General FAQs

Where does Onna fit in the EDRM?

Onna is focused on collection, preservation, and processing. Within the EDRM, Onna fits on the left-hand side.

Once uploaded to Onna, where is the data stored and processed?

Our cloud platform is hosted by Google Cloud Platform (GCP), with data stored at Google's Council Bluffs Iowa data center. Platform resources are multi-regional across the United States.

What information besides data do you collect from my account?

We use the platform's API to collect native files and their metadata. The metadata we collect varies by source, but we only collect the files and metadata on your account.

For more information, see our Privacy Policy.

What security certifications does Onna have and what audits are performed?

Your data is stored on a highly trusted cloud platform with numerous attestations and certifications from third parties regarding physical security, data center operations, and personnel security.

A third party audits us as part of its annual SOC 2 Type II and ISO 27001 surveillance and observation audits. We also conduct yearly third-party infrastructure and web application penetration tests and participate in an ongoing bug bounty program.

Can I use Onna for legal cases in Europe or Asia?

Our data centers are located in the United States (US), and data hosted in the US is subject to US regulations.

If you are a US business that also does business in Europe, we understand you may have European employees accessing data stored in those data centers. You may also be importing data about European employees into the platform.

If that's the case, we can work with you to establish data protection agreements and Standard Contractual Clauses (SCCs).

We currently do not offer hosting in European data centers.

What happens to my data if I delete my Onna account?

Data is retained for your account's lifetime as long as your account is active with Onna. You can alternatively choose to delete data from the platform. If you delete your Onna account, all data inside your account is deleted from our servers. However, we do maintain our logs for defensibility.

How do you collect data behind a firewall?

We provide an app that can be installed on the client machine to perform collections from behind the firewall. We use a concept called "proxy" to talk with the backend servers behind the firewall using the app and perform the data collection process. This application is only available for Windows.

What browser do you suggest for using Onna?

We're working on accessibility across all browsers, but we highly suggest using Chrome for the best experience.

Does Onna support SSO?

Onna offers Single Sign On (SSO) integration through SAML 2.0 (Secure Assertion Markup Language) with a variety of compliant identity providers (such as Okta, Gsuite, Azure, OneLogin, PingOne) allowing you to leverage your existing user base and authentication mechanism to use the platform. There are only a few steps required to configure your IdP using the Onna Admin dashboard. Please contact support to get started with the setup process.

Is there a way to transfer the ownership of the admin/source owner? If not, do I need a new source set up with a different service account?

That’s correct; at this time, you cannot change the creator of the source. However, if admin access has changed, you can change the authorized connection for a data source.

How are MD5 hash values determined in Onna?

Onna calculates and assigns MD5 hash values at processing. MD5 hash values can be thought of as a unique fingerprint based on a document's content. Any change to the file, other than the filename/path, will change the byte-value of the file contents. This includes adding a title to the metadata, changing any text or font, and other changes to metadata.

Opening and closing a document, or even saving it with no changes does not change the document's fingerprint.

MD5’s for emails are calculated a bit differently in order to calculate a consistent hash value when an email may come from different systems, using email headers, body, and attachments.

What if I don't have access to my multi-factor verification app for login?

Whether you're mobile device has run out of battery, is lost, or you don't have access to your verification app for any reason, you should use the Backup Keys provided to you during setup.

If you did not save the Backup Keys provided to you during setup, you can sign into your verification app from a different device (i.e. another cell phone). If you do not have access to another device, you should contact your organization's Onna admin for help.