Your data security is our
top priority
OnRaven is built with security at its core. We employ industry-leading practices to ensure your customer conversations and business data remain protected at all times.
Infrastructure Partner
Enterprise-Grade Cloud
Our infrastructure runs on Amazon Web Services, trusted by millions of customers worldwide.
Security Features
Multi-layered protection
We implement defense-in-depth strategies to protect your data at every level.
End-to-End Encryption
All messages and data are encrypted using AES-256 encryption at rest and TLS 1.3 in transit. Your conversations remain private and secure at every step.
Secure Infrastructure
Our infrastructure is hosted on Amazon Web Services (AWS) in US and Canadian regions, benefiting from their world-class physical and network security.
Access Control
Role-based access control (RBAC) ensures team members only access what they need. Multi-factor authentication (MFA) adds an extra layer of protection.
24/7 Monitoring
Continuous security monitoring and intrusion detection systems protect against threats. Our security team responds to incidents around the clock.
Regular Audits
We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential risks proactively.
Data Backup & Recovery
Automated backups with point-in-time recovery ensure your data is never lost. Geo-redundant storage provides additional protection.
Data Protection
Your data is protected using industry-standard encryption and security protocols.
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Secure key management using AWS KMS
- Regular encryption key rotation
- Encrypted database backups
- Secure API authentication with OAuth 2.0
- IP allowlisting capabilities
- Session management and automatic timeouts
Infrastructure Security
Our infrastructure is designed for maximum security and reliability on AWS.
- AWS Virtual Private Cloud (VPC) isolation
- Web Application Firewall (WAF) protection
- DDoS mitigation via AWS Shield
- Network segmentation and micro-segmentation
- Automated security patching
- Container security scanning
- Infrastructure as Code (IaC) security
- Immutable infrastructure deployments
Compliance
Industry standards & frameworks
We continuously monitor code, cloud, and delivery pipelines against major security and privacy frameworks (including through Aikido Security).
PCI DSS Level 1
Via StripeCardholder data is processed by Stripe; we still monitor platform and infrastructure controls that support a secure payment posture.
GDPR
ReadyEncryption, access management, logging, and processing safeguards are monitored against GDPR-aligned themes. Readiness is technical and operational—not a regulatory sign-off.
CCPA
ReadyData access, deletion, and security-of-processing themes are handled in product policy and monitored in infrastructure and application controls.
PIPEDA
ReadyAs a Canadian company, we align fair-information and security-safeguard expectations with monitored technical controls.
SOC 2
ReadyTrust Services Criteria themes (security, availability, confidentiality) are tracked across cloud, change management, access, and vulnerability SLAs. A SOC 2 Type II report is a separate formal attestation.
HIPAA
ReadyTechnical safeguards such as encryption, access control, audit logging, and backups are monitored against HIPAA-aligned checklists. Enterprise customers needing a BAA should contact us.
ISO 27001:2022
ReadyAnnex A-style areas—access, cryptography, logging, backups, vulnerability management, and secure development—are covered in continuous monitoring. ISO 27001 certification requires an accredited audit.
OWASP Top 10
ReadyApplication and cloud checks address broken access control, injection, cryptographic failures, SSRF, logging, and related risks from the OWASP Top 10.
NIST SP 800-53
ReadySecurity and privacy control families relevant to our SaaS footprint are monitored where applicable—not a FedRAMP package or government ATO.
CIS Controls & AWS Benchmark
ReadyCIS Controls v8.1 themes and CIS AWS Foundations Benchmark expectations inform ongoing configuration and hygiene monitoring.
NIS2 (EU)
ReadyICT risk management, incident handling, supply chain, and resilience practices are monitored against NIS2-aligned requirements.
DORA (EU)
ReadyOperational resilience themes—detection, response, backup, and governance—are monitored against DORA-aligned ICT risk expectations.
UK Cyber Essentials
ReadyCore controls for boundary protection, secure configuration, access, malware protection, and patching are monitored against Cyber Essentials-style criteria.
HITRUST CSF
ReadyHealth-data-oriented control themes are monitored at high coverage in our security program. This does not constitute HITRUST certification.
Business Standards
Enterprise-ready security practices
Organizational Security
- • Background checks for all employees
- • Security awareness training programs
- • Strict access control policies
- • Confidentiality agreements
- • Incident response procedures
Development Practices
- • Secure Software Development Lifecycle (SSDLC)
- • Code review and security scanning
- • Dependency vulnerability monitoring
- • Regular penetration testing
- • Bug bounty program
Data Residency
Your data stays where you need it
OnRaven stores all customer data exclusively in secure AWS data centers located in the United States and Canada. Enterprise customers can choose their preferred data residency region to meet regulatory requirements.
United States
AWS US-East & US-West
Canada
AWS Canada (Central)
Technical Documentation
Security & Encryption Whitepaper
Detailed technical overview of our security architecture, encryption methods, and compliance measures.
Encryption Architecture
Comprehensive details on our AES-256-GCM encryption implementation, key management, and data protection strategies.
Audit & Compliance
Detailed audit logging mechanisms, GDPR compliance measures, and data retention policies.
Infrastructure Security
AWS infrastructure setup, network isolation, DDoS protection, and disaster recovery procedures.
Access Control
Role-based access control (RBAC), multi-factor authentication, and session management.
Have security questions?
Our security team is here to help. Contact us for security assessments, compliance documentation, or to report a vulnerability.