At OneBot, we prioritise the security of your data. Transparency is a core principle of our company, and we strive to be as clear and open as possible about our security practices. If you have any additional questions, please email us at support@sollertis.co, and we will respond promptly. This document outlines the administrative, technical, and physical controls that apply to OneBot, including the OneBot platform, workflows, and apps. This documentation does not cover services associated with or integrated into OneBot.
OneBot operates on a single-tenant architecture per client, ensuring data segregation and restricted access based on business needs. Each customer has a unique instance, providing logical data separation.
OneBot services are hosted on a public cloud, meaning our services run on remote servers managed by third-party providers, offering flexibility and scalability.
We conduct regular security assessments to verify our practices and monitor for new vulnerabilities. This includes periodic and targeted audits and continuous hybrid automated scanning of our platform.
We implement and maintain measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Key security controls include:
Some controls are non-disabling, while others allow customisation for enhanced security. Protecting customer data is a joint responsibility between OneBot and the customer.
We also conduct security scans and testing of the OneBot platform, workflows, and apps to detect abusive behaviour or term violations.
We monitor OneBot services for unauthorised intrusions.
Our systems log information for security reviews and analysis. These logs, accessible only by background-checked employees, are analysed for security events by automated monitoring software overseen by our security team.
OneBot maintains policies and procedures for managing security incidents. We notify affected customers promptly of any unauthorised data disclosures. Significant system incidents are communicated via email and may involve conference calls for incidents lasting over an hour.
We use industry-accepted encryption to protect data during transmission and at rest. We support the latest secure cypher suites and protocols and regularly update our practices in response to new cryptographic weaknesses.
We ensure that OneBot services are highly available and fault-tolerant. Our operations team tests disaster recovery measures regularly. We follow industry best practices for reliability and backup, performing regular backups and data replication. We assist with data recovery during Major Catastrophic Events, as permitted by data residency requirements.
Our backup and restoration procedures are well-tested, with nightly backups and quarterly tests to ensure reliability.
Customer data is stored within designated geographic areas unless specified in your order form.
Customers can request the return of their data within 30 days after contract termination. For export capabilities, contact support@sollertis.co.
Primary Owners can delete data at any time during a subscription. Deleted data is removed from production systems within 24 hours and backups within 14 days, barring ongoing investigations. Upon subscription termination, data is deleted within 90 days unless otherwise requested by the customer.
We strictly control employee access to customer data. Access is granted only when necessary, such as when diagnosing issues. Access is logged, and our comprehensive information security policies bind employees.
All employees undergo background checks and receive ongoing privacy and security training. They are required to read and sign our information security policy.
OneBot uses Digital Ocean's infrastructure to host or process customer data. Visit the Digital Ocean website for more information on its security.
We change this policy from time to time. We will not reduce your rights under this policy without your explicit consent. We always indicate the date when the last changes were published . If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of policy changes).
If you have any questions or complaints about this policy, please contact us. If you are a Customer, please reach out to your account manager who will be able to assist you.
