Security

Infrastructure

ooda runs entirely on Cloudflare's global network. Our API server, project loader, and database all run on Cloudflare Workers, D1, and R2 — there are no traditional servers to patch or maintain.

Each dev environment is a Cloudflare Container — a sandboxed Linux instance backed by a Durable Object. Containers are provisioned on demand and automatically hibernated when idle.

All traffic is served over HTTPS with TLS termination at Cloudflare's edge. DDoS protection is provided at the network layer globally.

Project isolation

Every project runs in its own container with dedicated compute, storage, and networking. Containers are isolated from each other at the hypervisor level — there is no shared filesystem or process space between projects.

Preview URLs for each project are scoped with unique tokens and validated on every request. Tokens are revoked immediately when a project is stopped or deleted.

Organisation boundaries are enforced at the API layer. All project-scoped requests are authenticated and authorised against the requesting user's org membership and role.

Published sites

Every published site is gated. A site can be public, password-protected, or limited to your team's signed-in members. You set this per site or as an org-wide default — and when nothing is configured, sites require a team login by default.

Access is enforced at Cloudflare's edge on every request, before any content is served. A request that fails the gate never receives the site. If a site's access policy can't be read, the gate fails closed and serves nothing.

Site passwords are encrypted at rest. A correct password sets a signed, expiring cookie scoped to that site; incorrect attempts are rejected and rate-limited. Team-login sites reuse the same org authentication and role checks as the dashboard.

Admins see every published site and its gate in one dashboard, can change a site's access or rotate its password at any time, and unpublishing removes the site immediately.

Data residency

Our database (Cloudflare D1) and object storage (Cloudflare R2) are configured with EU jurisdiction. This means your project metadata, organisation data, and published site assets are stored and processed exclusively within European Union data centres.

Data residency is enforced at the infrastructure level and cannot be changed after provisioning — it is not a software toggle.

Cloudflare Workers execute at the edge nearest to the requesting user. For requests that access the database, Cloudflare's Smart Placement routes execution to the EU to minimise round-trip latency to the data layer.

Authentication

Users authenticate via email and password. Passwords are hashed using PBKDF2 with a unique salt per user before storage — plaintext passwords never leave the client.

Sessions are issued as signed JWTs with configurable expiry. All API requests require a valid token in the Authorization header. Tokens encode the user's organisation membership and role, which are validated server-side on every request.

Organisation admins can manage team membership and roles from the dashboard. Role-based access control distinguishes between admins and members at the API level.

Data handling

Your source code lives inside your project's container for the duration of the session. When a project is deleted, its container and all associated storage are destroyed. We do not retain copies of your code outside of active project containers.

Published sites are stored in R2 with EU jurisdiction. Each publish creates a versioned snapshot — previous versions are retained until the project is deleted.

AI interactions within a project session are processed by the model provider your organisation configures, using your own credentials. ooda does not store conversation history — session context exists only for the duration of the active connection.

Compliance

Cloudflare, our infrastructure provider, maintains the following certifications: ISO 27001, ISO 27701, ISO 27018, SOC 2 Type II, PCI DSS v4.0, and C5:2020. They are verified compliant with the EU Cloud Code of Conduct under GDPR Article 40.

Cloudflare's Data Processing Agreement (DPA) includes EU Standard Contractual Clauses and covers EEA, Swiss, and UK data transfers. Cloudflare is also certified under the EU-U.S. Data Privacy Framework.

If you have specific compliance requirements or need to review our data processing practices in detail, contact us at security@ooda.run.