With the Addepar ORCA integration enabled, you and your users can automatically sync ownership and valuation information to ORCA. ORCA uses this data to create dynamic structure charts that you can enrich with legal, tax, and compliance data, and securely share with any stakeholder.
All data stored in ORCA is encrypted, and ORCA cannot see any of the content of your Assets, Persons, or Files. The information is transferred from Addepar to the ORCA server in an encrypted manner (via HTTPS). While the mapping is being performed, the data sent by Addepar is not encrypted for a short period.
By activating this functionality, you agree that the information in this article is an extension of the Privacy Policy and Terms and Conditions.
Key messages
When you activate the Addepar ORCA integration, then
- ORCA has no control over Addepar’s data storage,
- the connection between ORCA and Addepar uses OAuth 2.0 technology to connect and information is transferred via API,
- ORCA can only access the information in Addepar to which the OAuth was enabled,
- ORCA's backend is responsible for storing the information from Addepar. The ORCA backend can NOT see the stored data,
- during the mapping process, ORCA is required to have access to the information fetched from Addepar,
- after the mapping is completed, the information is immediately removed from the temporary memory of the server and it is no longer visible to ORCA, and
- ORCA never sends information back to Addepar and the integration is one direction only, from Addepar to ORCA (read-only).
For more information on the Addepar functionality, access the Configuration Guide and the Integration Description.
How is the integration connection established?
The OAuth integration (where you log in with Addepar's user credentials) enables ORCA to get the refresh token. We do NOT store or even access the Addepar credentials (email and password) you input to activate the connection. ORCA stores the token provided by Addepar encrypted in the database.
This token enables ORCA to connect to your Addepar instance and trigger data requests. The token is automatically refreshed according to the strategy implemented by Addepar.
How is the data handled in transit?
The established connection has all the state-of-the-art standard security levels, such as HTTPS.
The information travels according to the criteria established by Addepar.
Data mapping and storage in ORCA
Once the data reaches the ORCA server, it remains decrypted. In contrast, the ORCA server performs the mapping from the Addepar data model to ORCA’s data model. It ensures the information is compatible with the data stored in the vault. During this time, the data stays in the temporary memory of the server. After the process is finalized and the data is saved in the Vault, all the data is erased. On average, 100 entities and 1,000 transactions take less than one minute to be processed. While the data lives in the temporary memory of the server it is NOT encrypted. However, there is a strict process that requires two people from two different departments in ORCA to be present to access the ORCA’s server and the appropriate monitoring /alerting is in place.
What data is Addepar sending to ORCA?
Addepar sends the following information to ORCA, given the appropriate access was established:
- Persons / Clients,
- Legal Entities,
- a subset of Assets e.g. Accounts but not Securities,
- Ownership transactions, and
- Valuation information per item
Upon appropriate connection established, the following information is synchronized from Addepar to ORCA:
- Persons / Clients,
- Legal Entities,
- Assets (subset) e.g. Accounts but not Securities,
- Ownership transactions, and
- Valuation information per item.
Contacting ORCA
If you have questions about our data security, please contact us any time privacy@withorca.com.