Security
OrgOrg was founded on the belief that the productivity suite shouldn't be confined to just slides, docs, and sheets. In fact, there are a whole host of tools for organizational productivity that make work easier and more productive. From the basics of quickly knowing when you are in a work context, short links to the most critical business documents, to better understanding your co-workers, OrgOrg is designed from the ground up to make your organization more operationally efficient. OrgOrg is empowering non-technical workers to create a modern work environment that feels as unique as each organization.
The flexibility of OrgOrg enables a range of sensitive and mission-critical use cases. As such, we consider privacy and security to be core functions of our platform, as well as foundational requirements for all new feature development. Earning and keeping the trust of our users is our top priority, so we hold ourselves to the highest privacy and security standards.
Privacy compliance and data processing addendum
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
You can learn more about OrgOrg's privacy practices in our Privacy Policy, and learn more about OrgOrg's commitment to compliance with the General Data Protection Regulation (“GDPR”) here.
To access and sign our DPA, please contact privacy@orgorg.us. Once executed, the DPA will be incorporated into these Terms by reference. In addition, you can find a current list of OrgOrg's data subprocessors at orgorg.us/trust/subprocessors.
At any time, you may export data from OrgOrg by emailing the request to security@orgorg.us with the subject “Data Export Request”.
Network and system security
When you visit the OrgOrg website or use one of the OrgOrg apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, OrgOrg encrypts data using AES-256.
OrgOrg servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. OrgOrg's data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. Regularly security updates and patches are installed to keep servers up to date.
Service reliability and durability
OrgOrg utilizes industry-leading Vercel and Google Cloud hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Hosting providers maintain business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. OrgOrg implements extensive service monitoring, and our operations team is on call 24x7x365.
Data Storage Policy
At OrgOrg, we prioritize the security and privacy of your data. Our data storage policy is designed to protect your information while ensuring efficient access and use of our services. Your data is stored in the United States on Amazon Web Services (AWS) infrastructure with Google Cloud and Neon.tech our data storage providers. We leverage their industry-standard encryption for data at rest (AES-256) and in transit (TLS). Each customer's data is logically isolated and keyed by ID, to ensure data privacy and security. Our infrastructure providers have completed SOC 2 Type 1 and Type 2 audits.
Product security
Within the OrgOrg product, role based access can be managed at the organization level. These permissions allow the owner's to control who they share your organization workspace with and what permissions they have to modify the workspace.
Within the OrgOrg product, collaborator permissions can be managed at the organization level. These permissions allow you to control who you share your organization workspace with and what permissions they have to modify the workspace.
OrgOrg also stores record-level revision history for each meaningful change to the organization's workspace.
OrgOrg recommends enabling two-factor authentication (2FA) for your Google account. For more details and instructions to configure 2FA, please see Google's documentation for consumer and Google Workspace accounts.
Organizational and information security
OrgOrg vets employees and performs background checks in accordance with our security policies and best practices. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Application security
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by OrgOrg.
How to report an issue
If you believe you've discovered a security-related issue, please contact us at security@orgorg.us.