Security
Security is at the core of Orchesity. We implement industry-leading practices to protect your data and generated code.
Encryption
- TLS 1.3: All data in transit is encrypted with the latest TLS protocol
- AES-256: Data at rest is encrypted using AES-256 encryption
- Database Encryption: PostgreSQL with encryption at rest enabled
- Secrets Management: Environment variables stored in AWS Secrets Manager
- API Keys: Hashed using bcrypt with per-user salts
Authentication & Authorization
- JWT Tokens: Secure, short-lived tokens with HTTP-only cookies
- OAuth 2.0: GitHub and Google authentication supported
- Password Requirements: Minimum 8 characters with complexity rules
- RBAC: Role-based access control for team collaboration (Enterprise)
- MFA: Two-factor authentication available (Pro and Enterprise)
- Session Management: Automatic timeout after 7 days of inactivity
Code Security
Orchesity validates generated code for common vulnerabilities:
- SQL Injection: Detects and prevents raw SQL queries without parameterization
- XSS Protection: Validates input sanitization in generated code
- Secret Exposure: Scans for hardcoded API keys, passwords, and tokens
- Dependency Scanning: Checks for known vulnerabilities in package dependencies
- OWASP Compliance: Follows OWASP Top 10 guidelines for web applications
Important Notice
AI-generated code should always be reviewed and tested before production deployment. Orchesity provides automated security checks but cannot guarantee 100% security. You are responsible for validating code for your specific use case.
Infrastructure Security
- AWS Hosting: Deployed on AWS with VPC isolation and security groups
- DDoS Protection: Cloudflare protection against distributed attacks
- Rate Limiting: API rate limits to prevent abuse (tier-specific)
- Monitoring: 24/7 security monitoring with automated alerts
- Backups: Daily automated backups with 30-day retention
- Disaster Recovery: Multi-region failover for Enterprise tier
Compliance & Certifications
- GDPR: Full compliance with European data protection regulations
- CCPA: California Consumer Privacy Act compliance
- SOC 2 Type II: Available for Enterprise tier (annual audits)
- ISO 27001: Information security management certification (in progress)
- HIPAA: Healthcare compliance available (Enterprise custom contracts)
- PCI DSS: Payment data handled by Stripe (PCI Level 1 certified)
Third-Party Security
Orchesity relies on trusted third-party providers with strong security postures:
| Provider | Purpose | Certification |
|---|---|---|
| AWS | Hosting & Infrastructure | SOC 2, ISO 27001, PCI DSS |
| Stripe | Payment Processing | PCI Level 1 |
| OpenAI | AI Code Generation | SOC 2 Type II |
| Anthropic | AI Code Generation | SOC 2 Type II |
| Google Cloud | AI Code Generation (Gemini) | ISO 27001, SOC 2 |
Security Audits & Testing
- Penetration Testing: Quarterly third-party security assessments
- Vulnerability Scanning: Automated daily scans with Snyk and Dependabot
- Code Reviews: All code changes undergo security-focused peer review
- Bug Bounty: Responsible disclosure program (contact security@orchesity.com)
Incident Response
In the event of a security incident:
- Immediate containment and mitigation within 1 hour of detection
- Notification to affected users within 72 hours (GDPR requirement)
- Transparent communication via status page and email updates
- Post-incident report with root cause analysis and remediation steps
- Implementation of preventive measures to avoid recurrence
Report a Vulnerability
We take security seriously and appreciate responsible disclosure. If you discover a vulnerability:
- Email: security@orchesity.com
- PGP Key: Available at /security/pgp
- Response Time: Acknowledgment within 24 hours
- Reward: Eligible for bug bounty rewards (case-by-case basis)
Please do not disclose vulnerabilities publicly until we have had a chance to address them.