[ security ]
Built for the security review
Orlix carries your systems' credentials and your customers' data. That obligation shapes the architecture more than any feature does.
Certifications & audits
- SOC 2 Type II, renewed annually; report available under NDA
- Annual third-party penetration test; summary available to customers
- GDPR-aligned processing with a signed DPA on request
Data handling
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regional residency per workflow: us-east, eu-west, ap-south
- Customer-managed keys on Enterprise
- Trace retention windows configurable per plan and per workflow
Access & audit
- SSO (SAML, OIDC) and SCIM provisioning
- Role-based access with per-workflow scopes
- Immutable audit trail covering every run, approval, and config change
- Connector credentials stored in a dedicated KMS-backed vault, never in traces
Reliability
- 99.98% measured uptime over the trailing 90 days
- 99.95% contractual SLA on Enterprise
- Runs are durable: control-plane failover resumes, never restarts, in-flight work
Security questionnaire? Send it over — security reviews are a use case we design for, not an interruption. hello@orlix.example.com