Peter Lubell-Doughtie -

How we secure your data

Our clients use Ona to collect, analyze, and disseminate mission critical data. We have worked on both the data collection side as well as the platform side and understand the importance of knowing your data is stored safely and securely. Here we’ll talk about the specific technologies we use to secure our users’ data.

Security

Specifically relating to data security, the highlights of the standards we incorporate are:

  • Encrypted server-client connections using TLS/HTTPS
  • A+ certified server-client TLS configuration
  • Encrypted at-rest database and encrypted database backups using AES-256
  • ISO 27001 security management certification via AWS data centers

Backups

To make sure that your data stays secure during events that we cannot anticipate, such as a hardware failure with our hosting provider, we create nightly replicas of our entire database. This way, should the worst happen, we will be able to recover quickly and get back up and running with minimal data loss.

Privacy

The privacy protections afforded your data are described in our Privacy Policy. One of the most important parts:

We take the privacy, confidentiality, and security of any data you submit or upload to Ona very seriously, because it is your data. You retain ownership of the data. We will never share or access your data, unless granted permission by you, in order to provide you with technical assistance.

Please read Ona’s full Privacy Policy along with our Terms of Service for more details.

Steps you can take

Security is only effective when users follow best practices; e.g. do not share passwords, do not write down passwords, and do not use public computers (but if unavoidable always log out of the site when finished using Ona on public computers). If your project requires a higher level of privacy, Ona also allows you to encrypt your forms with decryption only possible using ODK Briefcase and encryption keys.