Security at OpenLeague
Keeping team data safe is core to the product. Here's what we have today and what's coming next.
Current Practices
OpenLeague uses industry-standard encryption in transit (HTTPS) and role-based access controls inside the app. Production credentials are stored in encrypted secrets managers.
On Our Roadmap
We're working on SOC 2 aligned processes, regular penetration testing, and customer-facing security tooling such as audit logging and two-factor authentication.
Report a Concern
Found a vulnerability? Email security@openl.app. We acknowledge reports within two business days and will work with you on responsible disclosure.