Security

At Onshore, security is embedded into how we build, operate, and deliver outcomes for our customers.

We design our systems to protect sensitive data, ensure availability, and maintain integrity across every stage of the customer lifecycle.

Our security principles

• Least-privilege access by default

• Data minimization and purpose limitation

• Defense-in-depth across infrastructure and application layers

• Secure-by-design product development

• Continuous monitoring and improvement

Infrastructure & hosting

Onshore is built on secure, cloud-based infrastructure designed for reliability and isolation.

• Cloud-hosted environments with logical separation of customer data

• Redundancy and availability protections

• Centralized logging and monitoring

Data encryption

We use industry-standard encryption practices to protect data.

• Encryption in transit using TLS

• Encryption at rest using industry-standard algorithms

• Secure key management and rotation

Access controls & authentication

Access to systems and customer data is tightly controlled.

• Role-based access controls (RBAC)

• Least-privilege permissions for employees and services

• Multi-factor authentication for internal systems

• Regular access reviews and logging

Application & product security

Security is built into our development and deployment processes.

• Secure coding practices and peer code reviews

• Automated testing and vulnerability monitoring

• Ongoing improvements to address emerging threats

AI and data usage

Onshore uses AI to support human-led analysis while maintaining strict controls around data usage.

• Customer data is not used to train generalized AI models without appropriate safeguards

• Training data is anonymized and minimized

• Clear separation between customer data and AI systems

Additional details are available in our Privacy Policy.

Data retention & deletion

• Data is retained only as long as necessary for operational and legal purposes

• Retention practices align with contractual and regulatory requirements

• Customers may request data deletion subject to applicable obligations

Incident response

We maintain defined incident response procedures to detect, investigate, and remediate security events.

• Continuous monitoring for security incidents

• Documented response and escalation processes

• Customer communication as appropriate

Compliance & assurance

Onshore is SOC 2 compliant, demonstrating our commitment to security, availability, and confidentiality.

Our controls are independently assessed and audited to ensure they meet industry standards for protecting customer data.

Responsible disclosure & contact

We welcome responsible disclosure of potential security issues.

For security questions or to report a vulnerability, contact security@onshore.com.

For information on how we collect, use, and protect personal information, please review our Privacy Policy.