Security & Trust

Security at OneVision

Protecting your team's data is foundational to how we build OneVision. Here's a plain-language look at the safeguards in place today.

How we protect your data

Security is layered across our infrastructure, our application, and our development process. These are the core measures we have in place.

Tenant isolation

Every customer’s data lives behind PostgreSQL row-level security with FORCE RLS enabled, so records are scoped to their tenant at the database level — not just in application code.

Encrypted in transit

All traffic between your browser and OneVision is protected with TLS. Data moving across the network is encrypted end to end.

Private managed databases

Our databases run as private, managed instances on DigitalOcean with no public internet access — they are reachable only from within our protected network.

Secure authentication

Passwords are hashed with bcrypt — never stored in plain text — and sessions are authenticated using signed JSON Web Tokens (JWT).

Monitoring & audit logging

A dedicated audit-logging service records key activity, while OpenTelemetry tracing and Sentry error monitoring give our team visibility to detect and investigate issues quickly.

Secure development pipeline

Every change is automatically scanned for leaked secrets with gitleaks in CI, and Dependabot keeps our dependencies patched and up to date.

Security practices at a glance

A summary of the technical safeguards currently in place across OneVision.

PostgreSQL row-level security (FORCE RLS) for strict tenant data isolation
Passwords hashed with bcrypt; session authentication via signed JWTs
TLS encryption for all data in transit
Private, managed databases on DigitalOcean with no public network access
Automated secret scanning (gitleaks) on every change in CI
Automated dependency updates via Dependabot
Centralized audit-logging service for key activity
OpenTelemetry distributed tracing and Sentry error monitoring

Data isolation

OneVision is multi-tenant by design. We enforce tenant separation at the database layer using PostgreSQL row-level security with FORCE RLS, so each organization can only ever read and write its own data. This protection sits below the application, adding a strong safeguard even in the unlikely event of an application-level mistake.

Encryption

All connections to OneVision are encrypted in transit using TLS. Our databases are private, managed instances that are not exposed to the public internet.

Authentication

Account passwords are hashed with bcrypt and are never stored in a readable form. Authenticated sessions use signed JSON Web Tokens (JWT).

Monitoring and logging

We operate a dedicated audit-logging service to record key activity, alongside OpenTelemetry distributed tracing and Sentry error monitoring. Together these give our engineering team the visibility needed to detect, investigate, and respond to issues.

Secure development

Every code change is automatically scanned for accidentally committed secrets using gitleaks in our continuous-integration pipeline, and Dependabot keeps our third-party dependencies patched and up to date.

Report a security issue

If you believe you have found a security vulnerability in OneVision, we want to hear from you. Please reach out to our team directly and we will investigate.

security@onevision.io

Ready to join us?

Start your journey with OneVision today and transform your workforce management.