Our security posture

• Authentication. Admin and client sessions use signed tokens; client passwords are scrypt-hashed with session versioning.
• Transport. TLS enforced for all endpoints.
• Access control. Admin/client routes gated by middleware; deck access can be password-protected and NDA-aware.
• Data segregation. Client portals keep decks and analytics scoped per client.
• Backups & availability. Hosted on modern cloud infrastructure with redundancy (provider-dependent).
• Incident response. Documented runbooks; rapid notification for security events affecting customer data.
• Compliance support. DPA available; subprocessors disclosed; consent gating for analytics.

Report a security issue: security@owlcto.com