Security

One Horizon is designed around clear access boundaries, encrypted data handling, EU data residency, and security review material your team can evaluate before rollout.

SOC 2

Security controls are aligned with SOC 2 criteria and formal certification is in progress. Pilot-first rollouts are available for teams that need a narrow, auditable scope before broader adoption.

If your security team needs early context, we can share a practical security overview and data handling details before implementation. Contact us to request materials.

Data Residency

All data is stored exclusively in EU regions and never leaves European jurisdiction.

All our infrastructure and data processing occurs within the Netherlands and Germany through our subprocessors. This ensures compliance with European data protection regulations.

Encryption

At Rest: All data is encrypted using AES-256 encryption. We use Supabase Vault for sensitive information like access tokens.

In Transit: All data transmission uses TLS 1.3 encryption. Every connection between your browser, our servers, and third-party integrations is encrypted.

Token Security

We never store passwords. Our platform uses OAuth 2.0 exclusively, meaning we only receive encrypted tokens from providers like Google, GitHub, and Slack.

Access tokens are encrypted using authenticated encryption. This provides both encryption and cryptographic signing to prevent tampering.

Encryption keys are stored separately from the encrypted data and are never stored in the database itself.

Access Controls

We inherit your existing permissions from connected services. When you connect integrations, we respect all user-level access controls from your source systems.

If you don't have access to a repository in GitHub or a channel in Slack, we don't have access either.

Compliance

GDPR Compliant: We maintain full data processing agreements and honor all data subject rights, including the right to deletion and data portability.

Incident Response: We have established procedures for security incident detection, response, and notification in accordance with applicable regulations.

Infrastructure Security

Our infrastructure uses network isolation and automated security patching. We use Cloudflare to help prevent DDoS attacks and filter malicious traffic before it reaches our servers.

Database access is restricted through encrypted connections and role-based permissions.

Transparency

If you have specific security questions or need additional documentation for your organization's security review, contact our legal team.

Privacy Policy

This Privacy Policy explains how One Horizon collects, uses, stores, and protects personal information.

Security

Review product controls, data protections, and access boundaries before rollout.

Contact

Contact One Horizon for legal questions, privacy requests, data protection matters, and support.

CSR Policy

How One Horizon approaches responsible work, ethical technology, privacy, sustainability, and community impact.

Security

One Horizon is designed around clear access boundaries, encrypted data handling, EU data residency, and security review material your team can evaluate before rollout.

SOC 2

Security controls are aligned with SOC 2 criteria and formal certification is in progress. Pilot-first rollouts are available for teams that need a narrow, auditable scope before broader adoption.

If your security team needs early context, we can share a practical security overview and data handling details before implementation. Contact us to request materials.

Data Residency

All data is stored exclusively in EU regions and never leaves European jurisdiction.

All our infrastructure and data processing occurs within the Netherlands and Germany through our subprocessors. This ensures compliance with European data protection regulations.

Encryption

At Rest: All data is encrypted using AES-256 encryption. We use Supabase Vault for sensitive information like access tokens.

In Transit: All data transmission uses TLS 1.3 encryption. Every connection between your browser, our servers, and third-party integrations is encrypted.

Token Security

We never store passwords. Our platform uses OAuth 2.0 exclusively, meaning we only receive encrypted tokens from providers like Google, GitHub, and Slack.

Access tokens are encrypted using authenticated encryption. This provides both encryption and cryptographic signing to prevent tampering.

Encryption keys are stored separately from the encrypted data and are never stored in the database itself.

Access Controls

We inherit your existing permissions from connected services. When you connect integrations, we respect all user-level access controls from your source systems.

If you don't have access to a repository in GitHub or a channel in Slack, we don't have access either.

Compliance

GDPR Compliant: We maintain full data processing agreements and honor all data subject rights, including the right to deletion and data portability.

Incident Response: We have established procedures for security incident detection, response, and notification in accordance with applicable regulations.

Infrastructure Security

Our infrastructure uses network isolation and automated security patching. We use Cloudflare to help prevent DDoS attacks and filter malicious traffic before it reaches our servers.

Database access is restricted through encrypted connections and role-based permissions.

Transparency

If you have specific security questions or need additional documentation for your organization's security review, contact our legal team.

Privacy Policy

This Privacy Policy explains how One Horizon collects, uses, stores, and protects personal information.

Security

Review product controls, data protections, and access boundaries before rollout.

Contact

Contact One Horizon for legal questions, privacy requests, data protection matters, and support.

CSR Policy

How One Horizon approaches responsible work, ethical technology, privacy, sustainability, and community impact.