Opensure

Theme

Security

Last updated: December 6, 2024

At Opensure, we take the security of your data seriously. This page outlines the security measures we implement to protect the Opensure platform and your information.

Infrastructure Security

Cloud Hosting

  • Hosted on Google Cloud Platform (GCP) with SOC 2 Type II certification
  • All data stored in US-based data centers
  • Automatic failover and disaster recovery systems
  • Regular infrastructure security audits

Network Security

  • All traffic encrypted with TLS 1.3
  • Web Application Firewall (WAF) protection
  • DDoS mitigation
  • Regular penetration testing

Data Protection

Encryption

  • In Transit: All data encrypted using TLS 1.3
  • At Rest: Database encryption using AES-256
  • Secrets Management: Credentials stored in encrypted vaults

Database Security

  • AWS RDS with automated backups
  • Point-in-time recovery capability
  • Network isolation with private subnets
  • Access restricted to application layer only

Application Security

Authentication

  • Secure authentication via Auth0
  • Support for Single Sign-On (SSO)
  • Multi-factor authentication (MFA) available
  • Session management with automatic timeout

Access Control

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Audit logging of all access events
  • API key management with scoped permissions

Code Security

  • Automated security scanning in CI/CD pipeline
  • Dependency vulnerability monitoring
  • Regular code reviews
  • Pre-commit hooks for secrets detection

Browser Extension Security

Permissions

The Opensure Marketfinder extension requests only necessary permissions:

  • activeTab: Access current tab only when activated
  • storage: Store user preferences locally
  • identity: Authenticate with Opensure account

Data Handling

  • No background data collection
  • Data processed only on user action
  • No tracking of browsing history
  • Local storage encrypted

Compliance

Standards

  • SOC 2 Type II (via cloud provider)
  • GDPR compliant data handling
  • CCPA compliant for California residents

Data Residency

  • All customer data stored in the United States
  • No data transferred to third countries without consent

Incident Response

Monitoring

  • 24/7 automated security monitoring
  • Real-time alerting for suspicious activity
  • Log aggregation and analysis

Response Process

  1. Detection and triage
  2. Containment and investigation
  3. Remediation and recovery
  4. Post-incident review
  5. Customer notification (if applicable)

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

Email: security@opensure.dev

We commit to:

  • Acknowledge receipt within 24 hours
  • Provide an initial assessment within 72 hours
  • Work with you to understand and resolve the issue
  • Credit reporters in our security acknowledgments (if desired)

Please do not publicly disclose vulnerabilities until we have addressed them.

Security Updates

We continuously improve our security posture. Major security updates are communicated through:

  • In-app notifications
  • Email to account administrators
  • Updates to this security page

Contact

For security-related inquiries:

InsureCert Systems Inc. Email: security@opensure.dev

Built with VitePress

Copyright © 2025 Opensure