Skip to content
Orlix

[ security ]

Built for the security review

Orlix carries your systems' credentials and your customers' data. That obligation shapes the architecture more than any feature does.

Certifications & audits

  • SOC 2 Type II, renewed annually; report available under NDA
  • Annual third-party penetration test; summary available to customers
  • GDPR-aligned processing with a signed DPA on request

Data handling

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regional residency per workflow: us-east, eu-west, ap-south
  • Customer-managed keys on Enterprise
  • Trace retention windows configurable per plan and per workflow

Access & audit

  • SSO (SAML, OIDC) and SCIM provisioning
  • Role-based access with per-workflow scopes
  • Immutable audit trail covering every run, approval, and config change
  • Connector credentials stored in a dedicated KMS-backed vault, never in traces

Reliability

  • 99.98% measured uptime over the trailing 90 days
  • 99.95% contractual SLA on Enterprise
  • Runs are durable: control-plane failover resumes, never restarts, in-flight work

Security questionnaire? Send it over — security reviews are a use case we design for, not an interruption. hello@orlix.example.com