Security Practices at Optimoz

Last Updated: 01/15/2026

Security is at the heart of what we do. We are committed to protecting our customers’ data and maintaining the highest standards of security and compliance.

Governance

Our Security and Privacy teams establish policies and controls based on these foundational principles:

• Access is limited to those with legitimate business need, granted on the principle of least privilege
• Security controls are implemented using defense-in-depth approach
• Controls are applied consistently across all areas of our enterprise
• Continuous improvement of control effectiveness and auditability

Security & Compliance

Optimoz maintains SOC 2 Type II compliance. Our SOC 2 report is available upon request through our Trust Center.

Data Protection

Data at Rest: All datastores containing customer data are encrypted at rest, with sensitive data protected using field-level encryption.

Data in Transit: We use TLS 1.2 or higher for all data transmitted over networks, with HSTS enabled for maximum security.

Secret Management: Encryption keys are managed via AWS Key Management System (KMS) with Hardware Security Modules (HSMs).

Product Security

• Annual penetration testing by industry-leading firms
• Vulnerability scanning throughout our Secure Development Lifecycle (SDLC)
• Static analysis (SAST), Software composition analysis (SCA), and Dynamic analysis (DAST)

Enterprise Security

• All corporate devices centrally managed with MDM and anti-malware protection
• 24/7/365 endpoint security monitoring
• Risk-based vendor security assessments
• Phishing-resistant authentication using WebAuthn
• Comprehensive security training for all employees

Data Privacy

We are committed to being trustworthy stewards of all sensitive data. Our Privacy Policy and Data Processing Agreement are available upon request.

For more information about our security practices, please contact security[at]optimoz.com.