Security

If you have discovered a security vulnerability in Ofllo, please report it responsibly to security@ofllo.com. We will acknowledge your report within 48 hours and keep you informed of our progress.

Please do not publicly disclose vulnerabilities before we have had the opportunity to address them.

• All data stored within the EU (Supabase EU region)
• Encryption at rest and in transit
• Role-based access control — staff see only what they need
• Admin actions are logged for accountability
• Regular security reviews

• GDPR compliant — data controller: Innoviqor Consulting LP
• NIS2 Directive — EU Cybersecurity requirements
• Health data processed under Article 9 GDPR

security@ofllo.com for security concerns

info@ofllo.com for data and privacy questions