Security Measures

Ensuring the security and privacy of our clients' data is a top priority at Onboarded. This section provides an in-depth look at our security measures designed to meet the stringent needs of enterprise clients, encompassing everything from encryption and authentication to network isolation and compliance audits.

Encryption (In-Transit and At Rest)
‍
- Data Encryption: Postgres & S3 data are encrypted at rest using AES-256. Render encrypts all sensitive data, both at rest and in transit. The underlying services automatically use industry-standard AES-256 encryption for storage. HTTPS: All endpoints support TLS 1.2 and above for encryption in transit with an A+ grade from SSL Labs.

Authentication and Authorization Methods
‍
- OAuth: We use Auth0 to implement OAuth, a commonly used open standard for access delegation.
- SAML and Other IDPs: Our architecture allows for the integration of SAML or other Identity Providers (IDP), providing clients the flexibility to use their existing identity solutions.
- RBAC (Role-Based Access Control): Our system employs RBAC, tying users to accounts and allowing access to the Onboarded dashboard.

Network Isolation, Firewalls, and IDS
‍
- We rely on Render for network isolation and firewall services. Only services within our architecture can communicate inside the Render environment.
- Port Security: All inbound traffic is routed via Cloudflare, preventing direct access to our servers from the public internet, further strengthening our security posture.

Regular Security Audits & Certifications
‍
- SOC2 Type 2 Certification
- Ongoing Audits: Our commitment to security doesn't end at certification. We conduct regular security audits to stay ahead of emerging threats.
- Third-Party Penetration Test: A 3rd party is engaged to conduct a network and application penetration test of the production environment at least annually. Critical and high-risk findings are tracked through resolution.