Optery’s Statement on Data Security
Security and privacy are our priority. As a data privacy company, we understand the responsibility of handling your personal information. We do not sell your personal information.
Last Updated: June 2026 – This page explains how we secure registered user data at app.optery.com and business.optery.com. This page does not replace the official Terms of Service, Privacy Policy, Cookie Policy, or any other official company policy.
SOC 2 Type II Certified
Optery has completed its AICPA SOC 2 Type II audit, conducted by an independent third-party auditor. The full report is available to Optery for Business customers under NDA — request access at support@optery.com or through our Contact Us page.
Infrastructure
Optery runs on AWS, a world-class cloud platform certified under ISO 27001, SOC 1, and SOC 2. All production infrastructure is hosted in the United States within isolated, access-controlled environments.
Encryption
All customer data in transit is protected using TLS 1.2 or higher (TLS 1.3 preferred), and all data at rest is encrypted using AES-256. Encryption keys are managed separately from encrypted data using AWS Key Management Service (KMS).
Network Security
We deploy a web application firewall (WAF) and automated threat detection to monitor and protect our production environment. All internal access to production systems is controlled through a zero-trust access solution and direct access outside of this is not permitted.
Access Control
Access to production systems and customer data is granted on a least-privilege basis and requires multi-factor authentication. Access is reviewed regularly and revoked as soon after offboarding as practicable.
Vulnerability Management
We perform continuous automated scanning of source code and open source dependencies for security vulnerabilities. We conduct annual penetration testing with an independent third-party security firm.
Secure Development
All code changes require peer review and approval before deployment to production, enforcing separation of duties throughout the development process. Development and testing environments are logically separated from production.
Incident Response
We maintain a formal Incident Response Plan with defined severity levels, response timelines, and escalation paths. Post-incident reviews are conducted following significant events to identify lessons learned and improve controls.
Backups and Availability
Customer data is backed up daily with point-in-time recovery enabled, and restoration is periodically tested to verify recoverability. Our production environment is monitored 24×7 with a public status page at status.optery.com.
Data Retention
Customers are the System of Record for their data and can delete profile and account data within their account settings. Deletion after contract termination is subject to the applicable customer agreement.
Vendor Management
All third-party vendors and tools undergo a security and legal review before being granted access to customer data. Vendors processing customer data are reviewed annually.
Employee Security
All employees complete security awareness training, are subject to confidentiality agreements, and undergo background checks.
Data Protocols & Protection Schemes
Below are the specific architecture matrices outlining our exact cryptographic protection standards, categorized by data class.
Data Encryption Standards (In-Transit)
| Data Category | Encryption Protocol | Access Restrictions |
|---|---|---|
| User account data Names, email addresses, login credentials | TLS 1.2 / 1.3 HTTPS | Encrypted Session Only |
| System Logs API queries, system transactions | TLS 1.2 / 1.3 Internal Tunnels | Isolated Logging Architecture |
Data Encryption Standards (In-Transit)
| Data Category | Encryption Protocol | Access Restrictions |
|---|---|---|
| User account data Names, email addresses, login credentials | TLS 1.2 / 1.3 HTTPS | Encrypted Session Only |
| System Logs API queries, system transactions | TLS 1.2 / 1.3 Internal Tunnels | Isolated Logging Architecture |
Found a potential security vulnerability? Please contact us or visit our Vulnerability Disclosure Policy.