Back to Home

Security

Your data security is our top priority

Our Security Commitment

At OpenStars, we understand that founders trust us with sensitive information about their companies, fundraising activities, and business relationships. We take this responsibility seriously and have implemented comprehensive security measures to protect your data.

Infrastructure Security

🔒

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your sensitive information is never stored in plain text.

☁️

Cloud Infrastructure

We host our services on AWS with SOC 2 Type II certified data centers. Our infrastructure is designed for high availability and resilience.

🛡️

Network Security

We employ Web Application Firewalls (WAF), DDoS protection, and intrusion detection systems to protect against external threats.

🔐

Access Controls

Role-based access control (RBAC), multi-factor authentication for all employees, and principle of least privilege access.

Application Security

  • Secure Development: We follow OWASP guidelines and conduct regular code reviews
  • Penetration Testing: Annual third-party penetration tests by certified security firms
  • Vulnerability Scanning: Continuous automated scanning of our codebase and dependencies
  • Bug Bounty Program: We reward security researchers who responsibly disclose vulnerabilities
  • Dependency Management: Automated monitoring and updates for all third-party dependencies

Data Protection

  • Data Isolation: Customer data is logically isolated and access is strictly controlled
  • Backup & Recovery: Daily encrypted backups with 30-day retention and tested recovery procedures
  • Data Retention: Clear policies on how long we retain data and secure deletion procedures
  • Privacy by Design: Security and privacy considerations are built into our product development

Compliance & Certifications

SOC 2 Type II

Annual audit for security, availability, and confidentiality

GDPR

Compliant with European data protection regulations

CCPA

Compliant with California Consumer Privacy Act

PCI DSS

Payment processing through PCI-compliant Stripe

Employee Security

  • Background Checks: All employees undergo background screening before hire
  • Security Training: Mandatory security awareness training for all team members
  • Confidentiality: All employees sign confidentiality and data handling agreements
  • Access Review: Regular audits of employee access privileges
  • Device Security: Company devices are encrypted and managed with MDM solutions

Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 security monitoring and alerting
  • Defined escalation procedures and response team
  • Customer notification within 72 hours of confirmed data breach
  • Post-incident analysis and remediation
  • Regular tabletop exercises and plan testing

Your Account Security

We recommend the following best practices to keep your account secure:

  • Use a strong, unique password for your OpenStars account
  • Enable two-factor authentication (2FA) in your account settings
  • Never share your login credentials
  • Log out from shared or public computers
  • Review your account activity regularly
  • Report suspicious activity to founders@openstars.ai

Responsible Disclosure

If you discover a security vulnerability, please report it to us responsibly:

  • Email: founders@openstars.ai
  • Include detailed steps to reproduce the vulnerability
  • Allow us reasonable time to respond and fix the issue
  • Do not access or modify other users' data
  • Do not publicly disclose until we've addressed the issue

We appreciate security researchers and may offer rewards for valid, responsibly disclosed vulnerabilities.

Contact Our Security Team

For security questions, concerns, or to report an issue:

Security Team

Email: founders@openstars.ai

PGP Key: Available upon request