Data Privacy
and Security

are at core of ORKO’s architecture and infrastructure

ORKO takes a very proactive approach towards protecting your data by building top level physical security of 4 tier data centers spread across multiple geographical locations and end to end data encryption that keeps the privacy of your data at the highest levels.

Experience ORKO

Try it. It is free. No strings attached.

Your data is totally end-to-end encrypted.

Encryption at rest.

All data that is stored by ORKO is encrypted at the storage layer with a 256-bit Advanced Encryption Standard (AES) algorithm. The AES 256 key has the highest mathematical equivalent of 2256 combinations, which ensures your data is completely secure at rest.

Encryption in transit.

The data that you create and share on ORKO moves between devices, ORKO services, and our data center partners. This data in transit is always protected, encrypted, and authenticated by Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security (TLS). ORKO ensures that your data is not tampered with and is always authenticated.

ORKO adheres to the
SASE framework.

ORKO’s network architecture is built according to the Secure Access Service Edge (SASE) framework. ORKO adheres to all the core capabilities and components required for a SASE framework.

Secure Web Gateways (SWG):

Ideal for remote worksforces, SWG prevents and shields users from cyber threats and data breaches by filtering unwanted content from web traffic, blocking unauthorized user behavior and enforcing company security policies.

Cloud Access Security Broker (CASB):

CASB prevents data leaks and performs several security functions, including revealing shadow IT - unauthorized corporate systems, securing confidential data through access control and data loss prevention (DLP), and ensuring compliance with data privacy regulations.

Fire Wall As A Service (FWaaS):

FWaaS eradicates the requirement of physical firewall devices with cloud firewall that delivers next generation firewall capabilities that enables - URL filtering, advanced threat prevention, intrusion prevention systems (IPS) and DNS security.

Zero Trust Network Access (ZTNA)

ZTNA enables a svery secure access to remote users. It locks down internal resources from public view and helps defend against potential data breaches by requiring real-time verification of every user and device to every protected application. ORKO uses real time OTP verification of email ids and mobile numbers to grant access to its users.

ORKO® comes packed with features that caters to all types of organizations.


ORKO processes customers’ personnel user names and email addresses in order to provide data collection and data automation services.
For maintenance and support services related to the services, we may process our customers’ personnel names, email addresses, account names, and a list of their privileges (being the basic information we need to validate that that person is who they say they are when raising a support ticket.
To provide customer support, we may also need to access logs. By default, we do not access any personal data other than the above.
Suppose, if we are required to access any additional customer data, for example, to provide support services. In that case, a controlled process is in place to obtain temporary access, which includes obtaining approval from the customer's service admin on a case-by-case basis. We would not access privileged session recordings or customer passwords (for example) without first going through this approval process.

No. ORKO does not have any inbuilt functionality that gives or allows access to any customer data or system remotely other than the information described in the question above

ORKO acts as Data Processor, and the customer acts as a Data Controller, with respect to personal data provided by customers. ORKO will only process personal data (as set out above) for the purposes of providing the service to the customer and will act on the customer’s instructions.
In addition, ORKO acts as a Data Controller for data that it processes for its own purposes, such as data about our own internal employees, and marketing data related to our prospective customers. This is outside the scope of purchases made by customers and is processed independently of any data processed as part of the provision of our services.

ORKO currently maintains data centers in various territories (including India, Singapore, the United Arab Emirates, the United States of America, and the United Kingdom), to enable customers to nominate a region of their choice in which customer data will be hosted.
In a scenario where the customer requires integration with cloud services for use by remote vendors, some information (vendor's username, first and last name, phone number, email, company and ORKO’s Remote Access vendor group) is briefly transferred to a management system in the Indian datacenter solely in order to provision the user in the customer's ORKO Cloud tenant in the datacenter where the tenant is stored. Once the user has been provisioned, the management system deletes this data.
The service is hosted in premier Tier IV data center facilities that are highly secure, fully redundant, and certified for SOC-2 and ISO 27001 compliance.
In order to provide a global service, we do share data required to provide 24x7 Maintenance and Support with our regional offices and some of our sub-processors. This data will not include privileged session recordings and passwords.

Only those specifically authorized ORKO personnel who require access in order to provide successful delivery, operation, and service to the customer may access data. In order to access the data, such personnel must be authenticated using multifactor authentication and may perform actions only in keeping with their permissions in respect of the data. Access is restricted to the internal ORKO network and is audited.
With regard to the additional data (passwords and/ or recordings, where in exceptional circumstances access to these is required), the process for gaining access to these is as described below. This “breakglass” procedure is only triggered when necessary in order to assist the customer, and with the customer’s approval:
In order to initiate the process, the ORKO engineer will need to extract a key from a centralized, encrypted location. The key is stored in a safe on ORKO’s corporate Vault. The key retrieval process can only be performed by the engineering team that owns ORKO’s cloud production. They are the only ORKO team members who are able to request approval to access the key. The extraction attempt automatically triggers a request for manager approval. Manager approval will only be given with explicit approval from the customer on a case-by-case basis. Once this approval has been given, the key extraction will automatically send a notification to all the team members. This creates high visibility for the activity. The key can then be used to grant access to the relevant customer data. Once the activity is done, the engineer immediately removes the ORKO user’s access to the data.

Customer data (including backup data) will be deleted no later than 60 days after the expiration/termination of the ORKO Cloud services. Additionally, customers may make a specific written request at any time to the ORKO Customer Support portal for data deletion. Shortly after the customer's request, the data will be deleted from the ORKO Cloud service's live systems (databases).

ORKO does aggregate statistical data related to its customers’ use of, access to, and configuration of our SaaS solutions. This will be used for ORKO’s reasonable business purposes or for the customer’s benefit, including improving our services.