Request Demo
Platform Solutions Resources About Contact Login Request Demo

Security

How we protect the Orphean platform and the data you trust us with.

Last updated: May 2026

Our Commitment

Security is the foundation of everything Orphean builds. As a converged security intelligence platform, we hold our own practices to the standard we help our customers achieve. This page summarizes the measures we use to protect the platform and customer data. Specific contractual commitments are set out in customer agreements.

Data Encryption

Data is encrypted in transit using TLS, and data at rest is encrypted using industry-standard algorithms. Secrets and credentials are stored using dedicated secret-management mechanisms and are never hard-coded into application code.

Access Controls

We enforce role-based access control and the principle of least privilege across our systems. Administrative access is restricted, authenticated, and logged. The platform supports single sign-on (SSO) via enterprise identity providers and tenant-level access controls.

Infrastructure Security

The platform runs on hardened infrastructure with network segmentation, firewalling, and continuous patching. Production environments are isolated from development and testing, and customer data is logically separated by tenant.

Monitoring and Logging

We maintain monitoring and immutable audit logging across the platform to detect anomalous activity and support investigation. The same behavioral analytics and convergence detection we provide to customers inform the security of our own operations.

Compliance Alignment

Orphean is designed to support customers' regulatory and compliance obligations, including frameworks such as DORA, NIS2, GDPR, and the FCA Handbook. Our internal controls are designed to align with widely recognized security frameworks, and we continually evolve our program as the threat landscape changes.

Resilience and Continuity

We employ regular backups, recovery procedures, and operational redundancy to protect against data loss and to support service continuity. Recovery objectives applicable to your deployment are described in the relevant service documentation or agreement.

Incident Response

We maintain an incident response process to identify, contain, investigate, and remediate security events. Where a security incident affects customer data, we will notify affected customers in accordance with our contractual and legal obligations.

Responsible Disclosure

We welcome reports from the security research community. If you believe you have found a security vulnerability in our website or platform, please report it to security@orphean.io. We ask that you give us a reasonable opportunity to investigate and remediate before public disclosure, and that testing does not access, modify, or delete data belonging to others.

Contact

For security questions or to request additional documentation, please contact us or email security@orphean.io.