Octopai takes continuous measures to ensure compliance with industry best practices so that customers are never exposed to malicious code

No direct connection between Octopai and user data source

Option for Azure or AWS worldwide customer dedicated Octopai VM

Highest level vault encryption

Single-directional push process

We do not have the ability to pull anything
from the user's systems


Security Compliance and Certifications

3 Levels of Cloud Security

Double Firewall - including IP filtering

Encryption in motion - HTTPS

Encryption in motion - HTTPS

Double Firewall - including IP filtering

Data Center & Network Security

Octopai hosts all its software on Microsoft Azure.
See Azure compliance and security documentation for more information.

All of Octopai’s servers are located on our own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between servers.

Metadata Security

All connections to Octopai are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain DigiCert SHA2 Extended Validation Server CA certification.

System passwords are encrypted using AWS KMS and Azure Key Vault with restricted access to specific production systems.

Octopai customers may configure a data retention duration and customer data is purged from Octopai systems following contract termination.

We use industry-standard SQL Server data storage systems hosted on AWS and Azure.

Application Security

Octopai login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in Octopai’s database.

In addition to Octopai’s extensive testing program, we conduct application penetration testing by a third party at least once per year.

Web application architecture and implementation follow OWASP guidelines.