ordalis.io
Sign inStart free
ProductSolutionsDevelopersPricingTrust
Sign inStart free
Security

Security practices

The technical and administrative controls that back the Ordalis platform. Pair this with the trust page for the full compliance posture.

Encryption

  • In transit: TLS 1.2+ everywhere. HSTS preload list (long max-age, includeSubDomains). HTTP/3 enabled at the edge. upgrade-insecure-requests CSP directive.
  • At rest: AES-256-GCM on Cloudflare R2 for source documents and extracted artifacts; on Cloudflare D1 for metadata. Encryption keys are managed by Cloudflare and rotated automatically.
  • Secrets: API keys hashed with SHA-256 before storage; only the prefix is visible to users. Worker secrets via Cloudflare Worker Secrets (env-bound, not in source).

Authentication and access control

  • Sessions: JWT cookies. Access token 1 hour; refresh token 30 days stored encrypted in D1, single-use, rotates on each refresh.
  • MFA: TOTP available for every account. Required for platform-level admins. Backup codes issued on enrollment.
  • SSO: OIDC (Google, Microsoft Entra, Okta, Auth0) with JIT provisioning. Domain-restricted sign-in available on Firm+. SCIM is on the roadmap.
  • Passwords: PBKDF2-SHA256 with per-user salt. Strength meter on enrollment. No SMS recovery (resists SIM swap).

Workspace isolation

Every persistent resource — conversions, API keys, templates, billing events, audit records — is scoped to a workspace. API keys are pinned to the workspace they were created in; a leaked key cannot pivot to a different workspace. Cross-workspace queries require admin-level access in both.

AI inference safety

  • AI extraction runs 100% on Cloudflare Workers AI (Gemma 4, Nemotron 3, Kimi K2.5, Kimi K2.6 Thinking). Customer document content never leaves the Cloudflare network.
  • No model training on customer data. Workers AI does not train on customer prompts.
  • Regulated routing: Workspaces with a HIPAA BAA route through the zero-retention Cloudflare AI Gateway so prompt/response bodies aren't stored for debugging.

Audit trail

Every sensitive action — login, MFA, API key generation, conversion, deletion, role change, export — recorded with user ID, timestamp, IP, user-agent, and resource ID. Audit-log exports include a chain-hash so tampering between export and presentation is detectable.

Infrastructure

  • Compute: Cloudflare Workers (V8 isolates), Workers AI for inference.
  • Storage: Cloudflare R2 (object), Cloudflare D1 (relational), Cloudflare KV (rate-limit and cache).
  • Edge: Cloudflare WAF, DDoS protection, bot management, Page Shield (CSP enforcement).
  • Backups: D1 time-travel covers point-in-time restore for the last 30 days. R2 retention configurable per workspace.

Vulnerability and incident response

  • Responsible disclosure: email security@ordalis.io. We acknowledge within 72 hours and fix critical issues within 30 days.
  • SBOM and dependency hygiene: Dependabot security alerts addressed weekly. SBOM available on request.
  • Incident response: on-call rotation 24/7 for severity-1 incidents. Status updates posted at /status. Post-incident review delivered within 5 business days for any incident affecting customer data.

Physical and personnel

  • Physical: Cloudflare data centers (SOC 2 + ISO 27001). No Ordalis infrastructure in a self-managed data center.
  • Personnel: background checks on every employee. Least-privilege access; production access requires MFA + audit log.
  • Training: annual security and privacy training; quarterly phishing simulations.

Reporting

Security: security@ordalis.io. Abuse: abuse@ordalis.io. Compliance / procurement: legal@ordalis.io.