Security

Opsiton is built to help organizations enforce browser-layer security controls across websites, file uploads, and AI tools. Our security approach focuses on authenticated access, tenant separation, policy enforcement, event logging, and operational visibility.

The platform is intended to give security teams a practical control layer where modern work already happens: inside the browser.

• Multi-tenant organization model with role-based access control across the platform.
• HTTPS delivery for web traffic and restrictive browser security headers on public-facing applications.
• Organization-scoped API key authentication for extension traffic and service endpoints.
• Device heartbeat tracking, audit trails, security event records, and incident workflows to support investigation and response.
• Operational integrations with services such as VirusTotal, Google Safe Browsing, NIST NVD, Slack, SMTP, and the public system status experience.

Opsiton is designed to reduce unnecessary exposure of raw sensitive content. Security workflows may store metadata, masked snippets, hashes, filenames, hostnames, URLs, timestamps, and related event context required for alerting, investigation, and reporting.

Customers control how policies are configured and which categories of activity should trigger monitoring, warnings, or blocking.

Customers are responsible for configuring policies, managing user access, protecting their own workspaces, and reviewing incidents raised by the platform.

Security is a continuous process. Opsiton supports prevention, visibility, and response, but no service can guarantee the prevention of every incident or eliminate the need for sound internal controls.

Report security concerns or request additional security documentation at [email protected].