Compliance
oklido maintains compliance with major security and data protection standards.
Certifications
| Certification | Status | Last Audit |
|---|---|---|
| Cyber Essentials Plus | Certified | 2025 |
| GDPR | Compliant | Ongoing |
| UK DPA 2018 | Compliant | Ongoing |
| SOC 2 Type II | In progress | Expected 2026 |
Compliance Documentation
Cyber Essentials Plus
UK government-backed cybersecurity certification
GDPR Compliance
EU data protection regulation compliance
Data Handling
How we collect, process, and store your data
Incident Response
Our response procedures for security incidents
Access Control
How we control access to systems and data
Data Retention
How long we keep data and when it's deleted
Backup & Recovery
Our disaster recovery and business continuity
Subprocessors
Third-party services that process data
Vulnerability Disclosure
How to report security vulnerabilities
Data Protection
Legal Basis for Processing
We process data under the following legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Providing the service | Contract performance |
| Account management | Contract performance |
| Security monitoring | Legitimate interest |
| Product improvement | Legitimate interest |
| Marketing (opt-in only) | Consent |
| Legal compliance | Legal obligation |
Your Rights
Under GDPR and UK DPA 2018, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Port your data to another service
- Object to certain processing
- Restrict processing in certain circumstances
Security Controls
oklido implements the following security controls:
| Control | Implementation |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.3 |
| Access control | RBAC with least privilege |
| Authentication | OAuth 2.0 / MFA |
| Logging | Comprehensive audit trails |
| Monitoring | 24/7 automated monitoring |
| Vulnerability management | Regular scanning and patching |
| Incident response | Documented procedures |
Requesting Compliance Documents
For detailed compliance documentation, contact us:
- Email: compliance@oklido.com
- Available documents:
- Data Processing Agreement (DPA)
- Security questionnaire responses
- Penetration test executive summary
- SOC 2 report (when available)
Audit Rights
Enterprise customers may request:
- Right to audit (with reasonable notice)
- Third-party audit reports
- Security questionnaire completion
- Custom DPA terms
Contact sales@oklido.com for enterprise compliance requirements.