraud operations by 10x. From weeks to minutes.

Request a demo

Developed by the team that built the industry leading
risk management platforms at Apple, Uber and LinkedIn.

Solutions

Industries

Blog

About

Security

Content Preference