Orbitus

Security

Security at Orbitus

How we protect your data: 2FA, audit logs, GDPR export, encryption and more.

Security is foundational at Orbitus, not an afterthought.

Every account supports two-factor authentication (TOTP + backup codes), OAuth (Google, GitHub, Apple) and magic-link sign-in.

Workspace owners get audit logs, login history, GDPR data export and progressive rate limiting out of the box.

Reach us at security@orbitus.dev for vulnerability disclosures.

Built-in security features

Built-in security features

Two-factor authentication

TOTP with backup codes, OAuth (Google, GitHub, Apple) and magic-link sign-in for every account.

Audit logs

Tamper-evident audit trail for every workspace, scoped per module.

GDPR data export

Workspace owners can export every record about every user at any time.

Progressive rate limiting

Four-tier rate limiting on sign-in, sign-up, password reset and API endpoints.

Login history

Visible login history per user with IP, user agent and country signals.

Encryption in transit and at rest

TLS 1.2+ in transit; AES-256 at rest at the database and backup level.

Compliance roadmap

Compliance roadmap

  • SOC 2 Type IIin progress

    Targeting initial audit in late 2026.

  • ISO 27001planned

    Roadmap follows SOC 2 — early 2027.

  • GDPRcompliant

    DPA available; sub-processors disclosed; user data export built in.

Disclose a vulnerability

Email security@orbitus.dev or follow our security.txt. We respond within one business day.

Email security team