Trust Center

Explore The Orbee Trust Center

We prioritize your trust and embed privacy principles in our business and products, while providing advanced security measures for top-of-the-line data protection. Our tools and processes also ensure compliance with GLBA, CCPA, and GDPR regulations for easy navigation.

Security

Products Built Securely

Our products and systems incorporate advanced security measures, providing top-of-the-line protection, so you can rest assured that your data is safe.

Data Storage Site Security

The locations where your information is kept, such as data centers, offices, and remote storage facilities, will be equipped with suitable and physical security controls.

These precautions consist of:

1. Physical entry to our data centers, where client data is housed, is restricted to authorized personnel exclusively, with access confirmed through biometric methods. Physical security protocols for our data centers encompass on-site security personnel, closed-circuit video surveillance, man traps, and further intrusion prevention measures.

2. Orbee upholds a business continuity and disaster recovery program to guarantee services stay accessible or can be quickly restored in the event of a catastrophe. These strategies are assessed and examined at least once a year.

Network Security

The networks through which your data is transmitted will be safeguarded against unauthorized access or intrusion, whether originating internally or externally.

The steps taken to ensure this protection are:

1. Conducting regular external and internal vulnerability scans and notifying the pertinent data exporter about any concerns.

2. Sustaining perimeter protections like firewalls and data loss prevention systems.

3. Preserving internal defenses, such as security information event management, to examine log files and detect unusual activities and other potential threats.

Platform Security

The devices and platforms used to store your data, such as servers, workstations, laptops, cloud services, and other portable media, will be safeguarded against recognized threats by:

The steps taken to ensure this protection involve:

1. Implementing and regularly updating anti-virus or anti-malware systems for all operating systems.

2. Ensuring secure configurations are in place for operating systems.

3. Preserving internal defenses like security information event management for log file analysis, aimed at detecting unusual activities and other potential threats.

Confidentiality

Your data's confidentiality will be upheld by safeguarding it in every location it is stored and during any instance of transmission.

These practices and protocols might involve:

1. Safely disposing of paper, equipment, media, and data.

2. Ensuring the security of data during transmission through encryption methods.

Access

Your data will be accessed solely by Orbee authorized personnel through methods such as:

1. Utilizing unique usernames and passwords to access the IT systems hosting your data, including the use of multi-factor authentication for remote system access.

2. Implementing security policies to guarantee that passwords are not shared and that system passwords are updated periodically in accordance with best practice recommendations.

3. Making sure access to your data is authorized and approved.

4. Establishing a distinct separation of responsibilities among users.

5. Granting access based on the principle of least privilege.

6. Revoking access when necessary.

Processing

We will ensure that relevant elements of sound security practices are implemented while processing any of your data.

These procedures encompass:

1. Establishing and enforcing policies regarding the secure management and handling of data, and ensuring that all Orbee employees are aware of these policies through awareness training.

2. Making certain that developers receive training and remain current in secure coding techniques.

Staff and 3rd Party Procedures

We will ensure and maintain the integrity of personnel accessing your data by:

1. Evaluating the trustworthiness of Orbee employees who will have access to personal data.

2. Establishing and enforcing policies on the secure handling and care of data, and taking steps to ensure that all Orbee employees are aware of these policies.

3. Reviewing any sub-processors that we will use, to ensure proper security measures are in place.

4. Making certain that any third party adheres to the minimum set of controls prescribed by our information security policies.

5. Third-party subcontractors will be obligated to adhere to technical and organizational measures that are at least as stringent as the measures that we commit to you. We continuously review these measures and update them as needed to align with industry standards. If requested, we will provide you with a description of our current measures.

Data Breach Procedures

We have implemented a collection of data breach security procedures that encompass the following components:

1. Identification: Determining the specifics of the incident and devising a diagnostic, containment, and communication plan for those whose data has been impacted.

2. Containment: Restricting the scope of the data compromise.

3. Elimination: Eliminating all facets of the malicious code or configuration, if applicable.

4. Recovery: Restoring data and systems to a known secure state, free from vulnerabilities.

5. Evaluate: Evaluating how to prevent similar occurrences in the future.

6. Alert: Informing relevant stakeholders of the data breach within legally and industry-accepted obligations and timeframes.

Availability and consistency

Ensuring system availability is our foremost concern. To achieve this, we operate several geographically distributed data centers and have established strong disaster recovery and business continuity plans.

Our AWS-based Platform is Built on a Strong Foundation

As a complete cloud-native platform, our products and services leverage cutting-edge security measures provided by AWS to ensure the security of both your data and our products.Explore the links below to learn more about the security protocols employed by AWS in their data centers.

Privacy

Securing Your Trust

Your trust is our priority. We're committed to embedding privacy principles throughout our business and products.

Consent icon that represents a handshake.

Consent

We obtain users’ consent before collecting or using their personal information. Users should be informed of what data is being collected and how it will be used.

An icon that represents the essential collection.

Essential Collection

Our products are tailored to gather solely the required information from your clients, ensuring an approach that respects customer data.

An icon representing transparency.

Transparency

We incorporate security measures in our products to defend your data against loss, as well as unauthorized access and disclosure.

An icon representing control.

Control

Our products empower you with authority over both your and your customers' information.

Kindly refer to the following details to understand how privacy influences our company, offerings, and decision-making processes.

An icon representing Privacy Policy.

Privacy Policy

An icon representing Subprocessors.

Subprocessors

Compliance

Stay Compliant With Orbee

At Orbee, customer data protection is a fundamental aspect of our product, operations, and organizational culture. Our infrastructure, procedures, and systems are dependable, robust, and scrutinized by reputable quality control, data security institutions, and both internal and external auditors.

Orbee complies with the Gramm Leech Bliley Act (GLBA), the California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR), and other privacy and security regulations.

Audits and Certificates

Orbee is proud to announce that our software has achieved ISO 27001:2013 compliance and has successfully passed a SOC 2® audit, ensuring our commitment to providing the highest level of information security and privacy to our valued customers.

ISO 27001:2013

International standard for information security management.

SOC 2®

Type II report covering Security, Availability and Confidentiality

Frequently Asked Questions

What personal information does Orbee gather?

Orbee collects any PII collected inside your dealership’s website. We categorize three major groups:}

Lead contact information, like email and phone

Lead location information, like IP, address, and zip code

Lead consent information, like allowing personalization

Does Orbee offer a means for individuals to exercise their privacy rights?

Yes, please visit privacy.orbee.com for more information

In the event of a data breach or security incident compromising my data, how will Orbee notify me?

Orbee provides security and data breach incidents on both their status page status.orbee.com as well as a press release to the public.

How does Orbee ensure compliance with GLBA, including the Safeguards and Privacy Rules?

We are already in line with CCPA which has covered many of the rules that GLBA requires. We also catalog what data is collected so we can help find and delete your information if requested. We also include a comprehensive consent tool to provide full control to the consumer on exactly what data is collected and what functionality is allowed.

Have you completed any widely recognized security audits, such as ISO 27001 or SOC?
If so, when was the most recent audit conducted?

We are undergoing our official audit, are already compliant, and will be certified by August 2023

Does Orbee implement multi-factor authentication?

We use MFA internally wherever applicable and available, and users logging in to Orbee’s systems will be required to use MFA by June 1st, 2023.

Is there a Service Level Availability Policy (SLA) established and communicated to clients?

Contracts that require an SLA are provided with one during the contact/scope-of-work process.

Does Orbee employ a Software Development LifeCycle (SDLC) approach for creating customer products?

Yes, we follow a traditional SDLC and will have additional documentation alongside our SOC/ISO certification on that process.

We currently implement a process that requires feature development and maturity, market buy-in, development, testing and QA, production, deprecation, and retirement.

Still have questions?

Contact our support team if you have any questions about our security, privacy, or compliance policies.