Operational Integrity

Security

Last Updated: April 2026

Overview

Security is foundational to OrbitOS. As a workspace platform trusted by teams to manage critical projects and sensitive business data, we treat the protection of your information with the seriousness it deserves.

We believe security is not a feature but a baseline requirement. Our approach combines robust infrastructure, strict access controls, and continuous vigilance—without compromising usability.

Data Protection

Encryption in Transit

All data transmitted between your device and our servers is protected using TLS 1.2 or higher. We enforce HTTPS across all endpoints.

Encryption at Rest

Your data is stored in Firebase (Google Cloud Platform), which provides enterprise-grade encryption at rest using AES-256.

Data Minimization

We collect only necessary information. We do not sell your data or use it for advertising. Deleted accounts result in permanent removal of personal data within 30 days.

Authentication & Access Control

Secure Authentication

We use Firebase Authentication, implementing industry-standard password hashing (bcrypt), secure token management, and brute-force protection.

Role-Based Access Control (RBAC)

Strict permission boundaries ensure Owners have full control while Members operate within defined limits. Data isolation prevents cross-workspace access.

Session Security

Managed via secure, HTTP-only cookies with automatic expiration and immediate session revocation capabilities.

Infrastructure Security

Our application is hosted on Vercel and Google Cloud Platform, benefiting from world-class physical and network security controls, 24/7 monitoring, and redundant backup systems.

ProviderServiceSecurity Standards
FirebaseDatabase & AuthGoogle Cloud Infrastructure, AES-256
VercelHosting & CDNSOC 2 Type 2, DDoS mitigation
UpstashRate LimitingEncrypted Redis protocols

Application Security

  • Validation:Strict input sanitization to prevent XSS and injection attacks.
  • Rate Limiting:Intelligent abuse prevention via Upstash Redis.
  • Headers:Implementation of CSP, HSTS, and X-Frame-Options.

Responsible Disclosure

We take security vulnerabilities seriously and welcome reporting from security researchers.

Report a Vulnerability

If you discover a security issue, please contact us immediately. We commit to acknowledging receipt within 48 hours.

feedback@miraistack.co.za