Start GuideBetaConcepts
Privacy PolicySecurityTerms of UseCSR PolicyContact

Roadmap-first AI development. Plan what matters, hand work to agents, and keep every update tied back to execution.

Main

  • Home
  • About
  • Pricing
  • Changelog
  • Docs

Features

  • Roadmaps
  • Planning
  • Standups
  • Status updates
  • Insights
  • AI assistant / MCP
  • CLI
  • Integrations

Solutions

  • Startups
  • Dev shops / agencies
  • Software teams
  • Internal IT & platform teams

Company

  • Blog
  • Security
  • Log in
  • Sign up
  • Terms of Use
  • Privacy Policy

© 2026 One Horizon. All rights reserved

FacebookInstagramThreadsXRedditTikTokYouTubeMedium

Security

We take security seriously. Your data deserves protection, and we've built our platform with security as a fundamental principle.

SOC 2

Security controls are aligned with SOC 2 criteria and formal certification is in progress. Pilot-first rollouts are available for teams that need a narrow, auditable scope before broader adoption.

If your security team needs early context, we can share a practical security overview and data handling details before implementation. Contact us to request materials.

Data Residency

All data is stored exclusively in EU regions and never leaves European jurisdiction.

All our infrastructure and data processing occurs within the Netherlands and Germany through our subprocessors. This ensures compliance with European data protection regulations.

Encryption

At Rest: All data is encrypted using AES-256 encryption. We use Supabase Vault for sensitive information like access tokens.

In Transit: All data transmission uses TLS 1.3 encryption. Every connection between your browser, our servers, and third-party integrations is encrypted.

Token Security

We never store passwords. Our platform uses OAuth 2.0 exclusively, meaning we only receive encrypted tokens from providers like Google, GitHub, and Slack.

Access tokens are encrypted using authenticated encryption. This provides both encryption and cryptographic signing to prevent tampering.

Encryption keys are stored separately from the encrypted data and are never stored in the database itself.

Access Controls

We inherit your existing permissions from connected services. When you connect integrations, we respect all user-level access controls from your source systems.

If you don't have access to a repository in GitHub or a channel in Slack, we don't have access either.

Compliance

GDPR Compliant: We maintain full data processing agreements and honor all data subject rights, including the right to deletion and data portability.

Incident Response: We have established procedures for security incident detection, response, and notification in accordance with applicable regulations.

Infrastructure Security

Our infrastructure provides enterprise-grade security including network isolation and automated security patching. We use Cloudflare to prevent DDoS attacks and filter malicious traffic before it reaches our servers.

Database access is restricted through encrypted connections and role-based permissions.

Transparency

If you have specific security questions or need additional documentation for your organization's security review, contact our legal team.

Related Articles

Privacy Policy

This Privacy Policy outlines how we collect, use, and protect your personal information when you visit our website.

Data Access

How data is scoped in One Horizon — what each role can see, and how team and personal data stays isolated.

Contact

For legal inquiries, data protection requests, or compliance matters, contact us directly.

CSR Policy

Our commitment to building better work, not more work, through ethical technology and responsible business practices.

  • SOC 2
  • Data Residency
  • Encryption
  • Token Security
  • Access Controls
  • Compliance
  • Infrastructure Security
  • Transparency
  • Back to top