Skip to content
OpsSync
Get early access
01Security

Your client data is sacred.

OpsSync was built secure-by-default. Encryption, access controls, audit trails, and clear data rights — not premium add-ons, but how the product is built.

AES-256 · TLS 1.3SOC 2-alignedAudit log on every plan
02How we protect your data

Six pillars. Zero compromises.

Encrypted, end-to-end

AES-256 at rest, TLS 1.3 in flight. Every byte is encrypted before it touches disk and stays encrypted throughout its lifecycle.

SOC 2-aligned infrastructure

Hosted on SOC 2 Type II infrastructure with daily backups, point-in-time recovery, and 99.95% uptime SLA on Scale.

Role-based access control

Granular RBAC across workspaces, projects, and clients. Least-privilege by default — admins explicitly grant access.

Immutable audit log

Every action — every view, edit, export, sign-in — is logged immutably. Available via UI or API on Growth and Scale.

SSO & SAML

Single sign-on via Google, Microsoft, or any SAML 2.0 IdP. SCIM provisioning available on the Scale plan.

Data residency

Choose between India (BLR), Europe (FRA), or US-East (IAD) regions for your workspace data. Configurable per workspace.

03Operational practices

The unglamorous part. Done seriously.

Backups, recovery, pen-testing — the work that doesn't show up in a feature list, but is the reason your data is safe.

  • Backups
    Daily encrypted snapshots, 30-day retention, cross-region replication.
  • Disaster recovery
    RPO < 15 minutes. RTO < 1 hour. Tested quarterly.
  • Penetration testing
    Annual external pen-test by a CERT-In empanelled firm.
  • Bug bounty
    Private program with responsible disclosure. security@opssync.app.
  • Sub-processors
    Public list at /security/subprocessors, updated when a vendor changes.
  • GDPR & DPDP
    Standard contractual clauses, DPA on request, India DPDP compliant.
04Your data rights

Your data stays yours.

We don't sell it. We don't train on it. We can't even see it without your consent.

  • Export your data as CSV, JSON, or PDF at any time.
  • Delete your account and we permanently erase data within 30 days.
  • We never train on your data, ever — your data is yours.
  • Our staff cannot access workspace contents without your explicit consent.
Bug bounty

Found something? We pay for it.

Private responsible-disclosure program for security researchers. Reports acknowledged within 24 hours; payouts up to ₹5L for critical findings.

security@opssync.appPGP key · download
Security questions?

Talk to us. We answer them all.

Join the waitlistContact security