Security

Security is foundational to how we build One Visibility Labs, CaseFlow, and OneRule. This page summarises the controls we maintain to protect the data our customers entrust to us.

1. Infrastructure

Our Services run on enterprise-grade cloud infrastructure in EU and UK regions. All compute and storage runs inside private networks, with traffic terminated at hardened load balancers.

2. Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Secrets and credentials are stored in a managed key vault with strict access controls and rotation.

3. Access Control

Access to production systems is restricted to a small number of trained engineers, requires single sign-on with multi-factor authentication, and is granted on a least-privilege, time-limited basis. All access is logged.

4. Application Security

We follow secure software development practices, including peer code review, automated dependency scanning, static analysis, and regular penetration tests by independent third parties.

5. Tenancy and Isolation

Customer data is logically isolated per firm. Role-based access controls in the product ensure that only authorised users in your firm can see specific data.

6. Monitoring

We continuously monitor infrastructure and applications for anomalies. Security events are triaged by on-call engineers and escalated through a documented incident response process.

7. Backups and Resilience

Production databases are backed up at least daily, with point-in-time recovery and tested restore procedures. Critical services are deployed across multiple availability zones.

8. Sub-processors

We use a vetted list of sub-processors for hosting, analytics, and communications. Each is bound by data processing terms that match the protections we offer our customers.

9. Compliance

Our practices are aligned to ISO 27001 and SOC 2 control objectives, and our processing of personal data is governed by the UK GDPR and EU GDPR.

10. Reporting a Vulnerability

If you believe you have found a security issue, please contact hello@onevisibilitylabs.com. We acknowledge reports within two business days and will work with you to resolve confirmed issues quickly.