OrdnamiOrdnami

Security

Last updated: February 24, 2026

At Ordnami, security is foundational to everything we build. We understand that you trust us with sensitive product data, codebase access, and team information. Here is how we protect it.

Encryption

  • In transit: All data is encrypted using TLS 1.2+ for every connection to and from our services.
  • At rest: Data stored in our databases and file storage is encrypted using AES-256 encryption.
  • Secrets management: API keys, tokens, and credentials are stored in dedicated secrets management infrastructure, never in application code or logs.

Authentication and Access Control

  • SSO support: Enterprise customers can use SAML-based single sign-on for centralized identity management.
  • Multi-factor authentication: MFA is available for all accounts and required for administrative access.
  • Role-based access: Granular permission controls ensure team members only access what they need.
  • Session management: Automatic session expiration and the ability to revoke active sessions.

Infrastructure

  • Cloud hosting: Our infrastructure runs on AWS with data centers in the US. Resources are isolated per tenant.
  • Network security: All services operate within private networks with strict firewall rules and no direct public access to databases.
  • Monitoring: 24/7 automated monitoring for anomalous activity, with alerts escalated to the engineering team.
  • Backups: Automated daily backups with point-in-time recovery, stored in geographically separate locations.

Compliance

We are committed to meeting industry-standard compliance requirements. Our practices are aligned with SOC 2 Type II controls, and we conduct regular third-party security assessments. We maintain a formal information security program that is reviewed and updated annually.

Incident Response

We maintain a formal incident response plan that includes detection, containment, eradication, and recovery procedures. In the event of a security incident that affects your data, we will notify affected customers within 72 hours with details about the nature of the incident, the data involved, and the steps we are taking to resolve it.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@ordnami.ai. We appreciate responsible disclosure and will work with you to address the issue promptly.