Legal / Security

Security at Oystercatcher.

We take the security of your data seriously. Here's how we protect it.

01

Encryption

Data is encrypted at rest (AES-256) and in transit (TLS). Keys are managed with AWS KMS.

02

Access Controls

Role-based access control, SSO via Google and Microsoft, and enforced MFA for Oystercatcher administrative access.

03

Infrastructure

Hosted on AWS with VPC isolation, private subnets for data stores, and multi-AZ redundancy.

04

Monitoring

Continuous automated infrastructure and application monitoring with real-time alerting.

05

Tenant Isolation

Organization-scoped access controls and query scoping prevent cross-tenant data access.

06

No PHI

Oystercatcher does not collect, store, or process protected health information (PHI).