SECURITY-FIRST ARCHITECTURE

Your data never touches plaintext.

Everything is encrypted, isolated, and auditable. Security isn't a feature we added — it's how OpenTracy was built from day one.

AES-256
encryption at rest
TLS 1.2+
encryption in transit
100%
tenant isolation
0
plaintext secrets
LUNAR / SECURITY STATUS
ENCRYPTION
[SYS] At rest: AES-256
[SYS] In transit: TLS 1.2+
[SYS] Keys: customer-managed
ACCESS
[AUTH] MFA: enforced
[AUTH] Tokens: verified
[AUTH] Secrets: zero plaintext
ISOLATION
[NET] Network: private
[NET] Tenants: fully isolated
[NET] Database: no public access
All systems operational

Security Architecture

Defense in depth at every layer. No shortcuts.

Encrypted by default

CORE

All data is encrypted at rest and in transit. No exceptions, no opt-in required. Your models and traces are protected from the moment they enter our platform.

Tenant Isolation

CORE

Every customer operates in a fully isolated environment. Your data is never shared, mixed, or accessible to other tenants — at any layer.

Bring Your Own Keys

ENTERPRISE

Use your own encryption keys for data at rest. Full control over your encryption lifecycle, rotation, and revocation.

Private Deployment

ENTERPRISE

Deploy OpenTracy entirely within your own network. Data never leaves your perimeter. Air-gapped mode available for regulated environments.

Security Posture

Comprehensive controls across every layer of the stack.

/// Data Protection

  • [+]All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • [+]Customer-managed encryption keys
  • [+]Automated backups with encryption and retention policies
  • [+]Multi-region redundancy with automatic failover
  • [+]Secure deletion with configurable retention

/// Access Control

  • [+]Multi-factor authentication enforced
  • [+]Dual authentication — token-based and key-based
  • [+]API keys hashed and never stored in plaintext
  • [+]Strong password policies enforced
  • [+]Rate limiting on all API endpoints
  • [+]Service-to-service authentication between internal components

/// Infrastructure

  • [+]Private network — no public database access
  • [+]Strict firewall rules at every layer
  • [+]Internal traffic never routed through the public internet
  • [+]Encrypted compute and storage volumes
  • [+]Explicit origin allow-lists — no wildcard CORS
  • [+]Infrastructure as Code — no manual changes, full auditability

/// Logging & Monitoring

  • [+]Structured logging on all services
  • [+]Access logs with IP, method, status, and latency
  • [+]Authentication events logged with context
  • [+]Failed login attempts tracked and flagged
  • [+]Key operations (create, revoke) logged with audit trail
  • [+]Configurable log retention policies

Compliance Roadmap

Building toward formal certifications.

PLANNED

SOC 2 Type II

Independent audit of security controls. Our practices are aligned — formal certification in progress.

IN PROGRESS

GDPR

Data deletion, retention, and encryption already in place. Formal compliance documentation underway.

PLANNED

HIPAA

Encryption, logging, and access controls ready. BAA documentation on the roadmap.

PLANNED

ISO 27001

Security management practices aligned. Formal certification will follow SOC 2.

/// Trust Center

Available to customers and qualified prospects.

[+]Security Architecture Overview
[+]Data Processing Agreement
[+]Vendor Security Questionnaire
[+]Infrastructure Diagram
[+]Encryption & Key Management Details
[+]Tenant Isolation Whitepaper

Need security details?

Our team responds within 24 hours with architecture diagrams, encryption details, and completed vendor questionnaires.

Request accessContact security team

Your data. Your keys. Your network.

Have security requirements? Our team works directly with yours to meet them.

Start Enterprise trialBook security review

Responsible Disclosure

Found a vulnerability? Email security@opentracy.com