Features
Platforms
Use Cases
Plans
Compare
PartnersContact
Log inGet Started
Enterprise-Grade Security

Your data security is our
top priority

OnRaven is built with security at its core. We employ industry-leading practices to ensure your customer conversations and business data remain protected at all times.

Infrastructure Partner

Enterprise-Grade Cloud

Our infrastructure runs on Amazon Web Services, trusted by millions of customers worldwide.

Powered by Amazon Web Services
🇺🇸US
🇨🇦Canada

Security Features

Multi-layered protection

We implement defense-in-depth strategies to protect your data at every level.

End-to-End Encryption

All messages and data are encrypted using AES-256 encryption at rest and TLS 1.3 in transit. Your conversations remain private and secure at every step.

Secure Infrastructure

Our infrastructure is hosted on Amazon Web Services (AWS) in US and Canadian regions, benefiting from their world-class physical and network security.

Access Control

Role-based access control (RBAC) ensures team members only access what they need. Multi-factor authentication (MFA) adds an extra layer of protection.

24/7 Monitoring

Continuous security monitoring and intrusion detection systems protect against threats. Our security team responds to incidents around the clock.

Regular Audits

We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential risks proactively.

Data Backup & Recovery

Automated backups with point-in-time recovery ensure your data is never lost. Geo-redundant storage provides additional protection.

Data Protection

Your data is protected using industry-standard encryption and security protocols.

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Secure key management using AWS KMS
  • Regular encryption key rotation
  • Encrypted database backups
  • Secure API authentication with OAuth 2.0
  • IP allowlisting capabilities
  • Session management and automatic timeouts

Infrastructure Security

Our infrastructure is designed for maximum security and reliability on AWS.

  • AWS Virtual Private Cloud (VPC) isolation
  • Web Application Firewall (WAF) protection
  • DDoS mitigation via AWS Shield
  • Network segmentation and micro-segmentation
  • Automated security patching
  • Container security scanning
  • Infrastructure as Code (IaC) security
  • Immutable infrastructure deployments

Compliance

Industry standards & frameworks

We continuously monitor code, cloud, and delivery pipelines against major security and privacy frameworks (including through Aikido Security).

PCI DSS Level 1

Via Stripe

Cardholder data is processed by Stripe; we still monitor platform and infrastructure controls that support a secure payment posture.

GDPR

Ready

Encryption, access management, logging, and processing safeguards are monitored against GDPR-aligned themes. Readiness is technical and operational—not a regulatory sign-off.

CCPA

Ready

Data access, deletion, and security-of-processing themes are handled in product policy and monitored in infrastructure and application controls.

PIPEDA

Ready

As a Canadian company, we align fair-information and security-safeguard expectations with monitored technical controls.

SOC 2

Ready

Trust Services Criteria themes (security, availability, confidentiality) are tracked across cloud, change management, access, and vulnerability SLAs. A SOC 2 Type II report is a separate formal attestation.

HIPAA

Ready

Technical safeguards such as encryption, access control, audit logging, and backups are monitored against HIPAA-aligned checklists. Enterprise customers needing a BAA should contact us.

ISO 27001:2022

Ready

Annex A-style areas—access, cryptography, logging, backups, vulnerability management, and secure development—are covered in continuous monitoring. ISO 27001 certification requires an accredited audit.

OWASP Top 10

Ready

Application and cloud checks address broken access control, injection, cryptographic failures, SSRF, logging, and related risks from the OWASP Top 10.

NIST SP 800-53

Ready

Security and privacy control families relevant to our SaaS footprint are monitored where applicable—not a FedRAMP package or government ATO.

CIS Controls & AWS Benchmark

Ready

CIS Controls v8.1 themes and CIS AWS Foundations Benchmark expectations inform ongoing configuration and hygiene monitoring.

NIS2 (EU)

Ready

ICT risk management, incident handling, supply chain, and resilience practices are monitored against NIS2-aligned requirements.

DORA (EU)

Ready

Operational resilience themes—detection, response, backup, and governance—are monitored against DORA-aligned ICT risk expectations.

UK Cyber Essentials

Ready

Core controls for boundary protection, secure configuration, access, malware protection, and patching are monitored against Cyber Essentials-style criteria.

HITRUST CSF

Ready

Health-data-oriented control themes are monitored at high coverage in our security program. This does not constitute HITRUST certification.

Aikido Security Audit Report

Business Standards

Enterprise-ready security practices

Organizational Security

  • Background checks for all employees
  • Security awareness training programs
  • Strict access control policies
  • Confidentiality agreements
  • Incident response procedures

Development Practices

  • Secure Software Development Lifecycle (SSDLC)
  • Code review and security scanning
  • Dependency vulnerability monitoring
  • Regular penetration testing
  • Bug bounty program

Data Residency

Your data stays where you need it

OnRaven stores all customer data exclusively in secure AWS data centers located in the United States and Canada. Enterprise customers can choose their preferred data residency region to meet regulatory requirements.

🇺🇸

United States

AWS US-East & US-West

🇨🇦

Canada

AWS Canada (Central)

Technical Documentation

Security & Encryption Whitepaper

Detailed technical overview of our security architecture, encryption methods, and compliance measures.

Encryption Architecture

Comprehensive details on our AES-256-GCM encryption implementation, key management, and data protection strategies.

Audit & Compliance

Detailed audit logging mechanisms, GDPR compliance measures, and data retention policies.

Infrastructure Security

AWS infrastructure setup, network isolation, DDoS protection, and disaster recovery procedures.

Access Control

Role-based access control (RBAC), multi-factor authentication, and session management.

View Full Security Whitepaper

Have security questions?

Our security team is here to help. Contact us for security assessments, compliance documentation, or to report a vulnerability.

Contact Security TeamRequest Security Docs