Opsis is built for financial institutions, fintech teams, and business customers that expect responsible safeguards for business, vendor, contract, pricing, and customer-related information.
This page summarizes our security approach at a high level. Additional detail may be provided under a mutual non-disclosure agreement as an evaluation progresses.
Security Program
We maintain administrative, technical, and organizational measures designed to protect the confidentiality, integrity, and availability of information processed through the Services.
We review and adjust our controls as the product, customer needs, and threat landscape evolve.
Infrastructure and Encryption
Opsis uses cloud infrastructure providers for application hosting, databases, APIs, and related platform services.
Data is encrypted in transit using modern TLS. Stored data is protected using provider-managed encryption appropriate to the environment.
Access Control
Access to production systems and customer environments is limited to authorized personnel with a business need.
Opsis supports logical separation of customer data within the application architecture. Customers are not able to access another customer’s identifiable vendor, pricing, contract, renewal, or business information.
Authentication
Customers are responsible for protecting account credentials, managing authorized users, and following their institution’s internal access policies for staff who use Opsis.
As additional authentication and access controls become available, customers should use them in accordance with their internal security requirements.
Customer Data Separation
Opsis is designed as a multi-tenant platform where each customer’s data is logically separated from other customers’ data.
Customer-specific vendor, pricing, contract, renewal, and business information is not intentionally disclosed to other customers. Benchmarking and market insights are designed to use seeded market data, public market signals, and aggregated or anonymized peer insights as coverage grows.
Monitoring and Maintenance
We use logging, monitoring, and security tooling to help detect issues, support platform reliability, and assist with incident response.
We apply security updates and patches as part of operating and maintaining the Services.
Vendor and Subprocessor Risk
Opsis relies on third-party providers and subprocessors for services such as hosting, databases, email, analytics, security tooling, and AI infrastructure.
We select providers appropriate to our use case and limit data shared with them to what is needed to operate, secure, support, and improve the Services.
AI Data Handling
Opsis may use AI-assisted features to help users analyze vendor information, renewal exposure, pricing signals, market alternatives, and decision-support questions.
When AI-powered features are used, relevant user inputs and platform context may be processed by third-party AI infrastructure providers to generate responses. Opsis does not use AI features to make one customer’s identifiable confidential information available to another customer.
Customers should only enter information into Opsis that they are authorized to provide and analyze within the platform.
Your Responsibilities
Security is shared. Customers are responsible for:
- Managing authorized users
- Protecting login credentials
- Entering only information they are authorized to provide
- Following their internal vendor, data, and access policies
- Reviewing the sensitivity of information entered into the platform
- Promptly reporting suspected unauthorized access or security concerns
Compliance and Security Roadmap
Opsis is not currently claiming SOC 2 certification, ISO certification, or any other formal third-party security certification unless expressly stated in a written customer agreement.
As the platform matures and customer needs evolve, Opsis may evaluate formal security frameworks, vendor risk documentation, third-party assessments, and additional controls appropriate for serving financial institutions and fintech teams.
Reporting Security Concerns
If you believe you have found a security vulnerability related to Opsis, please contact us at clayton@opsisiq.com with a description of the issue and, where appropriate, steps to reproduce it.
We appreciate responsible disclosure and will work to understand, validate, and address legitimate reports.
Related Policies
For how we collect and use personal and business information, see our Privacy Policy.
For how benchmarking, analytics, and market insights are handled, see Data Use & Benchmarking.
Contact
For security questions, contact: