Security & Compliance
Ongig is committed to:
Keeping your data secure, private, and always available.
Delivering a trustworthy platform backed by independent audits, strong encryption, and ongoing monitoring.
SOC 2 Type II Certification
Ongig undergoes regular independent assessments and has achieved SOC 2 Type II compliance for Security, Availability, and Confidentiality. This validates the effectiveness of our internal controls and safeguards over a continuous review period.
Infrastructure Security
We host our software in a secure Amazon Web Servicess (AWS) cloud environment. Our system architecture uses virtual private networks, firewall protections, and advanced monitoring tools such as AWS GuardDuty to detect and respond to threats.
Application & Access Control
All customer data is encrypted both in transit (TLS) and at rest (AES-256). Our development team adheres to secure coding best practices, and we perform regular vulnerability scans and penetration tests. Role-based access control (RBAC), multi-factor authentication (MFA), and strict least-privilege access policies are enforced company-wide.
Incident Response & Business Continuity
We have an incident management program designed for rapid detection, escalation, and resolution of security issues. Our disaster recovery and business continuity plans are tested regularly to ensure consistent service availability.
Data Confidentiality
All customer data is classified as confidential and handled accordingly. We use encryption, secure transmission methods, and formal data classification policies. Data is retained per your agreement and securely deleted upon request.
Compliance & Governance
Ongig continuously monitors its internal controls using automated tools. Policies around access control, encryption, risk management, and secure development are reviewed and updated annually. All employees complete required training and background checks.
Need More Info?
To request our latest SOC 2 report or ask a security question, please email us at .