Loading…
OpenCentric protects the workspace control plane: profiles, business pages, Catalog transactions, Fabric runs, storage, hosting, integrations, and the data that makes Coworker useful.
Workspace data, uploaded files, automation metadata, and integration secrets are encrypted in transit and at rest. Sensitive credentials are scoped and stored separately from user-visible workflow configuration.
Role-based access control is enforced across workspace sections, profiles, API keys, connected apps, and admin operations. MFA is required for employee access to production systems.
Annual third-party penetration test by an independent firm. Last test: Q1 2026. Results and remediation available under NDA to Enterprise customers.
OpenCentric separates web, API, workflow, storage, and observability concerns. Customer-owned cloud deployments are scoped by explicit credentials, roles, and written instructions.
Policies, access, logging, vulnerability management, payment handling, data processing, and subprocessors are documented through the Trust Center and enterprise review process.
Dependencies, containers, workflow services, and hosting patterns are reviewed continuously. Critical findings are prioritized for rapid remediation and customer notification where needed.
We operate a responsible disclosure programme. If you've found a security issue, email security@opencentric.ai with details. We respond within 24 hours, keep you informed throughout remediation, and publicly credit researchers who report valid findings (if desired).
Report a vulnerability