Security & Privacy

Your data is protected by enterprise-grade security architecture

Trust is foundational. Orkyo is built from the ground up with security, privacy, and data isolation as core architectural principles.

Data Isolation Model

Complete Tenant Isolation

Every organization (tenant) has its data completely isolated at the database level. We use Row-Level Security (RLS) policies in PostgreSQL to ensure that data queries are automatically filtered by tenant ID.

Key isolation guarantees:

  • Each tenant's data is stored in the same database but logically separated
  • All database queries are automatically scoped to the authenticated tenant
  • No tenant can ever access another tenant's data
  • Tenant IDs are cryptographically verified in every request

Authentication Architecture

Orkyo uses Keycloak, an industry-standard identity and access management solution, to handle authentication and authorization.

  • OpenID Connect (OIDC) authentication flow
  • Multi-factor authentication (MFA) support
  • Role-based access control (RBAC)
  • SSO integration for enterprise customers
  • Session management and automatic token refresh

Data Protection

Encryption

At Rest In Transit

All data is encrypted both at rest and in transit:

  • Encryption at rest: Database and file storage use AES-256 encryption
  • Encryption in transit: All connections use TLS 1.3
  • HTTPS enforced on all endpoints
  • Secure cookie flags (HttpOnly, Secure, SameSite)

Hosting & Infrastructure

Hosting Region: EU / GDPR-compliant data centers

Infrastructure security practices:

  • Regular security patches and updates
  • Automated vulnerability scanning
  • Firewall protection and DDoS mitigation
  • Monitoring and intrusion detection
  • Regular backups with encrypted storage

Access Control

Role-Based Permissions

Orkyo implements granular access control within each tenant:

  • Viewer: Read-only access to space data
  • Planner: Create and manage space allocations
  • Site Admin: Manage site settings and users
  • Tenant Admin: Full access to tenant configuration

Audit Logging

All critical actions are logged for security and compliance:

  • User authentication and authorization events
  • Data modification tracking
  • Administrative actions
  • Failed access attempts

Compliance & Standards

Security Standards

Orkyo follows industry best practices and standards:

  • OWASP Top 10 security guidelines
  • GDPR compliance for EU data protection
  • SOC 2 Type II compliance (in progress)
  • Regular third-party security audits

Privacy Commitment

Your Data, Your Control

We never:

  • Sell your data to third parties
  • Use your production data for training or analytics
  • Share data across tenants
  • Access your data without explicit permission

You can:

  • Export all your data at any time
  • Delete your account and data permanently
  • Control user access within your organization
  • Request data processing agreements

Questions about security? Our team is happy to discuss our security architecture, provide additional documentation, or complete security questionnaires. Contact us.