Key Messages
ORCA is designed with a deep respect for privacy. The data our clients choose to save in ORCA is encrypted and inaccessible to anyone at ORCA.
Because
- the data handled by the ORCA App is encrypted through the whole lifecycle (including in consumption, transit, at rest and in use),
- neither ORCA nor our carefully selected vendors can access unencrypted data, not even when the User is in the ORCA App,
- neither ORCA nor our carefully selected vendors have access to the technical keys,
ORCA is therefore neither considered a data controller nor a data processor under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
ORCA's zero-trust model satisfies the data protection requirements
The GDPR and other similar regulations require any organisation to implement technical measures to protect personal data in their possession such as pseudonymisation, anonymisation, or encryption. The objective of these techniques is to reduce the potential for harm if personal data were to be breached.
ORCA uses a zero-trust model to protect our Clients' data at all times. Neither ORCA, nor ORCA's employees or vendors can access the Users' data in the clear at any point in time. These security measures guarantee that the sensitive data CANNOT be accessed in personal identifiable form, even if our servers were somehow breached.
Data Processing Agreement
Even though ORCA is neither a data processor or controller, ORCA provides a Data Protection Agreement, which the GDPR and other regulations require for organisations that use data processor services. This agreement describes the technical security measures implemented by ORCA in a legally enforceable manner.
If you have any questions or feedback about it, please send an email to privacy@withorca.com.
Related Articles
You might also be interested in: