Security

How ooda protects your code, data, and infrastructure.

Infrastructure

ooda runs entirely on Cloudflare's global network. Our API server, project loader, and database all run on Cloudflare Workers, D1, and R2 — there are no traditional servers to patch or maintain.

Each dev environment is a Cloudflare Container — a sandboxed Linux instance backed by a Durable Object. Containers are provisioned on demand and automatically hibernated when idle.

All traffic is served over HTTPS with TLS termination at Cloudflare's edge. DDoS protection is provided at the network layer globally.

Project isolation

Every project runs in its own container with dedicated compute, storage, and networking. Containers are isolated from each other at the hypervisor level — there is no shared filesystem or process space between projects.

Preview URLs for each project are scoped with unique tokens and validated on every request. Tokens are revoked immediately when a project is stopped or deleted.

Organisation boundaries are enforced at the API layer. All project-scoped requests are authenticated and authorised against the requesting user's org membership and role.

Data residency

Our database (Cloudflare D1) and object storage (Cloudflare R2) are configured with EU jurisdiction. This means your project metadata, organisation data, and published site assets are stored and processed exclusively within European Union data centres.

Data residency is enforced at the infrastructure level and cannot be changed after provisioning — it is not a software toggle.

Cloudflare Workers execute at the edge nearest to the requesting user. For requests that access the database, Cloudflare's Smart Placement routes execution to the EU to minimise round-trip latency to the data layer.

Authentication

Users authenticate via email and password. Passwords are hashed using PBKDF2 with a unique salt per user before storage — plaintext passwords never leave the client.

Sessions are issued as signed JWTs with configurable expiry. All API requests require a valid token in the Authorization header. Tokens encode the user's organisation membership and role, which are validated server-side on every request.

Organisation admins can manage team membership and roles from the dashboard. Role-based access control distinguishes between admins and members at the API level.

Data handling

Your source code lives inside your project's container for the duration of the session. When a project is deleted, its container and all associated storage are destroyed. We do not retain copies of your code outside of active project containers.

Published sites are stored in R2 with EU jurisdiction. Each publish creates a versioned snapshot — previous versions are retained until the project is deleted.

AI interactions within a project session are processed by Anthropic's Claude API. ooda does not store conversation history — session context exists only for the duration of the active connection.

Compliance

Cloudflare, our infrastructure provider, maintains the following certifications: ISO 27001, ISO 27701, ISO 27018, SOC 2 Type II, PCI DSS v4.0, and C5:2020. They are verified compliant with the EU Cloud Code of Conduct under GDPR Article 40.

Cloudflare's Data Processing Agreement (DPA) includes EU Standard Contractual Clauses and covers EEA, Swiss, and UK data transfers. Cloudflare is also certified under the EU-U.S. Data Privacy Framework.

If you have specific compliance requirements or need to review our data processing practices in detail, contact us at security@ooda.run.