Odingard · Trust Center

Security & Trust

How Odingard Studio and Contract AI protect your data — our security controls, encryption, data handling, privacy commitments, availability, and how to reach us.

All systems operational

Security overview

Odingard Studio is a multi-tenant SaaS platform delivered on a globally distributed edge platform. Security is enforced at every layer — network, application, and data.

Tenant isolation

Every request is authorized against the caller's organization; data access is scoped per-organization and entitlements are checked on each protected action (fail-closed).

Edge protection

TLS 1.2+, HSTS, a strict Content-Security-Policy, and a Web Application Firewall front all traffic, with DDoS mitigation at the network edge.

Rate limiting

Authentication and sensitive endpoints are rate-limited to resist brute-force and abuse.

Audit logging

Security-relevant actions are written to an append-only audit log for traceability.

Least privilege

Role- and permission-based access control governs administrative and billing actions within an organization.

Secure SDLC

Changes go through code review, automated type checks, linting, and unit tests in CI before deployment, with staging and rollback paths.

Encryption

Data handling

Privacy

We collect only the data needed to operate the service and do not sell personal data. Sub-processors are limited to the infrastructure, payment, email, and AI-model providers required to deliver the product. For privacy inquiries, data-subject requests, or a Data Processing Addendum, contact privacy@odingard.com.

Availability & status

Studio runs on a globally distributed, redundant edge platform. We monitor service health with observability and alerting, and maintain tested backup/restore and rollback procedures for both the application and its database.

ComponentEndpointState
Studio appstudio.odingard.comOperational
APIapi.odingard.comOperational
API health checkapi.odingard.com/health/liveOperational

Status reflects current known state; this page is updated as our monitoring evolves.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability in an Odingard product:

We will acknowledge valid reports and keep you informed of remediation progress. We do not pursue legal action against researchers acting in good faith under these guidelines.

Security practices

The controls below are in place today.

ControlStatus
Encryption in transit & at restIn place
Audit loggingIn place
Backup & restore, rollback proceduresIn place (tested)
Tenant isolation & least-privilege access controlIn place
Rate limiting on sensitive endpointsIn place

Contact