Ottri Logo

Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Welcome to Ottri's Trust Center. Ottri operates a technology platform that connects consumers with licensed lenders for financing. We are an embedded lending platform that helps merchants in high-ticket verticals offer financing options to their customers.

This Trust Center provides a comprehensive overview of Ottri's commitment to security, privacy, and operational excellence. Here, you will find detailed information about the policies, controls, and practices we have implemented to protect your data and ensure the integrity of our services.

Our commitment to trust is built on a foundation of robust policies and procedures. We have established clear guidelines for software development, covering requirements, design, implementation, testing, and deployment. Ottri also maintains comprehensive information security policies and other topic-specific policies to support our internal controls. We have specific policies governing how customer data is accessed and handled, which are accessible to all employees and contractors.

Data protection is a cornerstone of our operations. We have a documented Data Protection Policy that outlines our baseline requirements for the lawful, secure, and controlled handling of personal data and other protected information across the Ottri stack. This policy applies to all Ottri personnel, systems, vendors, contractors, and processes that handle personal data or protected information. We also have a detailed Data Retention Policy that defines the types of data we retain and the periods for which they are kept, ensuring compliance with regulations like HIPAA and state privacy laws. This policy also outlines secure data disposal methods, including cryptographic erase and degaussing.

Our operational practices are designed to maintain a secure and reliable environment. We have an Acceptable Use Policy that outlines requirements for personnel's usage of company assets. For our physical infrastructure, Ottri offices and data centers employ environmental controls such as temperature and humidity regulation, and fire suppression systems. While Ottri does not operate on-premises server rooms, all production infrastructure is hosted in AWS regions, which maintain redundant power, cooling, and environmental controls. Our physical security measures also support disaster recovery objectives, with backups stored in geographically separate AWS regions and data replication to secondary AWS regions for high availability.

We also carefully manage our relationships with third-party vendors. Our Business Associate Policy establishes requirements for relationships under HIPAA and HITECH, ensuring that all third parties handling Protected Health Information (PHI) comply with applicable privacy and security standards. We classify Business Associates into risk tiers based on PHI access and apply the HIPAA minimum necessary principle, ensuring vendors only receive the minimum PHI required for their specific service. Our Vendor Management Policy includes requirements for vendors processing California consumer personal information and mandates breach notification within specified timeframes.

This Trust Center serves as a central resource for understanding Ottri's dedication to safeguarding your information and maintaining a secure and trustworthy platform. We encourage you to explore the detailed sections for more in-depth information on each of these areas.

Documents

COMPLIANCEGLBA

Risk Profile

We have secure, reliable hosting that customers can depend on. We are happy to provide details about our risk mitigation practices and recovery objectives upon request.

Reports

We may provide security-related reports upon request.

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

AI

We take the usage of AI seriously in our organization and work to ensure security and reliability of the AI.

ESG

We prioritize and take environmental, social, and governance (ESG) considerations seriously in our operations and decision-making processes.

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Built onSafeBase by Drata Logo