Security at Onvyr

Onvyr is designed to help teams keep project information organized inside controlled workspaces. Security considerations are part of how we think about account access, workspace structure, data handling, and product development.

As the product evolves, we continue to improve the technical and organizational measures used to protect customer data, reduce unauthorized access, and support reliable use of the service.

Onvyr may process project-related information such as observations, areas, assets, documents, reports, project knowledge, user activity, and workspace settings.

We use this information to provide, maintain, secure, and improve the service. Customer content should only be accessed when required to operate the product, support the customer, investigate abuse or security issues, or comply with legal obligations.

Access to Onvyr is account-based. Workspaces are intended to keep project information separated and available only to authorized users.

For business and organization use cases, Onvyr is designed to support clearer access boundaries over time, including role-based workflows, organization-level configuration, and stronger administrative controls.

Onvyr relies on trusted infrastructure and service providers to operate the website, application, storage, communications, analytics, payments, and related systems where applicable.

We aim to work with providers that maintain strong security practices and appropriate safeguards for the type of service they provide. A list of relevant subprocessors or service providers may be made available as the product and company setup mature.

Where supported by our infrastructure and service providers, Onvyr uses secure transmission methods to protect data while it moves between the user, the application, and backend services.

Encryption and related safeguards may also be used for stored data depending on the system, provider, and type of data involved.

Security is not only a technical concern. Onvyr’s operating practices are expected to include careful access management, limited internal access to customer information, regular review of systems, and attention to product changes that may affect data protection.

We do not claim compliance certifications such as SOC 2, ISO 27001, or similar standards unless and until such certifications have been formally completed.

If we become aware of a security incident that may affect customer data, we will review the issue, take appropriate steps to limit impact, and communicate with affected users or organizations where required.

Security incidents involving personal data will be handled in line with applicable data protection obligations.

If you believe you have found a security issue in Onvyr, please contact us with enough detail for the team to understand, reproduce, and review the issue.

Please avoid accessing, modifying, deleting, or sharing data that does not belong to you. Reports should be submitted in good faith and without causing disruption to the service or other users.

Security-related questions or vulnerability reports can be sent through the contact page or to the company email address listed on the website.