Security
Last updated: February 22, 2026
At OTLDR, security is fundamental to everything we build. Your conversations contain sensitive business information, and we treat that responsibility seriously.
Secure Architecture
OTLDR processes AI summarization securely on the backend. Conversation data is encrypted at rest and in transit using TLS 1.3. Your data is never used for AI training.
Authentication & Access Control
We use Keycloak for enterprise-grade authentication with OpenID Connect. Multi-factor authentication is supported. Workspace-level role-based access control (owner, admin, member) ensures data is only accessible to authorized users.
Data Protection
Conversation transcripts and summaries are stored within your workspace's isolated environment. We do not use your content to train AI models. Data deletion is available on-demand — when you delete a conversation or close your account, associated data is permanently removed.
Infrastructure Security
Our infrastructure runs on isolated containers with regular security updates. All external traffic is routed through a reverse proxy with security headers (HSTS, X-Content-Type-Options, X-Frame-Options). Database access is restricted to application services only.
Security Practices
We follow secure development practices including code review, dependency scanning, and regular security assessments. Secrets are managed through environment variables and never committed to source code. We maintain audit logs for administrative actions.
Vulnerability Reporting
If you discover a security vulnerability, please report it to security@otldr.com. We take all reports seriously and will respond within 48 hours. We do not pursue legal action against researchers who report vulnerabilities responsibly.