🛡️ Opensolr Information Security Policy

This document outlines Opensolr’s current data security and privacy practices.
Our policies evolve with the industry, so please check back for updates or Contact Us with suggestions.

1. Introduction

• Opensolr is ISO9001 & ISO27001 Certified
  (Recognized standards for quality and information security.)

• Types of Data Processed:

  • Logical Data:
  • User identification and profile data.
  • Used to provide the Solr Cloud Hosting Platform and related services, managed securely with Role-Based Access Control (RBAC).
  • Solr Data:
  • The data you host with Opensolr, in your own designated environment/server.
  • Stored globally with leading datacenter and cloud providers, including:
    • AWS
    • Hetzner
    • HostHatch
    • Alibaba Cloud

2. 🔒 Confidentiality

• All data types are protected under our GDPR Information Security Policies and our main privacy policy.

• Logical Data:

  • Securely stored on encrypted Opensolr Main Data Servers (AWS Cloud).
  • Identifies each user (free, paid, or blocked status).
  • User activity logs are encrypted and provide a full transparency trail.
  • Only accessible to the Opensolr Account Owner via the Control Panel.
  • Security policies:
    • User/Password Authentication
    • Two-Factor Authentication (Authy/SMS, optional)

• Solr Data:

  • Securely stored per your choice of datacenter/cloud.
  • Security policies:
    • SSL Data Transmission
    • HTTP Authentication
    • IP Access-Based Authorization
  • Accessible only to the Account Owner and invited team members (verified).
  • Never made public unless the Owner explicitly authorizes it, via our Support Helpdesk.

3. 🧩 Integrity

• Logical Data (User Identity):
  • Not changed by Opensolr employees except:
    • Upon explicit owner request (via Support Helpdesk).
    • By the owner through the Control Panel (with full change logs).
• Solr Data:
  • Updated/removed only by the Account Owner or authorized team members after passing security checks.

4. ⚡ Availability

• All authorized users have reliable, timely access to Opensolr services.
• Infrastructure is built for high availability and resilience, even during failures.
• Risk mitigation & high availability:
  • Solr Data Backup tools for creating, downloading, or restoring data/configs.
  • Solr Index Replication for direct index replicas across regions.
  • Main system replication & redundancy worldwide.
  • Custom and third-party Web Application Firewall (WAF) systems (e.g., Apache mod_security).

5. 🎯 Authenticity

• Uses the latest SSL standards and configurations for secure, authentic transfers.
• Never requests or transfers biometric or location data.
• All data transfers are subject to:
  • WAF AI verification (blocking/whitelisting)
  • SSL security keys and fingerprint verification for authentic transmissions

6. 📝 Non-Repudiation

• Opensolr keeps detailed logs and revisions of all critical data transfers, user identification, and actions.
• All support interactions are logged and revisioned via our Support Helpdesk System.

Questions or feedback?
Contact us here.