All applications utilized for conducting OpenGraph business utilize the HTTP TLS 1.2 transport.

Customer data is removed within 30 days of being no longer needed for OpenGraph to conduct their services.

All OpenGraph employees are issued accounts using our Identity Provider which enforces MFA (multi-factor authentication) and the OpenGraph Password Policy.

Customer data is stored utilizing a well known cloud data storage platform which encrypts data at rest.

OpenGraph does not store customer PII.

OpenGraph does not store PHI

All risk is ultimately owned and accepted by OpenGraph Chief Executive Officer.

Risk assessment and risk treatment are applied to the entire scope of OpenGraph's information security and privacy program, and to all assets which are used within

Employees are given access to company systems and customer information on an as-needed basis.

All contractors and employees must agree to an employment agreement and non-disclosure agreement prior to employment.

All employees and contractors must undergo local and federal background checks prior to beginning work for OpenGraph.

When an employee or contractor is terminated, access to accounts is removed prior to an exit interview with the head of Human Resources.

Roles and responsibilities are well defined and documented within the HR management software which OpenGraph utilizes.

Assets are tracked via an industry standard asset management software which ensure local security configurations are correctly enabled as per OpenGraph policies.

OpenGraph data is stored via a well-known corporate storage provider which employs strong physical security Controls. All employee laptops are configured with encrypted hard disks to prevent data spillage in the event of a device being lost or stolen.

OpenGraph implements industry leading endpoint protection on all company devices.