Security & Data Protection

Your clients trust you. We make sure the software deserves it.

OroMiQ holds the relationships, documents and agreements your business runs on. That is a responsibility we engineer for, not a checkbox we tick. Here is how we protect what you put in our hands.

Encryption, three layers deep

Most platforms stop at the first two. We did not.

In transit

Every connection to OroMiQ is encrypted with TLS 1.2 or higher. There is no unencrypted path to the platform.

At rest

All stored data is encrypted at rest with AES-256 on Microsoft Azure infrastructure, as standard, before we add anything of our own.

Per organisation

Client documents get a third layer: each file is individually encrypted with AES-256-GCM under a key dedicated to your organisation, held in a hardware-backed key management service.

The practical effect of that third layer: access to our storage systems alone yields ciphertext. Anyone holding raw storage credentials, whether that is an attacker or a member of our own staff, cannot read your documents. Decryption happens only inside the platform when you ask for a file, using a key that never leaves the key service.

Key material is non-exportable by design and every single use of your organisation's key is written to an audit log. If it were ever needed, your key can be disabled on request: a genuine kill switch that makes your documents unreadable platform-wide until you say otherwise. For enterprise agreements, ask us about bring-your-own-key, where the key sits in your own vault and you control access to it.

Secure document exchange

Share sensitive files without losing control of them.

Secure Rooms give you a controlled space to exchange documents with clients and third parties. No guest accounts to manage, no attachments flying around by email. You decide exactly what each guest can see and do, and you can see everything they did.

Every document in a room carries the same per-organisation encryption as the rest of your files, and everything a guest uploads is encrypted the moment it arrives.

Controls in every room

  • Per-guest links that can be set to expire
  • Email verification codes before a room opens
  • Optional room passwords on top
  • View-only mode with downloads switched off
  • Instant revocation of any guest, at any time
  • A full access trail: who opened what, and when

Protecting the way in

Strong encryption means little if the front door is weak. It is not.

Multi-factor authentication

Authenticator apps, email codes and passkeys (Face ID, Touch ID, Windows Hello). Passwordless sign-in is supported end to end.

Role-based access

Granular permissions control who on your team can see and do what. Every user acts within their role, nothing more.

Session control

Active session management and login history, so you can see where your account is signed in and end sessions you do not recognise.

Tenant isolation

Every record in OroMiQ is scoped to your organisation, and that scoping is enforced on every request. Your documents go further still, protected by an encryption key that is yours alone.

Built on serious foundations

OroMiQ runs on Microsoft Azure in the United Kingdom. Your data stays in the UK. Our databases sit on private networking with no public route in, our storage accounts are locked so that nothing can be made publicly accessible, even by accident, and the keys protecting your documents are themselves protected against deletion and backed up.

Signatures collected through OroMiQ e-sign carry a tamper-evident record: frozen document fingerprints, signer verification and a certificate of completion. Documents marked as records are locked against modification, giving you an immutable audit copy of what was actually sent and signed.

We operate in line with the UK GDPR and the Data Protection Act 2018. Our Privacy Policy sets out exactly what we collect and why, and we are happy to complete security questionnaires and due-diligence reviews for prospective customers.

One thing we will not do is overclaim. Some vendors promise that nobody, including themselves, could ever access your data under any circumstances. Claims like that rarely survive contact with how software actually works. Our promise is precise: storage access alone cannot read your documents, every use of your key is logged, and you hold a kill switch. That is a claim we can stand behind, and prove.

Questions about security?

Talk to us. We will walk your team, your IT partner or your DPO through how OroMiQ protects your data.

Get in touch