OpsBriefOpsBrief
Security

Security & Privacy

OpsBrief takes security seriously. Learn about our data protection practices, compliance certifications, and privacy policies.

Compliance & Certifications

GDPR

EU data protection compliance

CCPA

California Consumer Privacy Act compliance

HIPAA

Available for Enterprise plans

How We Handle Your Data

Read-Only Access

OpsBrief only requests read access to your messages. We never post, modify, or delete anything in your channels.

When you connect Slack, Teams, or Discord, we request the minimum permissions needed to read messages from your selected channels.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

  • • TLS 1.3 for all API communications
  • • AES-256 encryption for stored data
  • • Encrypted database backups
  • • Secure key management

Infrastructure

Hosted on secure, enterprise-grade cloud infrastructure.

  • • AWS/GCP infrastructure with multi-region redundancy
  • • Regular security patches and updates
  • • DDoS protection
  • • 99.9% uptime SLA (Enterprise)

Access Control

Role-based access control and audit logging.

Learn about roles and permissions in OpsBrief. Enterprise plans include full audit logging for compliance.

Data Retention

Message Processing

Messages are processed in real-time to extract events. Raw message content is not stored permanently - only the extracted event data (title, description, type) is retained.

Event History

Extracted events are stored for your plan's retention period:

  • Free: 30 days
  • Team: 90 days
  • Pro: 1 year
  • Enterprise: Unlimited (customizable)

See pricing for details.

Account Deletion

When you delete your account, all your data is permanently removed within 30 days. You can request immediate deletion by contacting us.

Privacy

We don't sell your data

Your data is never sold to third parties. We only use it to provide the OpsBrief service.

We don't train AI on your messages

Your messages are processed by our AI to extract events, but they are never used to train our models.

You control your data

Export or delete your data at any time. See our Privacy Policy for your rights under GDPR and CCPA.

Minimal data collection

We only collect what's necessary to provide the service. No tracking across other sites.

Read our full Privacy Policy →

Security Incident Response

We have a documented incident response plan. In the event of a security incident:

  • Affected customers are notified within 72 hours
  • Detailed incident report provided
  • Remediation steps documented and implemented

Enterprise Security Features

Enterprise plans include additional security features:

SSO / SAML

Single sign-on with Okta, Azure AD, etc.

Audit Logs

Full audit trail of all admin actions

Data Residency

Choose your data storage region

Custom DPA

Custom Data Processing Agreement

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure. Please email us at:

[email protected]

We'll acknowledge your report within 24 hours and work with you to understand and address the issue.

Related Documentation

Team Management

Learn about roles and access control.

Privacy Policy

Read our full privacy policy.

Terms of Service

Review our terms and conditions.

Enterprise Plans

Advanced security features for enterprises.

Questions about security?

Our team is happy to discuss security requirements for your organization.