OrdnamiORDNAMI

Security

Last updated: February 24, 2026

At Ordnami, security is foundational to everything we build. We understand that you trust us with sensitive product data, codebase access, and team information. Here is how we protect it.

Encryption

  • In transit: All data is encrypted using TLS 1.2+ for every connection to and from our services.
  • At rest: Data stored in our databases and file storage is encrypted using AES-256 encryption.
  • Secrets management: API keys, tokens, and credentials are stored in dedicated secrets management infrastructure, never in application code or logs.

Authentication and Access Control

  • SSO support: SSO/SAML is on the roadmap, exposed in Settings → Auth & SSO as “Coming Soon.” Email security@ordnami.ai if SSO is a procurement gate.
  • Multi-factor authentication: MFA is available for all accounts and required for administrative access.
  • Role-based access: Granular permission controls ensure team members only access what they need.
  • Session management: Automatic session expiration and the ability to revoke active sessions.

Infrastructure

  • Cloud hosting: Our infrastructure runs on AWS with data centers in the US. Resources are isolated per tenant.
  • Network security: All services operate within private networks with strict firewall rules and no direct public access to databases.
  • Monitoring: 24/7 automated monitoring for anomalous activity, with alerts escalated to the engineering team.
  • Backups: Automated daily backups with point-in-time recovery, stored in geographically separate locations.

Compliance

SOC 2 Type II — audit window opens Q4 2026. Type II report available in 2027. Our security controls and data handling practices are designed to meet SOC 2 Type II standards today. For buyers evaluating Ordnami for an enterprise procurement process before our Type II report is final, see /for/security for the security lead's walkthrough, or email security@ordnami.ai for our current security questionnaire response, a draft DPA, and a walkthrough of our controls with our engineering team. We maintain a formal information security program that is reviewed and updated annually.

Incident Response

We maintain a formal incident response plan that includes detection, containment, eradication, and recovery procedures. In the event of a security incident that affects your data, we will notify affected customers within 72 hours with details about the nature of the incident, the data involved, and the steps we are taking to resolve it.

Responsible Disclosure

If you discover a security vulnerability, please report it to hello@ordnami.ai. We appreciate responsible disclosure and will work with you to address the issue promptly.

See also: Privacy Policy | Terms of Service