Security at ORBTR
Security is our product, not an afterthought. Here's how we protect your infrastructure and data.
Security by design
Zero-Trust Model
Every connection is authenticated and encrypted. No implicit trust between devices, networks, or services. Identity is verified cryptographically at every layer.
Key Hierarchy
HSM-backed Platform Root, exportable Tenant Root, and device-local Agent Keys. Dual-signed Root Descriptors require both platform and tenant approval.
End-to-End Encryption
All mesh traffic uses Noise Protocol with Ed25519 key binding. Device keys are generated locally and never leave the OS keychain or TPM.
Signed Everything
Policy bundles, script manifests, update artifacts, and LAD snapshots are all cryptographically signed. Epoch-based anti-rollback prevents replay attacks.
Agent Rate Limiting
Built-in rate limits detect key compromise — policy updates capped at 10/hr, jobs at 100/hr. Platform override available for emergencies only.
Verified Updates
All agent updates are cryptographically verified with Ed25519 signatures and SHA-256 integrity checks. Staged rollouts with auto-rollback on failure thresholds.
Transport Resilience
Multipath failover across VL1, QUIC, and WebSocket transports. Automatic path selection with relay fallback using short-lived, audited tickets when direct P2P fails.
Agent Hardening
Device keys stored in OS keychain (DPAPI on Windows, Keychain on macOS). Encrypted local database, column-level encryption for sensitive fields, and HMAC integrity verification on cached state.
Compliance-Segmented Cryptography
Separate Platform Root keys per compliance domain — standard, HIPAA, FedRAMP, PCI, and IRAP. Prevents cross-contamination between regulatory boundaries at the cryptographic level.
Compliance
ORBTR is designed with SOC 2 Type II controls in mind. Our control plane follows the trust services criteria for security, availability, and confidentiality. Enterprise customers can request our security architecture review.
Infrastructure
Our control plane runs on isolated infrastructure with encrypted storage, network segmentation, and least-privilege access controls. All administrative access requires multi-factor authentication and is fully audited.
Vulnerability Disclosure
We welcome responsible security research. If you discover a vulnerability, please report it to security@orbtr.io. We commit to acknowledging reports within 24 hours and providing updates within 72 hours.
Data Privacy
Sensitive telemetry fields are redacted by default. Deep diagnostics are opt-in only. We do not sell data or use third-party tracking cookies. See our Privacy Policy for full details.