| Trust Center

Security & Privacy Center

At Onfire, security and privacy are fundamental to everything we do. We are committed to protecting your data with industry-leading security practices, comprehensive compliance certifications, and transparent privacy policies.

privacy@onfire.ai
Privacy Policy

Compliance & Certifications

Onfire maintains rigorous security standards and holds multiple industry certifications to ensure the highest level of data protection and privacy compliance.

SOC 2 Type II

Audited by Ernst & Young (EY), demonstrating our commitment to security, availability, and confidentiality.

Verified 2024

ISO 27001

Certified by Prescient Security, ensuring international standards for information security management.

Verified 2024

CSA STAR Level 1

Cloud Security Alliance STAR certification demonstrating cloud security best practices.

Verified 2024

Penetration Testing

Regular third-party security assessments to identify and remediate vulnerabilities.

Verified 2024

GDPR Compliant

Full compliance with the European Union's General Data Protection Regulation.

Compliant

CCPA Compliant

Adherence to the California Consumer Privacy Act protecting consumer data rights.

Compliant

Security Controls

Our comprehensive security framework protects your data at every level.

Data Protection

  • Data Encrypted At-Rest (AES-256)
  • Data Encrypted In-Transit (TLS 1.3)
  • Regular Data Backups
  • Data Residency Controls

Access Control

  • Multi-Factor Authentication (MFA)
  • Role-Based Access Control (RBAC)
  • Single Sign-On (SSO)
  • Comprehensive Audit Logs

Infrastructure Security

  • DDoS Protection
  • Web Application Firewall (WAF)
  • Intrusion Detection Systems
  • 24/7 Security Monitoring

Incident Response

  • Incident Response Plan
  • Data Breach Notification Process
  • Security Incident Tracking
  • Regular Security Drills

Security Resources

Access our security documentation, compliance reports, and certification information.

SOC 2 Type II Report

Audited by Ernst & Young (EY). Valid through 2025.

ISO 27001 Certificate

Certified by Prescient Security. Information Security Management System certification.

CSA STAR Level 1 Certification

Cloud Security Alliance STAR registry listing demonstrating our cloud security posture.

Penetration Test Report

Third-party security assessment and penetration testing results from 2024.

Information Security Policy

Comprehensive overview of Onfire's security policies, practices and procedures.

Data Processing Agreement (DPA)

Our GDPR-compliant Data Processing Agreement including Standard Contractual Clauses.

Subprocessors

Onfire works with carefully vetted third-party service providers to deliver our services. All subprocessors are contractually bound to maintain the same level of data protection.

Amazon Web Services, Inc.
Hosting & Infrastructure - On-demand cloud computing platforms and APIs
📍 United States, Germany
Auth0 Inc.
Authorization - Identity management and authentication layer
📍 United States, Germany
OpenAI, LLC
AI Products - Generative AI services for Onfire AI tools
📍 United States
Mixpanel
Product Analytics - User interaction analytics within Onfire products
📍 United States, European Union
LogRocket
Product Analytics - Monitoring and debugging user interactions
📍 United States, European Union
Onfire Inc.
Services & Support - Onfire affiliate providing services and support
📍 United States
Onfire A.I LTD
Services & Support - Onfire affiliate providing services and support
📍 Israel

For a complete and current list of subprocessors, please contact privacy@onfire.ai

Privacy & Legal

We are committed to transparency in how we collect, use, and protect your information.

Privacy Policy

How we collect, use, and protect your data

Terms of Service

The terms governing use of Onfire services

Do Not Sell My Information

Control how your data is shared and processed

Frequently Asked Questions

Onfire employs multiple layers of security including encryption at-rest and in-transit, regular security audits, penetration testing, and 24/7 monitoring. We maintain SOC 2 Type II and ISO 27001 certifications, which are audited annually by independent third parties. All data is stored in secure, redundant data centers with strict access controls.

Yes, Onfire is fully compliant with both GDPR and CCPA regulations. We have implemented comprehensive data protection measures, provide Data Processing Agreements for our customers, honor data subject requests, and maintain detailed records of our data processing activities. Users can exercise their privacy rights including access, deletion, and opt-out of data sales.

Onfire stores customer data in secure, SOC 2-certified data centers primarily located in the United States. We use industry-leading cloud infrastructure providers with robust security controls. Data residency options may be available for enterprise customers with specific regulatory requirements.

Enterprise customers and prospective customers can request our SOC 2 Type II report, penetration test results, and other security documentation by contacting privacy@onfire.ai. These documents are provided under NDA to qualified parties during the procurement process.

Yes, Onfire works with carefully vetted subprocessors to provide our services. These include cloud infrastructure providers, analytics services, and other essential business tools. All subprocessors are bound by data protection agreements and undergo security assessments. A list of subprocessors is available upon request.

Onfire maintains a comprehensive incident response plan that includes detection, containment, investigation, remediation, and notification procedures. In the event of a security incident affecting customer data, we will notify affected parties in accordance with applicable laws and regulations. Our security team conducts regular drills to ensure readiness.

Questions about our security or privacy practices?

Our team is here to help you understand our security posture and compliance program.

Or email us directly at privacy@onfire.ai