Trust & Safety
Security at OneOral
We take the security of your health data and personal information seriously. Here is an overview of the practices we have in place to keep your information safe.
Encryption in Transit & at Rest
All data transmitted between your device and our servers is encrypted using TLS 1.2+. Sensitive data stored in our databases — including payment tokens and health information — is encrypted at rest using AES-256.
Payment Security
Payments are processed exclusively by Stripe, a PCI DSS Level 1 certified payment processor. OneOral never stores raw credit card numbers. All billing data is tokenized and handled by Stripe's infrastructure.
Access Controls
Access to production systems and member data is restricted to authorized personnel on a need-to-know basis. We use role-based access control and require multi-factor authentication for all internal systems.
Regular Security Assessments
We conduct regular vulnerability assessments and penetration tests of our platform. Security findings are triaged and remediated based on severity. Our infrastructure is hosted on SOC 2 Type II certified cloud providers.
Secure Communications
Telehealth video consultations are conducted over encrypted, HIPAA-compliant video infrastructure. All messages sent through the OneOral portal are transmitted over encrypted connections and are not accessible to unauthorized parties.
Incident Response
We maintain a documented incident response plan. In the event of a security breach affecting your data, we will notify affected users in accordance with applicable law and work promptly to contain and remediate the incident.
Responsible Disclosure
If you believe you have discovered a security vulnerability in our platform, please report it to us privately. We are committed to working with security researchers to verify and address issues quickly.
security@oneoral.comQuestions about our privacy practices? Read our Privacy Policy