Security is foundational.
Support Oasis is built with a security-first mindset. We take data protection seriously and follow industry best practices to safeguard customer data, maintain availability, and earn your trust.
Last updated: January 7, 2026
Encryption
Data is encrypted in transit and at rest using modern, industry-standard cryptography.
Access controls
Least-privilege access, strong authentication, and role-based permissions help keep data protected.
Monitoring & response
We monitor for suspicious activity and have incident response practices to investigate and mitigate issues quickly.
Our security approach
We treat customer data as critical infrastructure. Security is designed into our product and operations from day one—covering encryption, access control, secure software development, infrastructure hardening, monitoring, and incident response.
This page is written to answer the questions most customers ask during a security review. If you need a tailored response for your organization, contact us and we’ll work with you.
Data protection & privacy
Data minimization
We collect and process only the data required to provide and improve the service. Access to customer data is limited to what’s necessary to operate Support Oasis.
Tenant isolation
Support Oasis is built as a multi-tenant system with controls designed to prevent one customer’s data from being accessed by another.
Retention & deletion
We support reasonable retention practices and can help with customer requests related to data export or deletion, subject to legal and operational requirements.
Privacy practices
Our privacy commitments and data handling principles are described in our Privacy Notice.
Encryption
In transit: We use TLS to protect data transmitted between your browser, integrations, and our services.
At rest: Customer data stored by Support Oasis is encrypted at rest using industry-standard mechanisms.
Note: Exact cipher suites, key management architecture, and environment details may vary based on deployment and are available upon request for security reviews.
Authentication & access control
Role-based access
Access within Support Oasis is controlled by roles and permissions so teams can apply least privilege across admins and agents.
Account security
We encourage strong password practices and protect sessions using secure cookie settings and modern web security controls.
Internal access controls
Employee access to production systems is restricted, logged, and reviewed. Access is granted only when needed and removed when no longer required.
Auditability
We maintain operational logs and monitoring to support investigation, abuse prevention, and troubleshooting.
Secure development lifecycle
Secure coding practices
We follow secure coding standards and proactively address common web security risks such as injection, broken access control, and XSS.
Review & testing
Changes are reviewed before release and tested to reduce regressions and security issues.
Dependency hygiene
We monitor third-party dependencies and patch known vulnerabilities promptly.
Infrastructure as code
Infrastructure is managed in a repeatable way to reduce drift and improve auditability.
Infrastructure & operational security
Network controls
We use network segmentation and firewalling principles to limit exposure of internal services and reduce blast radius.
Secrets management
Sensitive credentials and keys are managed using secure storage and are not embedded in source code.
Backups & recovery
We use backup and recovery practices designed to protect against data loss and support restoration in the event of an incident.
Availability practices
We design for reliability with monitoring, alerting, and operational processes that help keep the service stable.
Incident response
We have practices for detecting, investigating, and responding to security incidents. When appropriate, we notify affected customers and provide updates as we learn more and mitigate risk.
We also review incidents to improve our controls and reduce the likelihood of recurrence.
AI features & data handling
Some Support Oasis features use AI to help draft responses and automate parts of the support workflow. We design these features to be controlled, auditable, and aligned with customer expectations around privacy.
Customer control
Customers control which channels and content are connected and how AI features are used within their account.
Minimized exposure
We aim to minimize the amount of data processed for AI tasks, and we apply the same security principles and access controls to AI-related workflows.
If you have specific AI data-processing requirements (e.g., data residency, retention limits, or vendor constraints), contact us and we’ll coordinate a review.
Compliance & security reviews
Many customers need information for vendor assessments. We’re happy to support reasonable security questionnaires and due diligence requests.
Questionnaires
We can assist with common security questionnaires and provide relevant documentation where available.
Subprocessors
We may rely on trusted service providers to operate Support Oasis. We evaluate providers for security and reliability.
Responsible disclosure
If you believe you’ve found a security vulnerability, please disclose it responsibly so we can investigate and fix it quickly.
How to report
Email: security@supportoasis.com
Please include steps to reproduce, impact assessment, and any relevant logs or screenshots. We’ll acknowledge reports and work toward a fix.
Security questions
If you have security or privacy questions, need help with a vendor review, or have contractual requirements (like a DPA), we’re happy to help.