Trust & Security

Security & Trust

When you self-host, security is your responsibility. We make it a manageable one. Here’s our posture, our certifications, and what to do if you find something we missed.

Our Security Posture

SOC 2 Type II

Audited annually by an independent third party. Reports available under NDA to enterprise customers.

ISO 27001

Certified information security management system. Surveillance audits twice yearly.

Penetration Testing

Annual pen tests by CREST-certified firms. Critical findings remediated within 7 days.

Bug Bounty

$500–$10,000 rewards for responsible disclosure. Scoped to *.own360.ai properties.

Technical Controls

  • Encryption at rest — AES-256 for all stored data
  • Encryption in transit — TLS 1.3 enforced; HSTS headers on all domains
  • Authentication — MFA required for all admin access; SAML/OIDC SSO for enterprise
  • Network — VPC isolation, WAF, DDoS protection, private subnets for databases
  • Logging — Immutable audit logs retained 1 year; SIEM monitoring 24/7
  • Backups — Encrypted backups every 6 hours; tested restoration quarterly

Responsible Disclosure

Report a Vulnerability

Email security@own360.ai with a description of the vulnerability, steps to reproduce, and your estimated severity. We will acknowledge within 24 hours and provide a remediation timeline within 5 business days. Please do not publicly disclose before we’ve had a chance to remediate.

Incident Response

Our incident response plan is tested annually through tabletop exercises. In the event of a security incident affecting customer data, we will notify affected customers within 72 hours of confirmed impact, consistent with GDPR Article 33.

Security Questions?

For security inquiries or to request our SOC 2 report: security@own360.ai

Get in Touch → Back to Home