Okaya logo

Security and Privacy at Okaya

Protecting Your Data at Every Layer

At Okaya, safeguarding the data of every user is our highest priority. We've implemented a comprehensive, multi-layered security strategy designed to protect your information from unauthorized access and malicious actors. Our approach leverages cutting-edge technologies, compliance with regulations, and a strong emphasis on empowering you with control over your data.

Our security measures are validated through participation in the NSA Cybersecurity program and other security initiatives led by AWS.

Our Multi-Layered Security Approach

Secure Infrastructure

Leveraging AWS for world-class security standards and advanced tools.

Zero Trust Security

Implementing 'never trust, always verify' principles for all access requests.

Regulatory Compliance

Adhering to HIPAA, GDPR, FISMA, and other relevant standards.

Advanced Security

Employing encryption, access controls, and continuous monitoring.

User Empowerment

Providing full control and transparency over personal data.

Continuous Improvement

Upholding ethical standards and constantly enhancing security measures.

Employee Training

Ongoing education in security best practices for all staff.

Vendor Management

Careful oversight of third-party vendors to ensure compliance.

Infrastructure Security with AWS

  • World-Class Security Standards: Compliance with ISO 27001, SOC 2, and PCI DSS
  • Advanced Security Tools: Utilizing AWS KMS, CloudTrail, and GuardDuty
  • Scalability and Reliability: High availability and performance for diverse user groups
  • GovCloud Support: Deployment options for government customers
  • Regional Hosting: Primary servers in AWS US-West-2 region (Oregon)
  • Data Loss Prevention: AWS-native tools for encryption and secure backups
  • Data Minimization: Collecting only necessary data to reduce exposure

Zero Trust Security Model

  • Never Trust, Always Verify: Every access request is authenticated and authorized
  • Micro-Segmentation: Systems divided into secure zones
  • Continuous Authentication: Ongoing identity verification with MFA support

Compliance with Regulations and Standards

  • HIPAA Compliance: Safeguarding Protected Health Information
  • GDPR Compliance: Respecting data privacy rights within the EU
  • FISMA Moderate Compliance: Working towards full compliance
  • CMMC Alignment: Robust protections for controlled unclassified information
  • IRB Approval: Ethical research practices approved by Institutional Review Boards
  • Data Sovereignty: Ensuring data remains within specified jurisdictions

Advanced Security Measures

  • Encryption: TLS for data in transit, AWS encryption for data at rest
  • Access Controls: Role-Based Access Control (RBAC) and internal access restrictions
  • Monitoring and Auditing: Real-time system monitoring with AWS CloudTrail
  • Incident Response Plan: Swift addressing of security incidents
  • Audit Trails: Logging of all platform actions for accountability

Your Control Over Your Data

  • Opt-In Model: Active consent required for data sharing
  • Data Transparency: Clear view of data access and usage
  • Consent Management: Easy-to-use tools for managing permissions
  • Access and Portability: Anytime access to your data and portable copies available

Continuous Improvement and Ethical Standards

  • Ethical Research: IRB-approved protocols for data acquisition and usage
  • PHI Data Protection: Special security measures for health information
  • Transparent Practices: Clear communication of data policies

Employee Training and Vendor Management

  • Staff Training: Ongoing security best practices education
  • Vendor Oversight: Careful monitoring of third-party vendors

Protecting Against Threats

  • Threat Detection: Real-time identification and blocking of suspicious activity
  • Regular Updates: Routine system updates to address vulnerabilities
  • Secure Development: Security integrated throughout the software development lifecycle