Trust and Security
We keep you in control
We have earned the trust of global enterprises through our commitment to providing a secure, highly-available platform and products that prioritize data privacy and protection. We comply with international, national, state, and local requirements for data privacy and security.
Robust data privacy controls
Ontic’s data privacy practices align with recognized frameworks, giving clients granular authority over data ingestion, storage, and access within our platform. We design our services with privacy by design and default, supporting least-privileged and role-based access models that extend robust control to our clients.
- Clients select which data sources to connect, maintaining full visibility into where, when, and why each source is used. This ensures data minimization and transparent data flows.
- Client administrators retain exclusive oversight of data and processes, including fine-grained permissions that dictate who can access specific information and what data is permitted to remain in the platform.
- Comprehensive audit trails document user and system actions within Ontic, granting detailed oversight that surpasses standard security operations.
- All client data is securely and permanently deleted 30 days after contract termination.
- Ontic operates as a “data processor” or “service provider,” adhering to all applicable data protection laws. You can review our commitments in our Data Processing Addendum.
- Neither Ontic nor its third-party data providers hold a direct relationship with data subjects. However, in line with legal requirements, we provide mechanisms for data subjects to exercise their privacy rights, as outlined in our Privacy Policy.
Security built to support global enterprises
Our platform and related products are designed from the ground up to provide robust data protection and application security. We work with the largest organizations in the world with demanding security requirements. We employ data security best practices, including:
- Each client has a dedicated database in the cloud accessible only to its designated users.
- All data accessed or stored in the Ontic Platform is encrypted both in transit and at rest.
- We successfully pass a SOC 2 audit every year and make that report available to clients.
- Cybervadis has assessed Ontic as “mature” and awarded Ontic a Gold Medal.
- Ontic is CSA Star Level One Certified.
- All Ontic employees undergo background checks and are required to complete annual Data Security and Data Privacy Awareness Training.
Interested in some more detail, like what encryption levels we use?
Ontic has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is listed on the FedRAMP Marketplace.
Regulatory compliance backed by industry certifications and accreditations
Ontic establishes a new benchmark by providing more than just adherence to critical regulations — delivering robust governance and in-depth audit capabilities. With Ontic at the core of security operations, organizations elevate beyond the manual processes and disparate tools (e.g. notebooks, emails, spreadsheets) that often impede visibility and accountability.
It's what we call Connected Intelligence.
Ontic supports organizations in adapting to the rapidly evolving data privacy and cybersecurity landscape by:
- Ensuring compliance with all relevant laws and regulations related to the collection, processing, and storage of personally identifiable information and other sensitive data.
- Proactively monitoring national and local legislation, restricting access to services or data when necessary to comply with state-specific laws and regulations.
