Security & Privacy

Enterprise-grade protection built into every layer

Trust is foundational. Orkyo is built from the ground up with security, privacy, and data isolation as core architectural principles.

Tenant Isolation

  • Row-Level Security (RLS) in PostgreSQL
  • All queries scoped to authenticated tenant
  • Cryptographically verified tenant IDs
  • Zero cross-tenant data access

Authentication

  • Keycloak identity provider (industry standard)
  • OpenID Connect (OIDC) flow
  • Multi-factor authentication (MFA)
  • SSO integration for enterprise

Encryption

AES-256 at rest TLS 1.3 in transit
  • HTTPS enforced on all endpoints
  • Secure cookie flags (HttpOnly, Secure, SameSite)

Infrastructure

EU / GDPR region
  • Automated vulnerability scanning
  • Firewall & DDoS mitigation
  • Encrypted regular backups

Role-Based Access

  • Viewer — read-only
  • Planner — create & manage allocations
  • Site Admin — manage site users
  • Tenant Admin — full configuration

Compliance

  • OWASP Top 10 guidelines
  • GDPR compliance
  • SOC 2 Type II (in progress)
  • Regular third-party security audits

We never

  • Sell your data to third parties
  • Use your data for AI training
  • Share data across tenants
  • Access your data without permission

You can always

  • Export all your data at any time
  • Delete your account and all data
  • Control user access within your org
  • Request a data processing agreement
Questions about security? We're happy to discuss our architecture, provide documentation, or complete security questionnaires. Contact us.