Security Policy
Onbrand PLM is built with security as a core design principle. We employ industry-standard security controls, best practices, and ongoing monitoring to protect customer data, ensure platform reliability, and reduce the risk of unauthorized access or misuse.
Our approach to security is designed to scale with our customers while maintaining strong safeguards across application infrastructure, data storage, and AI-powered features.
Security Best Practices
Onbrand PLM follows established security best practices to protect the platform from common web-based threats and unauthorized access.
We utilize modern cloud infrastructure and security tooling to help mitigate risks such as malicious traffic, abuse, and automated attacks. Network-level protections, rate limiting, and application firewalls are used to proactively reduce exposure to common vulnerabilities.
User authentication is protected by enforced password strength requirements and secure credential handling. Passwords are never stored in plaintext and are encrypted using industry-standard cryptographic hashing algorithms. Onbrand personnel do not have access to user passwords.
The Onbrand PLM application is built on widely adopted, security-focused frameworks and libraries. These technologies receive regular security updates and benefit from extensive community and industry scrutiny. Secure development practices are followed throughout the software development lifecycle.
Data Security
Onbrand PLM takes data security seriously and applies strong encryption and access controls to protect customer information.
Customer data is encrypted both in transit and at rest using industry-standard encryption protocols provided by our cloud infrastructure providers. This ensures data remains protected whether it is being accessed by authorized users or stored within our systems.
Access to production systems and customer data is restricted to authorized personnel only and follows the principle of least privilege. Administrative access is logged and monitored to ensure accountability and traceability.
Periodic Security Reviews
Security is an ongoing process at Onbrand PLM. We regularly review our systems, dependencies, and operational practices to identify and reduce risk.
Periodic security reviews are conducted to evaluate:
Application security controls
Infrastructure configuration
Access management practices
Dependency and vulnerability exposure
Where appropriate, we engage external security professionals to assist with reviews and assessments. Findings are prioritized and remediated to maintain a strong security posture as the platform evolves.
AI Data Processing and Security
Onbrand PLM offers AI-powered features to enhance design, planning, and workflow efficiency. We understand that AI data processing introduces additional privacy and security considerations, and we take these responsibilities seriously.
Onbrand PLM utilizes third-party AI providers, including OpenAI and Google Gemini, to deliver AI functionality. These providers operate on secure, enterprise-grade cloud infrastructure and maintain strong security and privacy controls.
Key principles of our AI data handling include:
No model training on customer data
API inputs and outputs submitted by Onbrand PLM are not used to train AI models by our providers.Data protection and isolation
Data submitted to AI APIs is processed securely and remains logically isolated from other customers and systems.Encryption in transit
All AI-related API requests and responses are transmitted using secure, encrypted connections.Provider security standards
OpenAI and Google maintain robust security programs that include physical security, network security, identity and access management, and data encryption at rest and in transit.
Onbrand PLM only partners with AI providers that explicitly state that customer data and personally identifiable information (PII) submitted through APIs remains protected and is not repurposed for training or unrelated uses.
Third-Party Risk Management
Onbrand PLM relies on a small number of carefully selected third-party service providers to operate the platform, including cloud infrastructure, AI services, and monitoring tools.
All third-party providers are evaluated for security posture, data handling practices, and contractual commitments around confidentiality and data protection. Providers must meet baseline security expectations appropriate for a modern SaaS platform.
Commitment to Our Customers
We recognize that trust is essential. Onbrand PLM is committed to maintaining strong security controls, continuously improving our security practices, and responding promptly to potential risks or vulnerabilities.
Security questions or concerns may be directed to:
security@onbrandplm.com
