Security & Privacy

What we do to secure your data and ensure your privacy

Security

We at OIG take security very seriously. It underpins how our product is designed and implemented, and the policies we have in place for maintaining that security.

Passwordless sign in

OIG has moved from using email-address-and-password to a Passwordless authentication system. The way it works is simple - each time you sign in, you enter your email address and receive a one-time code that is used to sign in instead of a password.

Why OIG moved to a Passwordless system?

  1. Passwordless authentication offers improved security. Studies have consistently shown that weak or stolen passwords continue to be responsible for more than 80% of hacking-related breaches. [1][2][3]
  2. It's simpler for you! Meeting differing password complexity requirements and remembering many different passwords is hard. Using a Passwordless system means one less password for you to create and remember.
  3. Passwordless authentication is part of our long term security strategy. Future enhancements will enable additional Passwordless authentication factors, including support for biometrics such as fingerprints, face and voice recognition.
Encryption

Your information is encrypted and stored using industry leading technology. All communications with OIG - when you load a page, upload documents or submit a form - are protected by 2048-bit SSL certificate encryption. When we store you data, at rest, everything is encrypted using 256-bit AES encryption, one of the strongest available. [4]

Multi-factor authentication (MFA)

Often referred to as MFA or 2FA, multi-factor authentication adds an additional layer of security via SMS or an authenticator app, protecting your most sensitive data and ensuring no one but you has access. We use step-up multi-factor authentication, this means you can sign in without MFA, but in order to access data already stored or to perform certain, key tasks, you will be required to sign in using your second authentication factor on demand.

Privacy

Data access

At OIG we follow a strict set of processes and protocols to safeguard your data and ensure that no-one but you and the people you allow (like your Trusted Contacts) will have access. OIG employees are not able to access your data under any circumstances.

Read our privacy policy ⟶

Data sharing

One of our founding principles is that we will never share your data with a third party without your consent. You data is yours, and only you can make the decisions on how you want to share it.

Read our privacy policy ⟶

Where is my data stored?

For redundancy purposes your data is securely replicated to two different geographic locations around the world. This ensures that should something happen to the data stored in one location, your data can be recovered from another. This replicated data is secured and stored in the same way as the primary data, and governed by the same rigorous security protocols.