Security at Oyster

At Oyster, data security and privacy processes are top priority. Learn more about our processes, policies, and standards below.

To learn more about Trust at Oyster, visit our Trust Center.

For more technical information on our security practices or to access copies of our security policies, visit our InfoSec Control and Policy Dashboard.

 This is a decorative image of group of employees
This is a decorative image of lock

As experts, we take this stuff seriously

This isn’t our first startup. Our team not only knows how to secure data, but why it’s so important. Our standards are high and we’re committed to continuously improve our people, processes, and product so you feel confident working with us.


Demonstrating our leadership in compliance is key for building your trust. We engage outside auditors for verification of our compliance against global standards and industry best practices.

  • Oyster's most recent SOC 2 Type II report is available on our Policy and Security Dashboard

  • Penetration testing is conducted on a regular basis

This is an image of a member who is working on a desk
This is an image of a members who are working on a deskSecurity shield illustration


Oyster is compliant with various data protection laws, including the General Data Protection Regulation (GDPR). Our Data Processing Addendum is automatically incorporated into our Terms and it applies GDPR standards to all the personal data we process—regardless of where the data subject is located. We also employ privacy-by-design principles throughout our software development lifecycle in accordance with GDPR standards.

Incident Reporting

We have a publicly-facing security incident reporting helpline here to ensure our customers can access fast support. All incidents are routed to designated teams, investigated according to our Incident Response Policy, and addressed in accordance with applicable law.

This is an image of a member who is working on a desk with a laptopTools image
This is an image of a members who are working on a deskRocketship image

Business Continuity and Reliability

We understand that our customers need readily available access to the Oyster platform. Hosted by AWS, the Oyster platform relies on the Amazon S3 Service Level Agreement. Oyster platform data is backed up on a regular basis in case of a system failure. We target full system recovery in less than five hours with a recovery point objective of two minutes or less.

Access Controls

By default, Oyster uses 2FA and single sign-on (SSO). If you use another SSO provider, we’ll gladly integrate it to ensure user-friendly and secure access to our platform.

Continuous Monitoring

This is a logo of Drata

Drata is a security and compliance automation platform that continuously monitors Oyster’s policies, procedures, and IT infrastructure to ensure the company adheres to industry standards.

This is a image of breachlock

Breachlock is a Penetration Testing as a Service (PtaaS) platform that continuously monitors the Oyster platform for vulnerabilities and threats.

This is a decorative image two members doing hand-shaking


Oyster’s operations are guided by a comprehensive package of security policies. We review our policies on a regular basis and conduct training to ensure customer, Team Member, and staff data is always handled diligently.

Take it for a spin

See how the Oyster platform can transform your business.

Sign Up Now
this is a decorative image of a bird coming out of a magician's hands and wand