Orensio

Enterprise Grade

Security & Trust

How we protect professional identities, secure private access keys, enforce data isolation, and guarantee B2B deliverability.

1. Database & Row-Level Security

Orensio utilizes highly secure cloud database hosting to store core campaign records, lead databases, and performance analytics.

To prevent cross-tenant data leaks or unauthorized profile visibility:

  • Row-Level Security (RLS): Access permissions are strictly enforced at the database level for all customer records.
  • Every database query automatically verifies the tenant identifier, guaranteeing that client profiles can never access, query, or edit data belonging to another account.
  • System database access is strictly restricted to authenticated background services used in protected workflow runners.

2. Private Token Encryption

CRM integrations (like HubSpot Private Access Tokens) are highly sensitive credentials. If compromised, they could allow unauthorized write access to your corporate deals pipelines.

Orensio eliminates this risk using industrial-grade, zero-trust storage practices:

  • Private HubSpot CRM tokens are never saved in raw text inside the database.
  • All tokens are encrypted in memory on our backend servers using the AES-256 encryption standard before storage.
  • Decryption keys are loaded strictly as transient environment parameters inside production-only hosting systems, isolated from data storage backups.

3. Isolated Outreach Sandboxes

To conduct compliant LinkedIn outreach (connection requests, follow-ups, and inbox monitoring) without triggering automated spam filters:

  • Isolated Virtual Sandboxes: LinkedIn sessions operate inside dedicated, containerized virtual browser sandboxes with static IP nodes.
  • Session Security Binding: Generated connection gateways bind client sessions directly to the client's verified user UUID. We enforce server-side validation to block third-party link hijacking.
  • Rate Limiters: Sequences strictly restrict outbox dispatch schedules to follow human-like delays, matching professional outreach patterns perfectly.

4. Deliverability & DNS Verification

Cold email reputation is extremely fragile. Senders with misconfigured DNS keys are routed instantly to spam.

Orensio maintains a pristine outbox record using strict enforcement methods:

  • Deliverability Auditing: Prior to launch, our onboarding systems audit and verify mandatory email signatures, including SPF, DKIM, and DMARC CNAME mappings.
  • Private Beta Cohort Scarcity: To guarantee hands-on setups and prevent domain burnout, we restrict Scale/Agency onboarding to exactly 5 clients per week, ensuring domain engineers can personally monitor early email warmup curves.

5. PCI Compliance & Stripe Billing

Orensio does not store, process, or transmit credit card details on our own servers.

  • All payments and subscriptions are processed by Stripe, Inc. under strict PCI-DSS compliance.
  • Stripe customer portal sessions are dynamically created and verified on the backend, ensuring billing edits are strictly authenticated.