Trust & Security

Security, privacy, and data protection — built in, not bolted on.

Technical and contractual documentation for procurement, legal, and IT security teams.

Security Architecture

What We Protect and How

Single-Tenant Architecture

Your environment is entirely isolated. Dedicated database, application servers, and storage — no shared infrastructure with any other institution.

Encryption at Rest

All stored data is encrypted using AES-256. Encryption keys are managed independently per deployment.

Encryption in Transit

All data in transit uses TLS 1.2 or higher. No unencrypted channels.

Access Controls

Role-based access control throughout. Administrative access requires MFA. Audit logging on all privileged operations.

Data Residency

Data never leaves your designated region without explicit instruction. No cross-border transfer by default.

Incident Response

Defined breach notification timeline. We notify affected institutions within 72 hours of a confirmed incident — consistent with GDPR Article 33 obligations.

Data Processing Agreement

DPA available on request

Our standard Data Processing Agreement covers the lawful basis for processing, data subject rights, sub-processor disclosure, breach notification obligations, and data deletion on contract termination.

For institutions in GDPR-regulated jurisdictions, we sign a DPA as a standard part of the contract. For other jurisdictions, we adapt to local requirements.

Request a DPA →
Sub-Processors

Infrastructure and service providers

OpenDev Technologies engages the following categories of sub-processors to deliver the OpenDevX platform. All sub-processors are bound by contractual data protection obligations consistent with GDPR and applicable local regulations.

Cloud InfrastructureCompute, storage, and networking for platform hosting. Region-specific providers selected per deployment (EU, KSA, APAC, or on-premise).
Email DeliveryTransactional email delivery for platform notifications (e.g. course enrolment, password reset). No marketing use.
Video InfrastructureReal-time video conferencing transport layer for OpenDevX Meet sessions. Deployed within the institution's designated region.
Support SystemsInternal tooling used by OpenDev Technologies staff to manage support tickets and platform monitoring. Access restricted to authorised personnel.

Specific sub-processor names and their data processing locations are disclosed in the full DPA provided to institutional clients. To request the full sub-processor list, contact hello@theopendevx.com.

Incident Response

How we handle security incidents

Detection & containmentOur monitoring systems flag anomalous access patterns and potential breaches in real time. On detection, we isolate affected systems immediately.

NotificationWe notify affected institutions within 72 hours of confirming a breach — consistent with GDPR Article 33. Notification includes the nature of the incident, data categories affected, likely consequences, and measures taken.

Investigation & remediationA root-cause analysis is completed for every confirmed incident. Findings and remediation steps are shared with affected institutions within 30 days.

Regulatory reportingWhere required by applicable law, we assist institutions in meeting their own regulatory notification obligations.

Data Protection Contact

For data protection enquiries, DPA requests, sub-processor questions, or security concerns: hello@theopendevx.com

Privacy Policy →Terms of Service →