Private by default
Every audit report is private to your account. Nothing you run is shown publicly. A report becomes viewable without login only when you generate an explicit, revocable share link.
We build a privacy-auditing product, so our own posture has to hold up. Here’s how we protect your account and your results.
Every audit report is private to your account. Nothing you run is shown publicly. A report becomes viewable without login only when you generate an explicit, revocable share link.
All traffic is served over HTTPS with HSTS. Sessions are HttpOnly + Secure cookies; MFA secrets and sensitive tokens are encrypted at rest.
Argon2id password hashing, email verification, optional TOTP multi-factor authentication, and single-use recovery codes.
Infrastructure runs in AWS (Mumbai / ap-south-1). We disclose hosting and cross-border processing in our privacy policy.
As a UAE/India product, we hold ourselves to the same UAE PDPL and India DPDP standards Optix audits for — data-subject rights, retention, and consent.
Security questions, a vulnerability report, or an Enterprise/DPA request? Email security@optifi360.org.