Security model
Orbex Data is a multi-tenant SaaS platform hosting sensitive commercial and logistics data for global freight operations. Security is built into infrastructure, application, and operational layers with defense in depth.
Shared responsibility
Orbex Data secures the platform. Customers control user access, API key hygiene, and data classification within their workspace.
Encryption
- TLS 1.2+ for all data in transit including API and webhook traffic
- AES-256 encryption at rest for databases and object storage
- Encrypted backups with geographically redundant replication
- Optional customer-managed encryption keys (CMEK) on Enterprise plans
| Layer | Standard | Enterprise |
|---|---|---|
| Transit | TLS 1.2+ | TLS 1.3 preferred |
| Rest | AES-256 | AES-256 + CMEK option |
| Backups | Encrypted | Encrypted + dedicated region |
Infrastructure
Production services run on SOC 2 Type II certified cloud infrastructure with network segmentation, WAF protection, and DDoS mitigation. Production and staging environments are logically isolated.
Data residency options are available for EU and APAC customers on Enterprise plans. Contact your account team for region-specific deployment.
Platform access controls
Orbex Data employees access production systems on a least-privilege basis with MFA, session logging, and quarterly access reviews. Customer data access by support requires explicit customer authorization except for security incidents.
- SSO/SAML 2.0 for workspace authentication
- Mandatory MFA for admin roles
- API key scoping and rotation
- Session timeout and device management
Compliance and assessments
Orbex Data maintains SOC 2 Type II attestation and aligns controls with GDPR requirements for EU personal data. Annual penetration tests are performed by independent third parties.
Trust materials
Request our security whitepaper, SOC 2 report, and DPA at hello@orbexdata.com during procurement.
Incident response
Security incidents are triaged 24/7. Customers with material impact receive notification per contractual commitments and applicable law. Report suspected vulnerabilities to security@orbexdata.com.
