Security You Can Verify
ODE manages executive decisions, financial data, and the most sensitive business operations. Trust is not a marketing page — it is the architecture.
Every claim on this page is backed by verifiable infrastructure, auditable controls, and enterprise-grade security policies enforced at every layer.
Compliance overview
Current compliance status across frameworks
Our Commitments
Your Data Is Yours
ODE never uses customer data to train AI models. Your proprietary information, financial records, and personal data remain exclusively yours. This commitment is enforced at the infrastructure level.
Secure by Default
Every deployment ships with encryption, tenant isolation, and audit logging enabled. There are no security settings to misconfigure because the architecture enforces protection at every layer.
Transparent Operations
Every action in ODE generates an immutable audit trail: who performed it, when, why, what policy governed it, and who approved it. Full traceability is not optional.
Compliance Program
An overview of 93 security controls in place across 10 categories. Explore our security controls by category.
SOX IT General Controls
Financial reporting integrity through automated controls
Access Management
RBAC with least-privilege defaults. Separation of duties enforced at the application layer. Periodic access reviews automated. Privilege escalation requires dual authorization.
Change Management
All code changes go through pull request review. Pre-commit hooks block secrets and credentials. Deployment requires CI/CD pipeline approval. Rollback capability on every release.
Data Operations
Automated encrypted backups with point-in-time recovery. Data integrity checks on every transaction. Financial data encrypted at rest and in transit. Immutable audit trail on all state changes.
Continuous Monitoring
Real-time anomaly detection across all systems. Infrastructure drift detection with automated alerting. Regular security assessments. Automated property tests verify compliance posture continuously.
Updates
Recent security improvements and platform updates.
GDPR Articles 16 + 21 Implemented
Added Right to Rectification (Article 16) and Right to Object (Article 21) including objections to processing, direct marketing, and automated profiling. Lawful basis now documented per data category.
GDPR Compliance Suite Deployed
Full GDPR implementation: Right to Erasure (Article 17), Data Portability (Article 20), Consent Management (Article 7), and Right of Access (Article 15).
Supabase Migration for HIPAA BAA
Migrated database infrastructure to Supabase Pro for HIPAA Business Associate Agreement availability.
Activity Audit Middleware Deployed
Every action leaves evidence. Immutable audit trails with SHA-256 checksums for data integrity verification.
HIPAA Compliance Infrastructure
Tenant-level HIPAA controls, BAA signing workflow, PHI data handling enforcement, and 6-year audit retention.
Alpha Intelligence APIs Launched
Deployed Monte Carlo simulation and Investment Memo generation APIs with institutional-grade risk modeling.
ODE Serial Number System Deployed
Enterprise-grade document numbering (ODE SN) with atomic database counters for all business documents.
Branch Access Control Hardened
Implemented BranchAccessGuard to enforce tenant-specific route access at the component level.
Discord OAuth Integration
Added Discord as an authentication provider with full OAuth 2.0 compliance.
Procurement Workflows Live
Purchase Requisitions, Purchase Orders, and Change Orders with full approval workflows.
Trust Center Launch
Launched comprehensive Trust Center with 90+ security controls and compliance documentation.
Data Subprocessors
ODE partners with industry-leading providers. All subprocessors maintain enterprise-grade certifications and are bound by data processing agreements.
Application Platform
Serverless hosting with global edge deployment
Global (Edge Network)
Database Provider
PostgreSQL with AES-256 encryption at rest
US / EU (customer choice)
Edge Security
DDoS protection, WAF, CDN acceleration
Global (300+ PoPs)
Payment Processor
Payment processing and subscription billing
US
Identity Provider
OAuth 2.0 Single Sign-On authentication
Global
Communications
SMS and voice communications
US
Email Delivery
Transactional email delivery
US
AI Inference
Large language model inference
US
Full subprocessor list with DPA status available upon request. Request List
Government & Public Sector
Enterprise security for regulated environments
FedRAMP Status: Evaluating
ODE is evaluating the FedRAMP authorization pathway based on federal customer demand. We welcome inquiries from federal agencies to help prioritize this certification.
Current Compliance Posture
ODE implements SOC 2-aligned security controls with GDPR/HIPAA compliance infrastructure. Our architecture supports isolated tenant data, encrypted storage, and comprehensive audit logging.
Government Inquiries
For federal, state, or local government procurement inquiries, contact solstaff@soundoflife.media
Frequently Asked Questions
Common questions about ODE security, AI safety, and data practices.
Security
How is my data encrypted?
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed by our enterprise key management system with automatic rotation.
Who can access my data?
Only authorized users within your organization, controlled by RBAC. ODE staff cannot access your data without explicit written permission. All access is logged in immutable audit trails.
How do you handle security incidents?
Incidents are detected within 60 seconds via real-time monitoring and contained within 5 minutes. Affected customers are notified within 72 hours per GDPR. Full post-incident reports are provided upon request.
Do you perform security testing?
Yes. We conduct regular security assessments including vulnerability scanning and code reviews. Contact us for details on our security testing program.
AI Safety
Does ODE use my data to train AI models?
No. Customer data is never used to train machine learning models. Not ours, not our providers'. Your data is used exclusively to provide your requested services. This is an immutable commitment.
Which AI models power ODE?
ODE uses Claude (Anthropic) and GPT (OpenAI) for AI features. Both providers are contractually bound to zero-retention policies for API calls.
How do you prevent AI hallucinations?
Our AI systems follow a strict 'Truth or Silence' policy — they must verify facts against real database records and admit uncertainty rather than fabricate information.
Can I opt out of AI features?
Yes. AI features are optional modules. You can use ODE's core business operations without any AI processing.
Data Processing
Where is my data stored?
Data is stored in Supabase PostgreSQL with HIPAA BAA capability. You can choose your data region: US or EU. Backups are encrypted and stored in geographically separate locations.
Can I delete my data?
Yes. GDPR Article 17 (Right to be Forgotten) is fully implemented. Submit a deletion request via /api/v1/gdpr and we process it within 30 days. Audit logs are retained per your compliance requirements (e.g., 6 years for HIPAA, 7 years for SOX).
Can I export my data?
Yes. GDPR Articles 15 and 20 (Right of Access and Data Portability) are fully implemented. Export your personal data in JSON or CSV format with cryptographic checksums for data integrity verification.
How long do you retain data?
Active data is retained while your account is active. After account closure, data is deleted within 30 days except where legally required (e.g., financial records for 7 years).
Do you transfer data internationally?
Data transfers are governed by Standard Contractual Clauses (SCCs) and comply with GDPR Chapter V requirements. We do not transfer EU data to non-adequate countries without safeguards.
Compliance
What compliance certifications does ODE have?
GDPR and CCPA/CPRA are fully compliant. HIPAA infrastructure is ready with BAA available on Supabase Pro. SOC 2 Type 2 and ISO 27001 are in progress with completion targeted for Q2 2026.
Can I get a copy of your security documentation?
Yes. Contact solstaff@soundoflife.media to request our SOC 2 readiness package or Data Processing Agreement.
Is ODE FedRAMP authorized?
FedRAMP is on our roadmap. We are currently assessing the authorization path and timeline. Contact us for federal government inquiries.
How do I report a security vulnerability?
Report vulnerabilities to security@llewellynsystems.com. We follow responsible disclosure practices and acknowledge reports within 24 hours.
How We Handle Your Data
Simple, transparent data practices. Your data is yours.
Account Information
Your profile and preferences to provide our services
Payment Processing
Securely handled by our PCI-compliant payment partner
Usage Analytics
How you interact with our platform to improve your experience
AI Interactions
Your requests to our AI-powered features
For complete details, see our Privacy Policy and GDPR Compliance page.
Policies & Legal Documents
Secure by Default. Trusted by Leaders.
Join professionals who trust ODE with their most sensitive operations. Start your 7-day free trial with full security features enabled.
Questions? Contact solstaff@soundoflife.media
ODE Helper
AI Concierge - Online
Powered by ODE AI Concierge