RCHESTRATOR
SecuritySOC 2Trust

Security at Orchestrator.

How we protect customer data and operate our services securely. A clear, public overview of our information security program for customers and prospects.

Scroll
Our Approach

Orchestrator AI Systems Ltd. treats the security of customer data as a core responsibility, backed by a documented information security program.

This page summarizes how Orchestrator AI Systems Ltd. ("Orchestrator") protects customer data and operates its services securely. It is intended as a clear, public-facing overview for customers and prospects. It is a summary, not a contract. Specific commitments are governed by the applicable agreement between Orchestrator and the customer.

Our program covers access control, change management, incident response, vendor management, and risk assessment.

Policy Reference
OwnerCTO
Version1.0
Last reviewedJun 3, 2026
Review cadenceAnnual

Information Security Policy, Security Information Page. Reviewed annually or on material change.

Data Protection

How customer data stays protected

Encryption in transit

Customer data is encrypted in transit using current TLS standards.

Encryption at rest

Data stored in Orchestrator's cloud environment is encrypted at rest.

Access control

Access to customer data is restricted on a least-privilege, need-to-know basis and protected by single sign-on with strong authentication.

Segregation

Customer environments and data are logically separated.

Infrastructure & Operations
  • Orchestrator hosts its services with established cloud infrastructure providers.
  • Changes to production are reviewed before deployment under a documented change-management process.
  • Systems are monitored, and alerts are reviewed by engineering to determine relevance and required action.
Access & Authentication

Personnel use named accounts in the orchestrator.ca Google Workspace, with single sign-on and strong authentication. Access is provisioned on joining, reviewed periodically, and revoked promptly on departure or role change.

Operating Practices

How we run the program day to day

Incident Response

Orchestrator maintains an incident response plan. Confirmed incidents are triaged, contained, and analyzed, and affected customers are notified in line with contractual and legal obligations.

Vendor Management

Third-party providers that process customer data are reviewed before use and tracked as part of the Company's vendor management process.

Compliance

Orchestrator is pursuing SOC 2 and aligns its controls to that framework.

Contact

Security questions or a report to make?

Security questions and reports of suspected vulnerabilities can be sent to contact@orchestrator.ca. We review every report.

Email Security Contact Us