Trust

Security at OsmiumStack

Security is a feature, not an afterthought. Here's how we protect your data and your clients'.

Last updated June 30, 2026

Compliance

OsmiumStack maintains a SOC 2 Type II report covering security, availability, and confidentiality. Customers on eligible plans can request the report under NDA from [email protected].

Encryption

  • All data is encrypted in transit with TLS 1.2+.
  • All data is encrypted at rest with AES-256.
  • Signed preview URLs are short-lived and cryptographically signed.

Authentication & access

  • Authentication is handled by Stytch with secure, http-only session cookies.
  • Role-based access control scopes what each member can see and do.
  • SSO and audit logs are available on Agency and Enterprise plans.
  • Internal access follows least-privilege and is logged and reviewed.

Infrastructure & isolation

Iridium runs each client environment in its own Kubernetes namespace with network policies that isolate workloads from one another. You can bring your own cluster so sensitive workloads stay in your cloud account, under your control.

Resilience

  • Continuous backups with point-in-time recovery.
  • Multi-region control plane with automated failover.
  • Live status and incident history at our status page.

Responsible disclosure

Found a vulnerability? We want to hear from you. Email [email protected] with details and steps to reproduce. We acknowledge reports within two business days and will not pursue good-faith researchers who follow this policy.