What we do to secure your data and ensure your privacy
We at OIG take security very seriously. It underpins how our product is designed and implemented, and the policies we have in place for maintaining that security.
OIG has moved from using email-address-and-password to a Passwordless authentication system. The way it works is simple - each time you sign in, you enter your email address and receive a one-time code that is used to sign in instead of a password.
Why OIG moved to a Passwordless system?
Your information is encrypted and stored using industry leading technology. All communications with OIG - when you load a page, upload documents or submit a form - are protected by 2048-bit SSL certificate encryption. When we store you data, at rest, everything is encrypted using 256-bit AES encryption, one of the strongest available. 
Often referred to as MFA or 2FA, multi-factor authentication adds an additional layer of security via SMS or an authenticator app, protecting your most sensitive data and ensuring no one but you has access. We use step-up multi-factor authentication, this means you can sign in without MFA, but in order to access data already stored or to perform certain, key tasks, you will be required to sign in using your second authentication factor on demand.
At OIG we follow a strict set of processes and protocols to safeguard your data and ensure that no-one but you and the people you allow (like your Trusted Contacts) will have access. OIG employees are not able to access your data under any circumstances.
One of our founding principles is that we will never share your data with a third party without your consent. You data is yours, and only you can make the decisions on how you want to share it.
For redundancy purposes your data is securely replicated to two different geographic locations around the world. This ensures that should something happen to the data stored in one location, your data can be recovered from another. This replicated data is secured and stored in the same way as the primary data, and governed by the same rigorous security protocols.