Opol logo

Security & Privacy

Our Commitment to Security

At Opol, we recognize the importance of your data. We implement industry-leading security and privacy measures to ensure your information remains protected at every layer.

Infrastructure Security

  • Global Edge Protection & Bot Management: We leverage a distributed edge network with multi-layered firewalling to defend against DDoS attacks, OWASP Top 10 threats, and automated bots—enforced in real time across all regions.
  • Configurable Rules & Challenge Modes: Framework-aware routing rules, rate limits, and challenge flows ensure only legitimate traffic reaches our services.
  • High Availability & Redundancy: Anycast routing, regional failover, and a global CDN cache deliver low-latency performance and resilience in the face of outages.

Platform Security

  • End-to-End Encryption: Data is encrypted in transit (TLS) and at rest (AES-256); sensitive keys and tokens are additionally encrypted at the application layer and managed through a dedicated key service.
  • Backup & Disaster Recovery: Automatic daily backups, point-in-time recovery, and global replication guard against data loss and regional disruptions.
Opol Architecture Security Diagram

Authentication & OAuth

  • Flexible Authentication Options: Support for email/password, magic links, and OAuth 2.0 social logins (e.g., Google, Notion) with secure hashing and token flows.
  • JWT Session Management: Short-lived access tokens (5–60 min) and one-time-use refresh tokens enforce session boundaries; idle and concurrent session controls available.
  • Encrypted Token Handling: Store tokens encrypted at rest; treat them as opaque values and leverage official SDKs for secure processing.
  • Scope Minimization: Request only the least-privilege scopes needed and periodically review consents.

User Data Control & Rights

  • Data Portability & Deletion: Export or permanently delete your data at any time through your account settings.
  • Revoke Integrations: Disconnect any OAuth connections directly from our UI or within the third-party provider’s settings.
  • Transparency & Ownership: We collect only what’s necessary, never sell personal data, and maintain clear Terms of Use and Privacy Policy.

Contact Us

For questions or concerns about security and privacy at Opol, reach out to our security team at team@opol.ai. We’re committed to transparency and continuous improvement.