🎉 Orgnostic is now a Culture Amp company, sharing the same mission: to create a better world of work, together. Read more

Your people data is safe with us

Orgnostic is committed to guarding your privacy and security. All of your data is securely hosted in North America or Europe, always served over a secure connection, and always encrypted.

Compliance

SOC 2 compliant

Monitored by Vanta for up to date SOC 2 compliance, Orgnostic is trusted by data-driven HR teams across the globe. We have an ongoing commitment to ensure continual compliance.

  • SOC 2 Type 2 report available
  • Active monitoring with Vanta

Request our SOC 2 Type 2 Report

GDPR compliant

We are committed to ensuring General Data Protection Regulation (GDPR) compliance for all companies that require it. Orgnostic is classified as a Data Processor.

  • GDPR compliance
  • Active monitoring with Vanta

CCPA & CDPA compliant

If you are a resident of California or Virginia, we can help you exercise your rights under CCPA/CDPA.

  • CCPA compliance for California residents
  • CDPA compliance for Virginia residents

Read more in our Privacy policy

Data protection

Cloud security

Our primary cloud infrastructure provider is AWS. They provide security and compliance controls both for cloud infrastructure and physical data centers.

Network security

Our services and infrastructure use enterprise-grade 256-bit AES encryption. The data is encrypted both in-transit and at-rest.

Data storage

We use AWS and MongoDB Cloud to securely store your data. We chose these vendors for their ISO 27001, GDPR and SOC 1/2/3 compliance.

Data security

All data is hosted within our Virtual Private Cloud. Servers are protected by security groups that do not allow connections from untrusted sources.

Data encryption

We encrypt your data by default — both at rest and in transit, using the AES256 industry-standard encryption.

Vulnerability management

We are frequently scanning our infrastructure and applications, including container scanning, to make sure we identify and remedy any vulnerabilities.

Access

EU and US platforms available

To accommodate users with strict compliance requirements, we maintain two separate instances of Orgnostic. One in the USA (us-east-1), the other in the EU (eu-central-1). You can choose which one to run when you register your account. The entire platform will be served from within your specified region.

  • EU-based platform
  • US-based platform

Authentication and authorization

For user management and authentication to our platform, we use Auth0, a vetted authentication and user management SaaS platform. Auth0 maintains SOC 2 Type II, ISO27001, ISO27018 and GDPR compliance, and is trusted by many enterprises worldwide.

  • Trusted authentication provider – Auth0

Questions or concerns?

Schedule a personalized demo

Book a demo
Press
D
to schedule a Demo