Account & Settings

Understanding Userorbit security

How Userorbit protects your data

Security is foundational to how Userorbit is built and operated. This article explains the measures in place to protect your workspace data, customer information, and team accounts.

Data encryption

Userorbit encrypts data at every stage of its lifecycle:

  • In transit — all data transmitted between your browser and Userorbit servers is encrypted using TLS 1.2 or higher. This applies to the dashboard, widget, portal, and API. HTTP connections are automatically redirected to HTTPS.
  • At rest — all data stored in Userorbit databases is encrypted using AES-256 encryption. This includes feedback content, user information, attachments, and workspace configuration.
  • Backups — database backups are also encrypted at rest and stored in geographically redundant locations.

Infrastructure security

Userorbit infrastructure runs on industry-leading cloud providers with robust security certifications:

  • Servers are hosted in SOC 2 Type II certified data centers.
  • Network access is restricted through firewalls, virtual private clouds, and strict security groups.
  • Infrastructure is monitored continuously for unauthorized access attempts and anomalies.
  • Regular security patches and updates are applied to all servers and dependencies.

Authentication security

Userorbit protects account access through multiple mechanisms:

  • Password hashing — passwords are hashed using bcrypt with a strong work factor. Plaintext passwords are never stored.
  • Session management — sessions expire after a configurable period of inactivity. Changing your password invalidates all other active sessions.
  • SSO support — for teams that require it, Userorbit supports Single Sign-On through SAML 2.0 and OAuth providers, allowing you to enforce your organization authentication policies.

API key security

API keys provide programmatic access to your workspace. Userorbit handles them securely:

  • Keys are displayed only once at creation time. After that, only a masked version is shown.
  • Keys can be scoped to specific permissions, limiting what they can access.
  • Keys can be rotated or revoked at any time through the dashboard.
  • All API requests are logged with the key used, providing an audit trail.

Data isolation

Each workspace is logically isolated at the database level. One workspace cannot access another workspace data, even if they share the same infrastructure. This isolation is enforced at the application layer and verified through automated security tests.

Compliance

Userorbit is designed with compliance in mind:

  • SOC 2 — Userorbit follows SOC 2 controls for security, availability, and confidentiality.
  • GDPR — Userorbit provides tools for data export and deletion to support GDPR compliance. You can export all customer data and delete individual customer records on request.
  • Data residency — contact us if you have specific data residency requirements for your region.

Incident response

Userorbit maintains an incident response plan that includes:

  • 24/7 monitoring for security events.
  • Defined escalation procedures for different severity levels.
  • Notification of affected customers within 72 hours of a confirmed breach, as required by GDPR.
  • Post-incident reviews to prevent recurrence.

What you can do

While Userorbit handles platform security, there are steps you can take to strengthen your workspace security:

  • Use strong, unique passwords for your Userorbit account.
  • Enable SSO if your organization supports it.
  • Regularly review team member access and remove inactive users.
  • Rotate API keys periodically and revoke any that are no longer needed.
  • Monitor the audit log for unexpected activity.

Was this page helpful?