Security
Last Updated: April 2026
Overview
Security is foundational to OrbitOS. As a workspace platform trusted by teams to manage critical projects and sensitive business data, we treat the protection of your information with the seriousness it deserves.
We believe security is not a feature but a baseline requirement. Our approach combines robust infrastructure, strict access controls, and continuous vigilance—without compromising usability.
Data Protection
Encryption in Transit
All data transmitted between your device and our servers is protected using TLS 1.2 or higher. We enforce HTTPS across all endpoints.
Encryption at Rest
Your data is stored in Firebase (Google Cloud Platform), which provides enterprise-grade encryption at rest using AES-256.
Data Minimization
We collect only necessary information. We do not sell your data or use it for advertising. Deleted accounts result in permanent removal of personal data within 30 days.
Authentication & Access Control
Secure Authentication
We use Firebase Authentication, implementing industry-standard password hashing (bcrypt), secure token management, and brute-force protection.
Role-Based Access Control (RBAC)
Strict permission boundaries ensure Owners have full control while Members operate within defined limits. Data isolation prevents cross-workspace access.
Session Security
Managed via secure, HTTP-only cookies with automatic expiration and immediate session revocation capabilities.
Infrastructure Security
Our application is hosted on Vercel and Google Cloud Platform, benefiting from world-class physical and network security controls, 24/7 monitoring, and redundant backup systems.
| Provider | Service | Security Standards |
|---|---|---|
| Firebase | Database & Auth | Google Cloud Infrastructure, AES-256 |
| Vercel | Hosting & CDN | SOC 2 Type 2, DDoS mitigation |
| Upstash | Rate Limiting | Encrypted Redis protocols |
Application Security
- Validation:Strict input sanitization to prevent XSS and injection attacks.
- Rate Limiting:Intelligent abuse prevention via Upstash Redis.
- Headers:Implementation of CSP, HSTS, and X-Frame-Options.
Responsible Disclosure
We take security vulnerabilities seriously and welcome reporting from security researchers.
Report a Vulnerability
If you discover a security issue, please contact us immediately. We commit to acknowledging receipt within 48 hours.
feedback@miraistack.co.za