Data Security

🛡️ Opensolr Information Security Policy

This document outlines Opensolr’s current data security and privacy practices.
Our policies evolve with the industry, so please check back for updates or Contact Us with suggestions.

1. Introduction

• Opensolr is ISO9001 & ISO27001 Certified
  (Recognized standards for quality and information security.)

• Types of Data Processed:

  • Logical Data:
    • User identification and profile data.
    • Used to provide the Solr Cloud Hosting Platform and related services, managed securely with Role-Based Access Control (RBAC).
  • Solr Data:
    • The data you host with Opensolr, in your own designated environment/server.
    • Stored globally with leading datacenter and cloud providers, including:
      • AWS
      • Hetzner
      • HostHatch
      • Alibaba Cloud

2. 🔒 Confidentiality

• All data types are protected under our GDPR Information Security Policies and our main privacy policy.

• Logical Data:

  • Securely stored on encrypted Opensolr Main Data Servers (AWS Cloud).
  • Identifies each user (free, paid, or blocked status).
  • User activity logs are encrypted and provide a full transparency trail.
  • Only accessible to the Opensolr Account Owner via the Control Panel.
  • Security policies:
    • User/Password Authentication
    • Two-Factor Authentication (Authy/SMS, optional)

• Solr Data:

  • Securely stored per your choice of datacenter/cloud.
  • Security policies:
    • SSL Data Transmission
    • HTTP Authentication
    • IP Access-Based Authorization
  • Accessible only to the Account Owner and invited team members (verified).
  • Never made public unless the Owner explicitly authorizes it, via our Support Helpdesk.

3. 🧩 Integrity

• Logical Data (User Identity):
  • Not changed by Opensolr employees except:
    • Upon explicit owner request (via Support Helpdesk).
    • By the owner through the Control Panel (with full change logs).
• Solr Data:
  • Updated/removed only by the Account Owner or authorized team members after passing security checks.

4. ⚡ Availability

• All authorized users have reliable, timely access to Opensolr services.
• Infrastructure is built for high availability and resilience, even during failures.
• Risk mitigation & high availability:
  • Solr Data Backup tools for creating, downloading, or restoring data/configs.
  • Solr Index Replication for direct index replicas across regions.
  • Main system replication & redundancy worldwide.
  • Custom and third-party Web Application Firewall (WAF) systems (e.g., Apache mod_security).

5. 🎯 Authenticity

• Uses the latest SSL standards and configurations for secure, authentic transfers.
• Never requests or transfers biometric or location data.
• All data transfers are subject to:
  • WAF AI verification (blocking/whitelisting)
  • SSL security keys and fingerprint verification for authentic transmissions

6. 📝 Non-Repudiation

• Opensolr keeps detailed logs and revisions of all critical data transfers, user identification, and actions.
• All support interactions are logged and revisioned via our Support Helpdesk System.

Questions or feedback?
Contact us here.

📄 Opensolr General Data Privacy Terms

1. Membership and Agreement

• Becoming an Opensolr member is only possible via the Opensolr Registration Form.
• By registering, you agree to our Terms of Service, General Privacy Policy, and this GDPR Privacy Agreement.

2. Data Collected by Opensolr

• Opensolr collects minimal mandatory data at registration:
  • Email address
  • Chosen password
• You may change your password at any time.
• To update your registration email address, submit a formal request to support@opensolr.com.
• Members may optionally add more personal data (e.g., website, social links) and create Opensolr Cloud Indexes to store data as needed.
• Opensolr does NOT directly collect, store, or process any billing or payment information from members or third parties.
• Your Solr Index Data is never accessible to Opensolr staff, subcontractors, or third parties without your consent—except in urgent technical emergencies required to restore service.

3. Personal Data Processing

• Opensolr will never make public, sell, or trade any member’s personal information.
• Your email address is used solely for login and identification.
• Strict security measures protect all data stored and processed via Opensolr cloud infrastructure.
  See our Cloud Data Security FAQ for more details.
• As above, Opensolr never directly collects or stores billing or payment data.
  All payments and billing are processed through highly secure, PCI-compliant APIs provided by Stripe.com.

4. Data Security

• All data on Opensolr infrastructure is protected by SSL encryption.
• SSL certificates are re-keyed and renewed annually.
• Opensolr.com always uses EV-SSL for maximum browser and user trust.
• All accounts can activate Two-Factor Authentication (2FA) via SMS or Authy.
  Our 2FA system is delivered securely via SSL and managed by Twilio.

5. Communication Policy

• Opensolr will never send unsolicited emails or postal mail.
• All official Opensolr communications are mandatory for members and limited to:
  • System maintenance and emergency alerts
  • Membership notifications (trial expiration, resource usage, password resets, etc.)
  • Service developments and updates relevant to all members

To opt out of Opensolr communications, you must request account cancellation by emailing support@opensolr.com.

🏆 Opensolr: ISO27001 & ISO9001 Certified

Why ISO Certification Matters

At Opensolr, we believe that trust, quality, and security are the foundation of every successful search solution.
That’s why we’re proud to be officially certified for both ISO27001 (Information Security Management) and ISO9001 (Quality Management).

🔐 ISO27001: Information Security Management

• World-class data protection: Your data is managed using global best practices for confidentiality, integrity, and availability.
• Continuous risk management: We proactively identify and mitigate security threats to keep your information safe.
• Compliance assurance: Our ISO27001 certification means Opensolr meets strict requirements recognized by businesses and regulators worldwide.

🏅 ISO9001: Quality Management

• Consistent, reliable service: Our processes are optimized for quality, efficiency, and continuous improvement.
• Customer focus: We put your needs at the center of everything we do, driving high customer satisfaction.
• Process transparency: ISO9001 ensures clear procedures, fewer errors, and a smooth customer experience.

🌍 The Benefits for You

• Peace of mind: Your data and services are protected by proven, independently audited standards.
• Business readiness: Opensolr can support even the most demanding enterprise, compliance, and public sector requirements.
• Trusted partnership: Our commitment to quality and security is not just a promise—it’s certified.

Want to know more about our certifications or request documentation?
Contact our team — we’re happy to help.