Security at oklido
Security is fundamental to oklido. We understand you're trusting us with sensitive financial documents, and we take that responsibility seriously.
Our Security Commitment
oklido is built with security-first principles:
- Defence in depth - Multiple layers of security controls
- Zero trust architecture - Verify everything, trust nothing
- Data minimisation - We only collect what we need
- Transparency - Clear documentation of our practices
Certifications & Compliance
| Standard | Status | Description |
|---|---|---|
| Cyber Essentials Plus | Certified | UK government-backed security certification |
| GDPR | Compliant | EU data protection regulation |
| UK DPA 2018 | Compliant | UK Data Protection Act |
| SOC 2 Type II | In progress | Service organisation controls |
View compliance documentation →
Security Features
Encryption
AES-256 encryption at rest, TLS 1.3 in transit
Authentication
OAuth 2.0, MFA support, secure session management
Infrastructure
AWS London region, private VPC, WAF protection
Data Protection Summary
| Aspect | Protection |
|---|---|
| Documents at rest | AES-256 encryption |
| Data in transit | TLS 1.3 |
| Access control | Role-based (RBAC) |
| Authentication | OAuth 2.0 via Auth0 |
| Data residency | UK (AWS London eu-west-2) |
| Backups | Encrypted, geographically redundant |
Security Practices
Regular Testing
- Automated vulnerability scanning
- Penetration testing (annual)
- Dependency security audits
- Code security reviews
Incident Response
We have documented procedures for:
- Security incident detection
- Rapid response and containment
- Customer notification
- Post-incident review
Learn more about incident response →
Employee Security
- Background checks for all staff
- Security awareness training
- Principle of least privilege
- Secure development training
Reporting Security Issues
If you discover a security vulnerability:
- Email: security@oklido.com
- Do not publicly disclose until resolved
- We aim to respond within 24 hours
- We do not pursue legal action against good-faith researchers
View our vulnerability disclosure policy →
Questions?
Contact our security team: security@oklido.com