CDPConsentExperimentationGuidesSupport
Security and Access Management

Security Controls

Configure the security controls in Ours Privacy, including multi-factor authentication, inactivity timeout, least-privilege access, encryption, and HIPAA-compliant audit logging.

Use this page to understand the security controls that protect your data in Ours Privacy. These controls run across the platform, from how users sign in to how data is stored and audited.

Multi-factor authentication (MFA)

MFA adds a verification step beyond a password when users sign in. You can set the MFA requirements for your organization.

Inactivity timeout

Sign users out automatically after a period of inactivity to prevent access from an unattended session. Set a custom timeout to match your security policy.

HIPAA-compliant audit logging

Actions taken through the platform, including user changes, configuration changes, and data access, are logged to support your HIPAA audit-trail obligations.

  • Detailed records: each entry captures the timestamp, user, action, and affected resources.
  • Retrieval: to access audit logs for a compliance or legal review, contact your account manager.

Configure least privilege

Fine-grained access controls let you give each user only the resources and actions their job requires. Use policies to scope permissions precisely. See Policies and Permissions for setup.

  • Granular permissions: control access at the resource, action, and data level.
  • Custom policies: build policies with specific permission sets and assign them to users.
  • Resource-level security: restrict access to specific destinations, sources, or data streams.
  • Action-specific controls: limit users to specific operations such as read, write, or delete.
  • Data-level restrictions: control access to sensitive fields and properties.

Data protection and privacy

Your data is protected at multiple layers:

  • In transit: encrypted with TLS 1.3 during transmission.
  • At rest: encrypted when stored.
  • Data residency: your data is stored and processed in the United States.

General security standards

  • SOC 2 Type II: Ours Privacy maintains a SOC 2 Type II report covering all five Trust Services Criteria. See the Security Center.
  • HIPAA: built-in controls for healthcare data protection, with a Business Associate Agreement (BAA) available.
  • Strong passwords: password complexity requirements are enforced.
  • Secure development: regular security updates, vulnerability assessments, and a secure development lifecycle.

Next Steps

How is this guide?

Slack Notifications

Previous Page

Account Management Features

Next Page

On this page

Multi-factor authentication (MFA)Inactivity timeoutHIPAA-compliant audit loggingConfigure least privilegeData protection and privacyGeneral security standardsNext Steps