Your information or data will never be leased or traded to any third party. We do not employ or transfer your data for advertising purposes, including retargeting, personalized, or interest-based advertising. Under no circumstances will we share any of your information with any party unless you provide explicit consent. For additional details, please consult our privacy policy.

  1. Cloud Infrastructure

    DaOrion, hosted within a Virtual Private Cloud on Azure Storage, establishes a secure and scalable technological foundation to ensure the safe and reliable delivery of our services to you. Our infrastructure is deployed in accordance with the Azure Well-Architected Framework, with a security focus that incorporates Azure Cloud Adoption Framework practices.
    For our web applications and mobile applications collectively referred to as the "Platform," we utilize the HTTPS protocol. All interactions between the Platform and our servers benefit from the protection of 256-bit encrypted HTTPS, safeguarding against Man-in-the-Middle (MITM) attacks on our platform. The connection between us and our users is fully secure. We have implemented stringent network segmentation and isolated environments and services to enhance security.

  2. Host Security

    We implement cutting-edge solutions for antivirus protection, file integrity monitoring, application control, and automated auditing. We regularly perform log collection and execute automatic patch updates.
    Each of our servers is initiated with the Internet Security Benchmark Center's Azure Linux standards.

  3. Data Security
    1. User authentication on the daOrion mobile application relies on one-time password (OTP) validation.
    2. All user data and internally stored data are safeguarded through encryption while at rest, and sensitive data is protected with application-level encryption.
    3. We implement environment segregation and separate duties strictly. Additionally, we enforce rigorous role-based access controls based on documented, authorized, and necessary criteria for use.
    4. Our approach includes key management services, which are employed to limit data access, except for specific data pools.
    5. Stored data benefits from encryption at rest, and sensitive data is shielded through application-level encryption. We utilize data replication for both data recovery and disaster recovery, along with snapshot creation to ensure data durability. Additionally, we conduct backup/restore testing to ensure data reliability.
    6. For our internal analytics and business intelligence needs, we exclusively utilize anonymized and aggregated data.

  4. Incident and Change Management

    1. Our established procedures for change management are robust, ensuring that we can consistently and securely introduce thoroughly tested features to you. This ensures that you can confidently enjoy the daOrion experience with the highest level of assurance and security.
    2. We maintain a highly optimistic outlook regarding our ability to manage system downtime incidents, as well as our security and network operations center. We also have an effective information security management system in position to promptly address, rectify, or rapidly report any issues resulting from scheduled or unforeseen changes.

  5. Annual security assessment

    We conduct an annual security evaluation carried out by a third party appointed by Azure, and we refresh this assessment periodically or as instructed by Azure. We will publish an "Assessment Letter" on our daOrion mobile applications to reflect the results of this review.

  6. Responsible Disclosure

    1. At daOrion, our unwavering commitment is to uphold the data privacy and security of our users.
    2. We employ a multi-faceted security approach in conjunction with cutting-edge technology to ensure that our systems maintain robust security measures.
    3. Our comprehensive data security and privacy framework equips us to safeguard our systems against a wide range of potential threats.
    4. For those who are security enthusiasts or researchers and may come across potential security vulnerabilities within daOrion, we highly encourage you to responsibly report any identified issues to us.
    5. Please feel free to send us a bug report at contact@daorion.com, providing detailed steps necessary to replicate the vulnerability.
    6. Rest assured, we will diligently investigate and address legitimate concerns within a reasonable timeframe, and we kindly request that you refrain from disclosing them publicly.