Olimp Platform Security Guide - Olimp

Olimp Platform Security Guide

Last updated: January 2026

Olimp is committed to protecting the confidentiality, integrity, and availability of customer and partner data. This document provides a high-level overview of the administrative, technical, and organizational measures used to secure the Olimp platform.

This guide is informational only and does not constitute a contractual guarantee or certification.

1. Infrastructure Security

  • Olimp’s production infrastructure is hosted on Amazon Web Services (AWS).
  • Services are deployed in North America, including the United States and Canada.
  • The platform leverages:
    • Managed AWS services
    • Load balancers for traffic distribution and availability
    • Managed databases for data storage
  • Access to infrastructure is restricted to authorized personnel and follows the principle of least privilege.

2. Data Protection

Data Processed

Olimp processes business and operational data, which may include:

  • Names
  • Email addresses
  • Phone numbers
  • Company information
  • Credentials (stored securely)
  • Warehouse staff and customer-related information

Olimp does not intentionally store payment card data.

Encryption

  • All data in transit is protected using TLS (HTTPS).
  • Sensitive data, including credentials, is stored using secure, industry-standard cryptographic practices.

3. Identity & Access Management

  • Employee access is managed using:
    • Google Workspace
    • Microsoft Azure AD / Entra ID
  • Multi-Factor Authentication (MFA) is enforced for internal systems.
  • Role-based access controls (RBAC) are used to restrict access based on job responsibilities.
  • Administrative access is limited and logged.

4. Application Security

  • Secure development practices are followed throughout the software lifecycle.
  • The platform enforces:
    • HTTPS across all environments
    • Dependency management and regular updates
    • CI/CD pipelines with automated checks
  • Abuse-prevention controls include:
    • Rate limiting
    • Bot protection
    • CAPTCHA mechanisms where appropriate

5. Logging & Monitoring

  • Olimp maintains centralized logging and monitoring for:
    • Authentication events
    • API activity
    • Administrative actions
  • Security-relevant events are monitored to detect suspicious or unauthorized activity.
  • Logs are retained according to internal retention policies and reviewed as needed for security investigations.

6. Vulnerability Management

  • Olimp maintains an active vulnerability management process, which includes:
    • Regular vulnerability scanning
    • Identification and prioritization of security issues
    • Timely remediation based on risk
  • Security findings are tracked internally through established workflows.

7. Incident Response

  • Olimp maintains an internal security incident escalation and response process.
  • Security events are investigated and addressed promptly by authorized personnel.
  • If a confirmed security incident involves personal data, Olimp will notify affected parties as required by applicable law and contractual obligations.

8. Data Retention & Deletion

  • Data is retained only as long as necessary for business and legal purposes.
  • Olimp supports data deletion and account deactivation in accordance with applicable laws and contractual obligations.
  • Backups are maintained to support system availability and recovery.

9. Compliance & Security Frameworks

Olimp aligns its security practices with generally accepted industry standards and frameworks. While Olimp does not currently maintain formal third-party security certifications (such as SOC 2 or ISO 27001), security controls are designed and operated using risk-based industry best practices.

10. Security Threats & Risk Areas

Olimp designs its security controls to address common security risks associated with cloud-hosted platforms and mobile applications. While no system can be guaranteed to be completely risk-free, Olimp actively monitors for and implements controls to reduce the likelihood and impact of the following categories of threats:

  • Unauthorized access attempts, including credential stuffing, brute-force attacks, and account takeover activity
  • Abuse of authentication and authorization mechanisms, such as misuse of credentials, tokens, or API keys
  • Automated and malicious traffic, including bots, scraping, and excessive or abnormal request patterns
  • Application-level vulnerabilities, including common web and API security risks related to authentication, access control, and input handling
  • Data exposure risks, such as unauthorized access to personal or business data or unintended data disclosure due to misconfiguration
  • Infrastructure and configuration risks, including cloud resource misconfigurations and privilege escalation attempts
  • Third-party and dependency risks, including vulnerabilities in software dependencies and integrated service providers
  • Availability risks, such as denial-of-service attempts and other conditions that could impact platform reliability

Olimp uses a combination of preventive, detective, and corrective controls to monitor for these risks and respond appropriately based on severity and potential impact.

11. Customer Responsibilities

Customers are responsible for:

  • Maintaining the confidentiality of their credentials
  • Enforcing strong passwords and access controls for their users
  • Promptly reporting suspected security issues

12. Security Contact

For security-related questions or responsible disclosure, contact:
Email: security@olimpwarehousing.com