Security at Otowui

Built for demanding security and compliance needs. Keep your data protected with layered defenses, configurable privacy settings, and best-in-class standards.

Protecting your service data

Independent assurance & security posture

We validate our security posture through external assessment and continuous improvement. Where applicable, we can share independent evidence of our security standing.

Penetration testing

Otowui runs annual penetration tests covering the platform and its supporting infrastructure. Findings are triaged, tracked, and remediated based on severity.

Secure development practices & vulnerability management

Security checks are integrated into our engineering workflow to help catch issues early (dependency checks, code scanning, and automated alerts). Identified vulnerabilities are prioritized and addressed within defined remediation targets.

Supplier and third-party security

We assess vendors based on risk and the type of data involved. This includes reviewing security documentation and ensuring appropriate controls are in place before onboarding — and periodically thereafter.

Continuous monitoring & incident escalation

We use around-the-clock monitoring to detect suspicious activity and operational anomalies, with defined escalation paths to our team when attention is required.

Least-privilege access

Access reviews

We regularly review access rights to ensure permissions remain aligned with job responsibilities and the principle of least privilege.

Controlled access requests

New access follows an approval process so that permissions are granted intentionally, scoped appropriately, and revoked when no longer needed.

Product security

Multi-factor authentication

Otowui supports MFA using TOTP (compatible with common authenticator apps) and HOTP for environments that prefer event-based codes.

Encryption

Data is protected using encryption in transit and at rest following widely adopted, modern cryptographic practices.

Session security

User sessions are designed to reduce risk from unattended access, including automatic expiry after inactivity.

Roles & permissions

Otowui includes role-based controls designed for clear separation of duties (e.g., a manager “master/slave” model), helping teams limit access to only what’s needed.

Availability & resilience

Service availability & transparency

We monitor uptime and platform health and provide timely status updates when incidents occur.

Backups & recovery

We perform regular backups and maintain recovery procedures to restore service in the event of data loss or disruption.

Business continuity

We maintain operational playbooks for disruptive events and review them periodically to ensure they remain effective.