Data Security

How secure is Oribi?

Oribi is designed with a high level of security in mind. With Oribi, you can always be assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.

How Oribi handles data

Oribi allows users to easily track and analyze their website data and provides valuable insights to strengthen your online efforts. The tool collects all clicks and other events coming from a User’s website. Providing the highest level of security for our Users and meeting the requirements of the GDPR and other privacy regulations, we don't save any personal data, not even the Visitors’ IP addresses, by default. Oribi's architecture was designed in a way we can offer aggregative and meaningful data without risking private data of our Users and our Users’ Visitors.

The service only works when the user adds their personalized Oribi script, a Javascript tracking code, in the head tags of their web pages. When a Visitor accesses the web page, the Oribi script fetches the appropriate configuration and applies the changes on the browser-side by manipulating the DOM / HTML as it loads. Oribi only interfaces with the front-end of the User’s website and does not require any access to their backend system and database. All data is sent via secure https.

What data Oribi captures

User data

When a user signs up to the Oribi Services, we store the data provided through the signup form, such as their email address and their website. For paying Users, we also store personal data, such as payment information. It is each User’s voluntary decision whether to provide us with any such personal data, but refusal to provide any required data may result in us not being able to register the User and enable them to receive our Services.

All personal data is saved on Autho0 and Stripe. We use these services for the highest level of security and do not store any personal information, such as credit card.

Users’ Visitors data

By default, Oribi only collects non-identifiable information about our Users’ Visitors. Oribi stores the following information for the Visitors who visit the User’s website:

  • Total number of visitors to the website.
  • Total number of conversions for a User’s key metrics.
  • Events performed during the Visitor’s sessions on the website.
  • The channel a visitor came from.
  • Platform and browser used.
  • The country browsed from.

How Oribi uses cookies

Oribi uses cookies to run tests and analyze the User’s website visitor data. The cookies keep track of the variation the Visitor has viewed and serve the same variation to the Visitor consistently and track key metrics completed by the Visitor.

Where Oribi saves data

Like most SaaS tools, Oribi is hosted on Amazon AWS’ industry-leading, high-security servers in the United States of America, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law. For further information, please visit Amazon S3, Amazon EC2, and Amazon Relational Database Service (RDS).

Oribi service providers that store or process your Personal Information on Oribi’s behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.

How Oribi protects data

Code security

Oribi code is stored in a GitHub system. Oribi employs strict role-based security/passwords for access to the code. Commits to production code are strictly reviewed and approval is restricted, after passing Unit Testing and QA in Test and Staging. There is a daily backup of the database data in Amazon Web Service’s (AWS’s) S3 storage service.

Application access

Users are always connected to the Oribi web-app via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. Users can assign roles and permissions to team members given access to the account or selected domains added to the account to ensure the appropriate level of access to their Oribi account.

Updated October 11, 2020