Trust & Security
Security at OriginalPoint
Security is foundational to everything we build. OriginalPoint is designed from the ground up with a security-first architecture, ensuring your data and AI workflows are protected at every layer of the stack.
SOC 2 Type II
OriginalPoint undergoes annual SOC 2 Type II audits conducted by independent third-party auditors. Our controls are continuously monitored to ensure the security, availability, and confidentiality of customer data. Audit reports are available to enterprise customers under NDA.
SAML 2.0 / SSO
Enterprise customers can integrate OriginalPoint with their existing identity provider using SAML 2.0 single sign-on. We support all major identity providers including Okta, Azure AD, Google Workspace, and OneLogin. SSO enforcement, JIT provisioning, and SCIM directory sync are available on Enterprise plans.
End-to-End Encryption
All data in transit is protected with TLS 1.3 encryption. Data at rest, including account information and usage metadata, is encrypted using AES-256. API keys are hashed with one-way cryptographic functions and cannot be retrieved after initial creation.
GDPR Compliant
OriginalPoint is fully compliant with the General Data Protection Regulation (GDPR). We offer a Data Processing Agreement (DPA) for all customers. Users in the European Economic Area have full data subject rights including access, rectification, erasure, and portability.
Zero Data Retention
We do not store, log, or persist any prompt or response content. Your data passes through our infrastructure in real time and is never written to disk. We do not use customer data for training, fine-tuning, or improving any AI models. Your data remains yours.
HIPAA Ready
OriginalPoint offers Business Associate Agreements (BAAs) for healthcare organizations and covered entities that need to process protected health information (PHI). Our infrastructure and policies are designed to support HIPAA compliance requirements.
Responsible Disclosure
We take the security of our platform seriously and welcome responsible disclosure of vulnerabilities from the security research community. If you believe you have found a security vulnerability in OriginalPoint, we encourage you to report it to us promptly.
Please send vulnerability reports to security@originalpoint.ai. Include a detailed description of the vulnerability, reproduction steps, and any supporting evidence. We will acknowledge receipt of your report within two (2) business days and provide an initial assessment within five (5) business days.
We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address it. We do not pursue legal action against security researchers who act in good faith and comply with this responsible disclosure policy.
Contact
For security-related inquiries or to request our SOC 2 report, Data Processing Agreement, or Business Associate Agreement, please contact our security team:
Email: security@originalpoint.ai