Skip to content

Security at Ostorlab

Security Program Highlights

Ongoing SOC2 Type II Certification

Ostorlab is in the process to obtain its SOC2, Type 2 final report. This means we ensure enterprise-level protection, and secure service that aligns with AICPA SOC2 standards.

Data encryption

Your data is always encrypted at rest and in transit to and from our platform. We use Google Cloud Key Management service to manage encryption keys using hardware security modules for maximum security in line with industry best practices.


Ostorlab is hosted using Google Cloud Platform services to offer the best guarantee possible in terms of physical and infrastructure security.

Platform's availability

Ostorlab's availability SLA is 99.5% and our Recovery Point Objective is 6 hours.

We ensure business continuity and disaster recovery through the concept of “availability zones” and geographical distribution offered by cloud infrastructure.

Security controls

Our Security assurance program combines 100+ security controls across the organization, including continuous automated scanning as well as a Bug Bounty program and a Responsible Vulnerability Disclosure Policy.