Security built for operational data
Your workflows touch CRM records, financial data, and customer information. OrchVyne is designed with that sensitivity in mind — from how credentials are stored to how execution data is handled.
Our security practices
OrchVyne is not SOC 2 certified — we are a bootstrapped product and have not completed a formal audit. We are designed with SOC 2 Type II controls in mind: encryption, access logging, secrets isolation, and data minimization are built-in architectural decisions, not add-ons. Here is what we do and how it works.
Encryption in transit and at rest
All data transmitted between OrchVyne and your connected applications uses TLS 1.2+. Credentials and secrets stored at rest are encrypted using AES-256 with per-customer key isolation.
Secrets management
API keys and OAuth tokens for your connected apps are stored in an isolated secrets vault. They are never exposed in workflow execution logs or audit trails — only the action result is logged, not the credential used to invoke it.
Access controls
Role-based access control within your OrchVyne organization. Team-level permissions let you grant view-only or edit access per workspace. Audit logs track every configuration change and workflow modification by user.
Audit logging
Every workflow execution is logged with step-level detail, timestamps, and outcome status. Execution logs are immutable and retained per your plan's data retention window. Enterprise plans include extended retention and export.
Data minimization
OrchVyne does not store the payload data passing through your workflows beyond the execution window. Workflow execution logs capture metadata and step outcomes — not the full data record. Your CRM records stay in your CRM.
Infrastructure
OrchVyne runs on AWS with multi-AZ deployment for execution reliability. Our infrastructure is designed with network segmentation, vulnerability monitoring, and dependency scanning as ongoing operational practices.
Responsible disclosure
If you discover a security vulnerability in OrchVyne, we ask that you report it responsibly before public disclosure. Please email [email protected] with details of the issue. We will acknowledge your report within 24 hours and work to address confirmed vulnerabilities promptly.
We commit to not taking legal action against researchers who report issues in good faith and follow responsible disclosure practices.
Questions about how we handle your data?
Our team answers security questions directly. Enterprise customers can request additional security documentation.