OC

Security and Reliability

Last Updated: May 5, 2026

1. Our Commitment to Security

OrbisCommerce is committed to maintaining the highest standards of security and reliability for our platform and your data. We continuously monitor, update, and improve our security practices to protect your business operations.

2. Data Encryption

All data transmitted between your browser and our platform is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption. Payment information is encrypted and processed through PCI-DSS compliant payment processors and is never stored on our servers.

3. Access Control

  • Role-based access control (RBAC) for all platform features
  • Multi-factor authentication (MFA) available for all accounts
  • Session timeouts and automatic logouts for inactive sessions
  • IP allowlisting available for enterprise accounts
  • All employee access is logged and audited

4. Infrastructure Security

Our platform is hosted on enterprise-grade cloud infrastructure with:

  • 99.9% uptime SLA
  • Redundant data centers across multiple regions
  • Automated failover and disaster recovery
  • DDoS protection and traffic filtering
  • Regular vulnerability scanning and penetration testing
  • 24/7 infrastructure monitoring

5. Application Security

  • Regular third-party security audits
  • Secure development lifecycle (SDL) practices
  • Dependency scanning and patch management
  • Web Application Firewall (WAF) protection
  • Rate limiting and bot protection on all endpoints
  • Input validation and output encoding throughout the platform

6. Shipment Data Security

Shipment data including recipient addresses, package contents, and customs declarations are:

  • Encrypted in transit and at rest
  • Accessible only to authorized personnel
  • Shared only with carriers and customs authorities as required
  • Retained in accordance with our data retention policy

7. Compliance

OrbisCommerce maintains compliance with the following standards and regulations:

  • SOC 2 Type II — security, availability, and confidentiality controls
  • GDPR — European data protection regulation
  • KVKK — Turkish personal data protection law
  • PCI-DSS — payment card industry data security standard
  • US Export Control — compliance with EAR and OFAC regulations

8. Reliability & Uptime

  • 99.9% uptime SLA for all production services
  • Real-time status monitoring at status.orbiscommerce.com
  • Scheduled maintenance windows communicated 48 hours in advance
  • Automated backups every 6 hours with 30-day retention
  • Point-in-time recovery available for all databases

9. Incident Response

In the event of a security incident:

  • Our security team is notified immediately
  • Affected users are notified within 72 hours of discovery
  • A full incident report is provided upon resolution
  • Regulatory authorities are notified as required by law

We maintain a documented incident response plan that is tested and reviewed quarterly.

10. Carrier & Partner Security

All carrier and logistics partners integrated with OrbisCommerce are required to:

  • Maintain industry-standard security practices
  • Comply with applicable data protection regulations
  • Sign data processing agreements before integration
  • Undergo periodic security reviews

11. Responsible Disclosure

If you discover a security vulnerability in our platform, please report it responsibly to security@orbiscommerce.com. We commit to:

  • Acknowledging your report within 48 hours
  • Investigating and resolving valid vulnerabilities promptly
  • Keeping you informed of our progress
  • Not pursuing legal action against good-faith researchers

12. Contact

For security-related questions or to report a vulnerability, contact us at:

OrbisCommerce Security Team
security@orbiscommerce.com