Security

Security at Ordino AI

Last updated: April 7, 2025

01. Our Commitment to Security

At Ordino AI, security is foundational to everything we build. As an AI-powered autonomous testing platform that interacts with your codebase, test environments, and CI/CD pipelines, we understand the critical importance of safeguarding your data and infrastructure. We employ industry-standard security practices across every layer of our platform — from data encryption and access controls to secure AI model execution and continuous monitoring. This page outlines the measures we take to keep your information safe.

02. Infrastructure Security

Ordino AI is hosted on enterprise-grade cloud infrastructure with built-in redundancy and high availability. Our infrastructure security includes:

  • -All services run in isolated, containerized environments with strict network segmentation.
  • -Infrastructure is provisioned and managed using infrastructure-as-code with automated security scanning.
  • -All inter-service communication is encrypted using TLS 1.2 or higher.
  • -Production environments are logically separated from development and staging environments.
  • -Automated vulnerability scanning is performed on all infrastructure components on a regular basis.
  • -DDoS protection and web application firewalls are deployed at the network edge.

03. Data Encryption

We apply encryption at every stage of data handling:

  • -Data in transit is encrypted using TLS 1.2+ across all API endpoints, webhooks, and internal communications.
  • -Data at rest is encrypted using AES-256 encryption across all storage systems, databases, and backups.
  • -Encryption keys are managed through dedicated key management services with automatic key rotation.
  • -Secrets and credentials are stored in encrypted vaults and are never hardcoded or logged.

04. Access Controls

Ordino AI enforces strict access controls to ensure that only authorized individuals and systems can access sensitive resources:

  • -Role-based access control (RBAC) is enforced across the platform for all users and team members.
  • -Multi-factor authentication (MFA) is supported and encouraged for all accounts.
  • -Administrative access to production systems requires MFA and is restricted to authorized personnel only.
  • -All access events are logged and auditable, including API calls, user sessions, and administrative actions.
  • -Third-party integrations use scoped API tokens with the minimum permissions required.
  • -Regular access reviews are conducted to ensure compliance with the principle of least privilege.

05. AI and Model Security

As an AI-first platform, Ordino AI takes additional measures to secure AI model execution and data handling within our testing pipelines:

  • -Customer code and test data are processed in isolated execution environments and are never used to train or fine-tune our models.
  • -AI model interactions are stateless — context is scoped to the current session and discarded after execution.
  • -Prompt injection and adversarial input protections are built into our AI orchestration layer.
  • -All AI-generated outputs (test cases, reports, defect analysis) are subject to human-in-the-loop review gates before any action is taken.
  • -Token usage is monitored and rate-limited to prevent abuse and ensure efficient resource utilization.

06. Secure Development Practices

Our engineering team follows secure software development lifecycle (SSDLC) practices:

  • -All code changes undergo peer review and automated security analysis before merging.
  • -Static application security testing (SAST) and dependency vulnerability scanning are integrated into our CI/CD pipeline.
  • -Regular penetration testing is conducted by qualified third-party security firms.
  • -Security patches and updates are applied promptly following our vulnerability management policy.
  • -Developers receive ongoing security training and awareness education.

07. Data Retention and Disposal

Ordino AI retains your data only for as long as necessary to provide our services and fulfill our legal obligations:

  • -Test artifacts, logs, and execution data are retained according to your workspace configuration and can be deleted on demand.
  • -Upon account termination, all customer data is permanently deleted within 30 days.
  • -Backups containing customer data are encrypted and follow the same retention and disposal policies.
  • -Data disposal is performed using secure deletion methods that prevent recovery.

08. Incident Response

Ordino AI maintains a documented incident response plan to quickly identify, contain, and resolve security incidents:

  • -Our security team monitors systems 24/7 for anomalous activity and potential threats.
  • -In the event of a confirmed security incident, affected customers are notified within 72 hours in accordance with applicable regulations.
  • -Post-incident reviews are conducted to identify root causes and implement preventive measures.
  • -All incidents are documented and tracked to resolution.

09. Compliance

Ordino AI is committed to meeting the highest standards of data protection and regulatory compliance:

  • -We comply with the European Union's General Data Protection Regulation (GDPR).
  • -Data processing agreements (DPAs) are available for enterprise customers upon request.
  • -SOC 2 Type II certification is currently in progress. Our platform is designed to support customers' own compliance requirements, including ISO 27001 alignment.
  • -Regular internal audits are conducted to verify adherence to our security policies and procedures.

10. Reporting Security Vulnerabilities

We value the security research community and welcome responsible disclosure of potential vulnerabilities. If you discover a security issue in any Ordino AI product or service, please report it to us at privacy@ordino.ai. When reporting, please include a detailed description of the vulnerability, steps to reproduce it, and any potential impact. We will acknowledge receipt within 48 hours and work with you to understand and address the issue promptly. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and resolve it.

11. Contact Us

If you have any questions about Ordino AI's security practices, or if you would like to request additional information about our security posture, please contact us at privacy@ordino.ai. Ordino AI is ORDINOAI OÜ (Reg. 16960423), registered at Vesivärava tn 50, Tallinn, Kesklinna linnaosa, Estonia.