Where is the data hosted?
This depends on how you’d like Onna to be deployed inside your organization. We have a cloud solution where your data would be hosted in our own cloud infrastructure. If you’d prefer for the deployment to be done on-premise, all data would be hosted by you. Both of our methods have numerous security attestations.
How scalable is Onna?
Onna is scalable to your needs - however intensive those may be! This is thanks to our horizontal architecture and orchestrated deployment system. Need more details on how it works? Let us know and we’re happy to explain.
What if I need to collect from a different source that is not among the list you currently support?
Let us know! Your data source may already be on our roadmap for adding integrations. We’ll be able to tell you if it is, and if already scheduled, an estimate of when to expect it. We’re also happy to work with you if it's an urgent matter.
What information besides data do you collect from my account?
We use the platform’s API to collect native files and their metadata. We don’t take anything from your account and do not, under any circumstances, store your credentials.
What security certifications does Onna have?
Onna is ISO 27001 and SOC 2, Type II certified.
Your data is stored on a highly trusted cloud platform that has numerous attestations and certifications from third parties with regard to physical security, data center operations, and personnel security. A complete list of certifications can be found here - https://cloud.google.com/security/compliance.
Could we use your tool for cases in Europe or Asia?
Yes. Our platform is a global solution. As long as you are in a country that allows for access to Google Cloud and AWS, you will be able to access our platform. Alternatively, you can also install a local version of our application in your own data center.
What happens to my data if I delete my Onna account?
If you delete your Onna account, all data inside your account is deleted from our servers. We do maintain our logs for defensibility.
What external security audits you perform?
We perform a yearly penetration test of our application. The penetration test certificate is available upon request.
Where are your servers located?
Our cloud platform is hosted in Google Cloud. Google has numerous data centers scattered around the world. At least 12 significant Google data center installations are located in the United States. The largest known centers are located in The Dalles, Oregon; Atlanta, Georgia; Reston, Virginia; Lenoir, North Carolina; and Moncks Corner, South Carolina. You can also install our application in your own private cloud, whether it be hosted with AWS, Google Cloud, or behind your firewall.
Do you provide access logs?
We respect the privacy of our users and treat requests for access logs on a case by case basis. Access logs can be made available upon request and after careful review of the case. Please contact your account manager in case you need access to logs.
What’s the data retention policy at Onna?
Data is retained for your account's lifetime as long as your account is active with Onna. You can alternatively choose to delete data from the platform.
How do you collect data behind a firewall?
We provide an app that can be installed on the client machine to perform collections from behind the firewall. We use a concept called “proxy” to talk with the backend servers behind the firewall using the app and perform the data collection process. These are available for Windows, MacOSX and Linux platforms.
What browser do you suggest for using Onna?
We're working on accessibility across all browsers but for now we highly suggest using Chrome for the best experience.
Can API access to logs be granted?
Yes, Onna does allow API access to logs. The audit log will capture activity taken by users on content that is stored in the platform. Please email firstname.lastname@example.org requesting a specific user to be granted service account permissions.