@@ -14,22 +14,35 @@ NGOs worldwide.
1414
1515✓ Robust, configurable security settings to ensure compliance with your policies
1616
17- ✓ Build “zero-persistence” data pipelines to fully control where data is store
17+ ✓ Build “zero-persistence” data pipelines to fully control where data is stored
1818
1919✓ Security implementation training & guidance for your project teams
2020([ read more] ( ../get-started/security.md ) )
2121
2222See our main website to learn more about OpenFn
23- [ Security & Trust] ( https://openfn.org/trust ) .
23+ [ Security & Trust] ( https://www.openfn.org/trust ) and
24+ [ Compliance] ( https://www.openfn.org/compliance ) .
25+
26+ ## Compliance
27+
28+ OpenFn implementations are highly configurable and can be deployed anywhere to
29+ help ensure compliance with your country- or organization-specific data privacy
30+ and security policies.
31+
32+ ** For more on how we think about compliance–especially with policies like GDPR
33+ or HIPAA–check out our [ Compliance] ( https://www.openfn.org/compliance ) web
34+ page.** Contact [ our core team] ( mailto:support@openfn.org ) if interested in
35+ consultation and advisory on how to deploy and configure your OpenFn
36+ implementation to ensure 100% compliance.
2437
2538## OpenFn and data storage
2639
2740In your digital ecosystem, typically ** OpenFn serves as a data processing and
2841transfer solution—not as a data storage service.**
2942
30- As an open source Digital Public Good, OpenFn can be deployed anywhere and
31- workflows can be configured to adhere to your organization's specific data
32- sharing agreements and security policies.
43+ As an open source Digital Public Good, OpenFn can be deployed anywhere
44+ ( [ see docs ] ( ../deploy/options.md ) ) and workflows can be configured to adhere to
45+ your organization's specific data sharing agreements and security policies.
3346
3447Consult the ` Manage Projects ` docs pages for more on project and
3548[ data storage settings] ( ../manage-projects/io-data-storage.md ) .
@@ -41,3 +54,72 @@ configure and pilot projects using the turnkey OpenFn cloud-hosted platform,
4154before migrating to a local deployment when they’re ready to scale.
4255
4356![ Sample Architecture] ( /img/zero-persistence.webp )
57+
58+ To delete your project data at any time, you can
59+ [ delete your project] ( ../manage-projects/platform-mgmt.md ) or
60+ [ delete your account] ( ../manage-users/user-profile.md ) .
61+
62+ ## Encryption
63+
64+ OpenFn Cloud uses a security-oriented Cloud SQL product for data storage that
65+ guarantees 256-bit encryption at rest and we only allow connections with
66+ TLS/SSL.
67+
68+ Platform encryption:
69+
70+ - 256-bit Advanced Encryption Standard
71+ - SSL/TLS encryption in transit
72+ - Credentials/secrets encrypted on disk
73+
74+ Learn more at [ openfn.org/trust] ( https://www.openfn.org/trust#encryption ) .
75+
76+ ## Credentials
77+
78+ [ Credentials] ( ../manage-projects/manage-credentials.md ) , used to grant OpenFn
79+ API access to your various technologies, are encrypted at rest so that, in the
80+ unlikely event of a database breach, without access to multiple, independently
81+ secured boxes an attacker would be unable to read your authentication
82+ information.
83+
84+ Connections to your destination applications are only made over HTTPS, using SSL
85+ and basic authentication in most cases—with the technical connection
86+ specifications being determined by the REST endpoint of the application to which
87+ you are connecting. Technical documentation for individual adaptors can be found
88+ in the [ Adaptor docs] ( /adaptors ) or in their respective repositories on Github
89+ at [ github.com/OpenFn/adaptors] ( https://github.com/OpenFn/adaptors ) .
90+
91+ Credentials can only be viewed by you (the creator), and are loaded into your
92+ private runtime for job execution. You can delete these credentials at any time
93+ and they will be purged from the system.
94+ [ See docs] ( ../manage-users/user-credentials.md ) for more on OpenFn credentials
95+ management and sharing.
96+
97+ ## User Access Management and RBAC
98+
99+ OpenFn supports user access management through ** role-based access control
100+ (RBAC)** , allowing admins to assign granular permissions at both the environment
101+ and project levels. Roles (e.g., Admin, Editor, Viewer) control who can view,
102+ edit, run, or manage workflows and credentials. Access can be restricted to
103+ specific projects or environment configurations, with support for audit logs and
104+ scoped API tokens to ensure security and compliance.
105+
106+ When new users are invited to work on your Project as Collaborators, they are
107+ assigned a role that determines their permissions. See docs on
108+ [ Collaboration] ( ../manage-projects/collaboration.md ) and
109+ [ User Roles] ( ../manage-projects/user-roles-permissions.md ) for more information.
110+
111+ When users register for the platform, they will be prompted to create a secure
112+ password. OpenFn super administrators can also enable
113+ [ Multi-Factor Authentication] ( ../manage-users/user-profile.md ) , password expiry,
114+ and stale account lockout.
115+
116+ :::info More OpenFn Security Questions?
117+
118+ First, be sure to consult the [ Trust] ( https://www.openfn.org/trust ) and
119+ [ Compliance] ( https://www.openfn.org/compliance ) pages on our website, as well as
120+ [ Security Implementation Guidebook] ( ../get-started/security.md ) .
121+
122+ Ask questions on [ Community] ( https://community.openfn.org/ ) or
123+ [ contact our core team] ( mailto:security@openfn.org ) for private queries.
124+
125+ :::
0 commit comments