Current as of July 30, 2025

Security

How we keep your data safe and maintain a secure, reliable platform.

At OneBot, we prioritise the security of your data. Transparency is a core principle of our company, and we strive to be as clear and open as possible about our security practices. If you have any additional questions, please email us at support@sollertis.co, and we will respond promptly. This document outlines the administrative, technical, and physical controls that apply to OneBot, including the OneBot platform, workflows, and apps. This documentation does not cover services associated with or integrated into OneBot.

Architecture and Data Segregation

OneBot operates on a single-tenant architecture per client, ensuring data segregation and restricted access based on business needs. Each customer has a unique instance, providing logical data separation.

Public Cloud Infrastructure

OneBot services are hosted on a public cloud, meaning our services run on remote servers managed by third-party providers, offering flexibility and scalability.

Audits

We conduct regular security assessments to verify our practices and monitor for new vulnerabilities. This includes periodic and targeted audits and continuous hybrid automated scanning of our platform.

Security Controls

We implement and maintain measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Key security controls include:

  • Access Logging: Users and administrators can view detailed logs that capture account sign-ins, device types, and IP addresses. Administrators can also review consolidated logs across the infrastructure.
  • Access Management: Administrators can remotely terminate all connections and sign out all devices authenticated to OneBot services.
  • Data Retention: Administrators can set custom data retention policies for older messages or files deleted from production instances based on these settings.
  • Host Management: We conduct automated vulnerability scans and address any risks identified.
  • Network Protection: All instance access is controlled via secure tokens only accessible by Sollertis authorised personnel.
  • Product Security Practices: New features and significant changes undergo security reviews. Code is tested and peer-reviewed before deployment, and the security team collaborates with development teams to address any security concerns.

Some controls are non-disabling, while others allow customisation for enhanced security. Protecting customer data is a joint responsibility between OneBot and the customer.

We also conduct security scans and testing of the OneBot platform, workflows, and apps to detect abusive behaviour or term violations.

Intrusion Detection

We monitor OneBot services for unauthorised intrusions.

Security Logs

Our systems log information for security reviews and analysis. These logs, accessible only by background-checked employees, are analysed for security events by automated monitoring software overseen by our security team.

Incident Management

OneBot maintains policies and procedures for managing security incidents. We notify affected customers promptly of any unauthorised data disclosures. Significant system incidents are communicated via email and may involve conference calls for incidents lasting over an hour.

Data Encryption

We use industry-accepted encryption to protect data during transmission and at rest. We support the latest secure cypher suites and protocols and regularly update our practices in response to new cryptographic weaknesses.

Reliability, Backup, and Business Continuity

We ensure that OneBot services are highly available and fault-tolerant. Our operations team tests disaster recovery measures regularly. We follow industry best practices for reliability and backup, performing regular backups and data replication. We assist with data recovery during Major Catastrophic Events, as permitted by data residency requirements.

Our backup and restoration procedures are well-tested, with nightly backups and quarterly tests to ensure reliability.

Data at Rest

Customer data is stored within designated geographic areas unless specified in your order form.

Return of Customer Data

Customers can request the return of their data within 30 days after contract termination. For export capabilities, contact support@sollertis.co.

Deletion of Customer Data

Primary Owners can delete data at any time during a subscription. Deleted data is removed from production systems within 24 hours and backups within 14 days, barring ongoing investigations. Upon subscription termination, data is deleted within 90 days unless otherwise requested by the customer.

Confidentiality

We strictly control employee access to customer data. Access is granted only when necessary, such as when diagnosing issues. Access is logged, and our comprehensive information security policies bind employees.

Personnel Practices

All employees undergo background checks and receive ongoing privacy and security training. They are required to read and sign our information security policy.

Infrastructure

OneBot uses Digital Ocean’s infrastructure to host or process customer data. Visit the Digital Ocean website for more information on its security.

Changes to this policy

We change this policy from time to time. We will not reduce your rights under this policy without your explicit consent. We always indicate the date when the last changes were published . If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of policy changes).

Contact us

If you have any questions or complaints about this policy, please contact us. If you are a Customer, please reach out to your account manager who will be able to assist you.