Trust is at the core of our company. OneTrust is committed to the protection and security of our customer’s data. Security is built into our products and services.
OneTrust understands the importance of resiliency especially when it comes to supporting our customers’ needs and operations. OneTrust has documented business continuity plans. These plans describe the recovery resources, procedures, and priorities necessary to provide customer access in the event of a data center availability issue. The OneTrust platform is designed with resilience in mind. Each customer’s data is replicated between multiple geographically separate data centers. Details of OneTrust’s global data center footprint can be found in this knowledge base article (requires MyOneTrust account). Tests are performed at least annually to ensure that failover processes between the data centers work as designed. Non-technical business impacting events are also exercised to validate business continuity plans and procedures.
OneTrust is committed to maintaining the security of our systems and our customers’ information. We encourage security researchers to report any potential vulnerabilities discovered in our products, systems, or services.
If you believe you’ve found a security vulnerability on a OneTrust property or product, please inform us as quickly as possible through our bug bounty program hosted by Bugcrowd.
If you are unable to report via our bug bounty portal on BugCrowd, you may email us at [email protected].
OneTrust does not allow public disclosure of any vulnerabilities identified. We review all reports and will do our best to address reported issues in a timely manner.