- Requesting our security questionnaireHow to ask for our standard security questionnaire, what it covers, and how fast we typically respond.
- SOC 2 statusOchre is not SOC 2 certified and there is no audit currently underway. What we offer in the meantime.
- GDPR and your data rightsConcierge data export, end-user erasure, sub-processors, and DPA requests under GDPR. Not self-serve — emailed to hello@ochrehq.com.
- How Ochre verifies inbound webhooksHMAC-SHA256, constant-time comparison, and replay protection (timestamp windows + GitHub delivery-id dedupe) for Resend, Slack, HubSpot, Linear, GitHub, and Stripe.
- How workspace isolation worksPostgres row-level security keeps your workspace data invisible to every other workspace, even if application code has bugs. Here is how Ochre uses it.
- Where Ochre stores your dataHosting region, database, encryption at rest and in transit, attachments, and what is and is not available for region selection today.
- Security at OchrePlain-English tour of how Ochre protects your data: encryption, RLS isolation, webhook verification, and what we will share on request.