Built by (and for) security-minded engineers

The page for your security team.
Our mission is to put “put security in the hands of developers.” This mission is founded on building safe, reliable tools that abstract away the complexity of security.

To that end, we've made and continue to make major technical investments in security and privacy programs to ensure the safety and reliability of Oso Cloud.

Oso is SOC 2 certified. Alongside those guarantees, here are our commitments to our customers.

Our commitment to you

We're data- and privacy- conscious.

Our production architecture isolates customers and their data from each other for availability and security purposes.

We have no ability to aggregate or search across customer data sets, because we don't need to.

We collect only the data that's necessary for our application to function, and no more. We use automated data expiration to remove old data that we no longer need.

We follow security best practices.

We require Single-Sign-On and Two-Factor Authentication for all systems with customer data. We enforce phish-proof WebAuthN based Two-Factor Authentication wherever possible.

We use encryption to protect customer data in transit to Oso Cloud and on all disks where data is at rest.

We enforce tight restrictions on changes to our production environment. We require peer review and the use of automated tools to build, test, and release versions of Oso Cloud.

We're vigilant.

We collect and analyze logs from our critical vendors in real time to monitor for security events.

We maintain backups and practice our recovery procedures to be ready for availability emergencies.

We use automated dependency scanning and other tools to ensure the safety of our software supply chain.

This isn't our first rodeo.

We have led Security and Platform teams, and built critical infrastructure-as-a-service products for large businesses.

We have operated critical infrastructure for companies like Veritas, Symantec, MongoDB, Intercom, Lacework, Puppet, Betterment, Gremlin, Artsy, the Hillary Clinton campaign, and Mailchimp.

Members of our team have also contributed to public security protocols, like TLS.

If you have further questions on our security practices, you can email

Ready to get started?