Skip to main content

Security & Data Practices

Odin AI is committed to providing a secure platform for your data and AI operations. This document outlines our security measures, encryption standards, and data handling practices.

Overview

Odin AI implements multiple layers of security to protect your data:
  • Encryption in Transit - All data transmitted over networks is encrypted
  • Encryption at Rest - Sensitive data stored in databases is encrypted
  • Access Controls - Role-based access control and authentication
  • Secure Credentials - Encrypted storage of API keys and credentials
  • Audit Logging - Comprehensive logging of security events

Encryption in Transit

TLS/SSL Encryption

Odin AI uses industry-standard Transport Layer Security (TLS) protocols to encrypt all data transmitted between clients and servers.

Supported Encryption Protocols

TLS 1.2
  • Industry-standard encryption protocol
  • Widely supported and secure
  • Provides strong encryption for data in transit
  • Supports modern cipher suites
TLS 1.3
  • Latest TLS protocol version
  • Enhanced security and performance
  • Improved handshake process
  • Forward secrecy by default
  • Reduced latency compared to TLS 1.2

Encryption Features

  • Automatic Protocol Negotiation - The platform automatically negotiates the highest supported TLS version
  • Strong Cipher Suites - Only secure cipher suites are enabled
  • Certificate Validation - SSL/TLS certificates are validated to prevent man-in-the-middle attacks
  • Perfect Forward Secrecy - TLS 1.3 provides forward secrecy by default

Configuration

For on-premise deployments, TLS/SSL can be configured using:
  • SSL Certificates - Provide valid SSL/TLS certificates
  • Certificate Paths - Configure certificate and key file paths
  • Protocol Selection - TLS 1.2 and 1.3 are supported
Environment Variables: 
HYPERCORN_CERTFILE=/path/to/certificate.crt
HYPERCORN_KEYFILE=/path/to/private.key

Encryption at Rest

Database Encryption

Sensitive data stored in databases is encrypted to protect against unauthorized access.

Credential Encryption

  • AES-256-CBC Encryption - Credentials and secrets are encrypted using AES-256-CBC
  • Encryption Key Management - Encryption keys are securely managed
  • Automatic Encryption/Decryption - Credentials are automatically encrypted when stored and decrypted when accessed

Toolkit Configuration Encryption

  • Secret Encryption - Toolkit secrets and API keys are encrypted before storage
  • Secure Key Storage - Encryption keys are stored securely
  • Transparent Encryption - Encryption/decryption happens automatically

Data Protection

Sensitive Data Handling

  • API Keys - All API keys are encrypted at rest
  • OAuth Tokens - OAuth tokens and refresh tokens are encrypted
  • Database Credentials - Database connection credentials are encrypted
  • User Credentials - Authentication credentials are securely hashed

Encryption Standards

  • Industry-Standard Algorithms - Uses proven encryption algorithms
  • Key Rotation - Support for encryption key rotation
  • Secure Storage - Encrypted data stored in secure database columns

Authentication & Access Control

Authentication Methods

  • Email/Password Authentication - Secure password-based authentication
  • OAuth 2.0 - Support for OAuth providers (Google, Microsoft, etc.)
  • SSO (Single Sign-On) - Enterprise SSO support
  • API Keys - Secure API key authentication

Access Control

  • Role-Based Access Control (RBAC) - Granular permissions based on user roles
  • Project-Level Access - Access control at the project level
  • Team Permissions - Team-based access management
  • Resource-Level Permissions - Fine-grained permissions for resources

Security Features

  • Two-Factor Authentication (2FA) - Optional 2FA support
  • Session Management - Secure session handling
  • Token Expiration - Automatic token expiration
  • Audit Logging - Comprehensive audit trails

Data Handling Practices

Data Storage

  • Secure Storage - Data stored in secure, encrypted databases
  • Backup & Recovery - Regular backups with encrypted storage
  • Data Retention - Configurable data retention policies
  • Data Deletion - Secure data deletion procedures

Data Processing

  • In-Memory Processing - Sensitive data processed in secure memory
  • Temporary Data - Temporary data securely cleared after processing
  • Data Isolation - Multi-tenant data isolation
  • Processing Logs - Secure logging of processing activities

Data Transmission

  • Encrypted Channels - All data transmitted over encrypted channels
  • API Security - Secure API endpoints with authentication
  • WebSocket Security - Secure WebSocket connections
  • File Transfer - Encrypted file transfer protocols

Compliance & Standards

Security Standards

Odin AI follows industry best practices and standards:
  • TLS 1.2/1.3 - Modern encryption protocols
  • AES-256 - Strong encryption algorithms
  • OWASP Guidelines - Following OWASP security best practices
  • Secure Coding - Secure software development practices

Data Privacy

  • Data Minimization - Only necessary data is collected and stored
  • Purpose Limitation - Data used only for stated purposes
  • Access Controls - Strict access controls on data
  • Data Portability - Support for data export and portability

Security Monitoring

Audit Logging

  • Access Logs - Logging of all access attempts
  • Action Logs - Logging of user actions and changes
  • Security Events - Monitoring of security-related events
  • Compliance Reporting - Audit reports for compliance

Monitoring & Alerts

  • Security Monitoring - Continuous security monitoring
  • Anomaly Detection - Detection of unusual activities
  • Alert System - Real-time security alerts
  • Incident Response - Procedures for security incidents

Best Practices

For Users

  1. Use Strong Passwords - Create strong, unique passwords
  2. Enable 2FA - Enable two-factor authentication when available
  3. Regular Updates - Keep your client applications updated
  4. Secure API Keys - Store API keys securely and rotate them regularly
  5. Access Review - Regularly review and audit access permissions

For Administrators

  1. Certificate Management - Use valid SSL/TLS certificates
  2. Key Rotation - Regularly rotate encryption keys
  3. Access Control - Implement least-privilege access controls
  4. Monitoring - Monitor security logs and events
  5. Updates - Keep the platform updated with security patches

On-Premise Security

Deployment Security

For on-premise deployments, additional security considerations:
  • Network Security - Secure network configuration
  • Firewall Rules - Proper firewall configuration
  • SSL/TLS Configuration - TLS 1.2/1.3 configuration
  • Certificate Management - SSL certificate installation and renewal
  • Access Controls - Server-level access controls

Configuration

  • Environment Variables - Secure configuration via environment variables
  • Secret Management - Secure secret management
  • Database Security - Secure database configuration
  • Backup Security - Encrypted backups

Support & Reporting

Security Issues

If you discover a security vulnerability, please report it to:
  • Email: support@getodin.ai
  • Responsible Disclosure - We follow responsible disclosure practices

Security Updates

  • Security Patches - Regular security updates and patches
  • Release Notes - Security-related changes documented in release notes
  • Advisories - Security advisories for critical issues
  • On-Premise Installation - Security configuration for on-premise deployments
  • API Keys - Managing API keys securely
  • User Management - User access and permissions

On-Premise Installation

Learn about security configuration for on-premise deployments

API Keys

Learn about managing API keys securely

Contact

For security-related questions or concerns, contact us at support@getodin.ai.