Platform Security

Data encryption

At Onna, we encrypt data while in transit and at rest. The Transport Layer Security (TLS) v1.2 protocol is used to secure all communication between the desktop and web client to the backend servers. At storage we encrypt via AES256. Nothing is ever sent in clear text.

Code signing

Our desktop software is code-signed by a trusted authority to ensure integrity and authentication of our releases.

Logging

Every request made to our servers is logged to audit for origination IP, origination user, requested route, the data sent during the request, and the response sent by the server.

Data validation

Data integrity and validation checks are performed at both client and server side to ensure data accuracy and consistency.

Google Cloud storage

Your data is stored on the highly trusted Google Cloud platform. Google Cloud has numerous attestations from third parties with regard to physical security, data center operations and personnel security including–but not limited to–HIPAA, PCI, SOC, and ISO27001.

OAuth 2.0

We use the OAuth 2.0 protocol (token or cookie-based authentication) to connect to third party data providers, such as Gmail, Dropbox, Office 365, Slack, and others that support this technology.

We will never ask for your credentials to these services and will securely store the authentication token that is generated by the service when you authorize our access. We only request from you the “must have” permissions for these service providers, which, in most cases, are read-only.