Security Policy

Last Updated: September 10, 2025

1. Introduction#

This Security Policy describes the security measures and practices implemented by Operately doo (“Company,” “we,” “us,” or “our”) to protect our cloud-based business management software and related services (the “Service”) and your data. This Security Policy is incorporated into and subject to our Terms of Service.

2. Infrastructure Security#

2.1 Hosting#

Our Service is hosted on secure cloud infrastructure with:

  • Industry-standard physical and network security
  • Regular security updates and patches
  • Automated backup systems
  • Monitoring for suspicious activities

2.2 Data Encryption#

We protect your data using:

  • HTTPS/TLS for all data in transit
  • Encryption for sensitive data at rest
  • Secure key management practices

3. Access Controls#

3.1 User Access#

  • Strong password requirements
  • Secure authentication via Google Sign-in
  • Session management and automatic timeouts
  • Role-based access controls

3.2 Employee Access#

Our team follows strict security protocols:

  • Access granted on a need-to-know basis
  • Regular access review and revocation
  • Secure access management procedures

4. Monitoring and Incident Response#

4.1 Security Monitoring#

We maintain security through:

  • System monitoring and logging
  • Error tracking and analysis via Sentry
  • Regular security assessments
  • Automated alerting for suspicious activities

4.2 Incident Response#

In case of a security incident:

  • We will promptly investigate and respond
  • Affected users will be notified if required by law
  • We will take appropriate measures to prevent similar incidents

5. Third-Party Services#

We carefully select and monitor the security practices of our third-party service providers. For a complete list of third-party services we use, please refer to our Privacy Policy. All our service providers are required to maintain appropriate security measures and compliance with applicable security standards.

5.1 AI Service Security#

When using AI-powered features powered by OpenAI:

  • All data transmission to OpenAI is encrypted using industry-standard protocols
  • We only send the minimum necessary data required for AI processing
  • OpenAI maintains their own security standards and compliance certifications
  • AI features can be disabled by users at any time through account settings

6. Security Practices#

6.1 Development Practices#

Our development team follows security best practices:

  • Code review requirements
  • Security testing
  • Regular dependency updates
  • Secure development guidelines

6.2 Operational Security#

We maintain operational security through:

  • Regular security updates
  • System hardening
  • Access logging
  • Security training for team members

7. Reporting Security Issues#

If you discover a security vulnerability, please report it to [email protected]. We will:

  • Promptly investigate all legitimate reports
  • Keep you informed of our progress
  • Not take legal action against you for good faith reports

8. Changes to This Policy#

We may update this Security Policy from time to time. We will notify users of material changes by posting the updated policy on our website.