How it works
Exceed security and privacy requirements
Compliant with all modern standards
We are GDPR, CCPA, ISO27001^ and SOC2 compliant, and a member of anti-abuse organization M³AAWG. Our latest audit reports are available on request.
Privacy and security first culture
Ortto is fast, secure and designed to exceed modern privacy standards. Our team undergoes regular security training and we regularly audit and test our breach and disaster recovery programs.
Switch on advanced security
Enforce two-factor authentication (2FA) and set user roles to better manage security.
Built-in tools to help you manage security and data privacy
Single sign-on (SSO) and OKTA support
Multi-region data hosting in EU, USA, Australia and Asia
Automatic cookie tracking opt-in prompt for GDPR compliance
User permissions, roles and audit logs
Incident reporting and live updates
Google reCaptcha keeps your online forms secure
ORTTO AI
AI ethics, privacy and security at Ortto
Ortto utilizes AI technologies while prioritizing customer data protection and risk mitigation.
Ortto aims to leverage technology, including Generative AI (GenAI), to enhance customer value and business efficiency.
Ortto adheres to an AI Ethics Policy with three core principles to ensure safe innovation. These GenAI principles are applied to product development, service delivery, business operations, and partner guidelines.
Privacy: Customer and personal data is segregated, and existing security and privacy controls are enforced when processed by GenAI systems. GenAI systems do not aggregate data or draw inferences that could identify individuals or associate personal/sensitive data without consent. Customers retain control over their data and its usage, including model training.
Security: Data processed by GenAI systems is protected with the same security controls as the source data. Models and generated data are secured against unauthorized alteration. GenAI systems are protected from unintended manipulation and monitored for abuse.
Transparency: GenAI usage is disclosed, and traceability is provided where possible. The use of GenAI is clearly disclosed to users and subjects as appropriate. Customers can choose to enable or disable AI features. Traceability of GenAI results to source training material is provided where possible. The use of third-party GenAI models and training content is disclosed.
