đź”’

Security and Compliance

Keeping our customers' data protected at all times is our highest priority. We will keep your data secure and meet your compliance requirements.

You can use Orbital without providing any personally identifiable information (PII). If you choose to provide PII, it will be securely stored.

We are fully GDPR and CCPA compliant and abide by all requests for user data access, erasure, and opt-out.

Authentication is handled by Okta Auth0 with options for sign-in via Google workspace account or passwordless. Data access is managed through our robust RBAC implementation that provides multiple user roles.

Network Security

Orbital services are deployed to our own virtual private cloud (VPC) using granular security groups on Amazon Web Services (AWS) facilities in the USA. Please review Amazon’s compliance and security documents for additional details, including SOC 1-3 and ISO 27001.

Application Security

We conduct penetration testing on a regular, ongoing basis and are CASA Tier 2 (an OWASP standard) verified. Please contact security@useorbital.com if you’d like to review our most recent results.

Application authentication related activities are audit logged.

Application build and deployment processes are performed in a secure and repeatable way via CI/CD automation. We can rollback or restore from backups as necessary.

Security Policy

All code that is deployed undergoes code reviews and our team periodically reviews all production code for security vulnerabilities. We maintain separate environments for development, staging, and production. There are formal processes in place that the team follows for any incident.

Data Security

SSL is enforced everywhere in order to access any Orbital services. All environment data used in production environments is encrypted and stored in the AWS-managed KMS service.

Access to AWS services is managed using best security practices that split different services and environments into separate AWS accounts. Access to those accounts is through AWS IAM Identity Center and Google Workspace SSO that will enforce specific assumed roles.

All data is securely stored in AWS Aurora or other AWS services.

View Data Processing Addendum | View Privacy Policy