Security at Orca Scan

Data Encryption

Orca Scan uses industry-standard encryption protocols to keep your data secure. We use TLS encryption to protect data when it’s being transmitted between your device and our platform and AES-256-bit encryption to secure your data when it’s stored on our servers.

Secure, reliable infrastructure

Orca Scan is a cloud native application. We do not own any servers, instead, we rely on the secure and reliable hosting capabilities of Amazon AWS, Google Cloud Platform and Digital Ocean. Their data centres are equipped with advanced security measures, such as 24x7 monitoring, biometric scanning, and video surveillance, to ensure the protection of your data.

Access Controls

Robust permission and user controls allow you to manage who can access your data. By assigning different roles and setting permissions, you can control who can view, edit, or delete certain information within your account. This helps you maintain the security and privacy of your data by ensuring that only authorised individuals have access to it.


Security FAQs

Which cloud providers do you use?

For redundancy, we use multiple GDPR and SOC 2 compliant cloud providers to deliver the Orca Scan service: Amazon AWS, Google Cloud Platform and Digital Ocean.

Where are the Orca Scan servers located?

We use a combination of highly secure Amazon AWS, Google Cloud and Digital Ocean servers located in the USA and UK.

How often does Orca Scan backup data?

The Orca Scan databases are backed up every hour and backups are retained for 30 days.

Is your database encrypted at rest?

Yes, all data is encrypted at rest using AES 256-bit encryption.

What does data retention look like?

After cancelling your subscription, a 30-day grace period starts; after these 30 days, if you haven’t renewed, your data will be erased from our systems. We will also delete your data upon request.

Does Orca Scan use data sub-processors?

Yes, we use third party service providers to deliver the Orca Scan service. You can view the full list of Orca Scan sub-processors here.

Is Orca Scan PCI compliant?

Orca Scan does not handle payments, or have access to payment information. We use Stripe Checkout to manage payment and Stripe is a PCI compliant company.

Is Orca Scan SOC2 compliant?

Not yet, we are currently working towards SOC2 compliance.

How would Orca Scan respond to a data breach?

We would notify all registered users impacted of the breach within 72 hours of detection.

Would you be willing to sign a custom agreement?

Yes, we are happy to consider custom agreements as part of our Enterprise plan.

Do you offer Single-Sign-On?

Not yet, but it’s on our todo list and will be made available as part of an Enterprise plan.

Can you restrict access by IP?

No, not yet, but this is on our todo list.

Do you keep an audit log of activity?

Yes, we maintain access logs for all our systems and every Orca Scan sheet has a history log that tracks changes.

Do you have a status page?

Yes, you can view the availability of our services at status.orcascan.com

Questions regarding Orca Scan Security?

You can chat with us live or drop us an email at hello@orcascan.com

Ready to start scanning?