Security Practices

Last updated: January 2025

Our Commitment to Security

At OneEKO Technologies, security is built into everything we create. We follow industry best practices to protect your data and build software that you can trust.

Development Practices

  • Secure Coding Standards: We follow OWASP guidelines and conduct regular code reviews to prevent common vulnerabilities.
  • Dependency Management: All third-party packages are vetted and regularly updated to patch known security issues.
  • Version Control: All code is maintained in secure, access-controlled repositories with full audit trails.
  • Testing: Security testing is integrated into our development process, including vulnerability scanning.

Data Protection

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using industry-standard algorithms.
  • Access Control: We implement least-privilege access principles. Only authorized personnel can access project data.
  • Data Minimization: We only collect and store data necessary for project delivery.
  • Client Ownership: You own your data and code. We provide complete handover upon project completion.

Infrastructure Security

  • Secure Hosting: We deploy to trusted cloud providers (Vercel, AWS, GCP) with enterprise-grade security.
  • SSL/TLS: All websites and applications we build use HTTPS by default.
  • Regular Updates: Server software and dependencies are kept up-to-date with security patches.
  • Monitoring: Production systems include logging and monitoring for suspicious activity.

Client Communication

  • NDA Available: We offer non-disclosure agreements for all projects upon request.
  • Secure File Sharing: Project files are shared through encrypted channels.
  • Credential Management: We use secure methods for handling API keys, passwords, and other credentials.

Compliance

We can build software that meets specific compliance requirements including:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • PCI DSS (for payment processing)
  • HIPAA (for healthcare applications) - upon request
  • SOC 2 readiness

Additional compliance requirements can be discussed during project scoping.

Reporting Security Issues

If you discover a security vulnerability in any software we've built, please report it immediately to security@oneeko.ai. We take all reports seriously and will respond within 48 hours.

Questions?

For security-related questions about our practices or a specific project, contact us at hello@oneeko.ai.