Personal Data Security

Personal data can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

OPI Cloud only collects minimal data (first name, last name, username, IP Address, and email) for the person who is assigned to manage the configuration. This data is collected for audit trail and notification purposes only.

OPERA Cloud users are managed by OPERA Shared Security Domain (SSD) or OPERA Cloud Identity Management (OCIM). Oracle personnel with proper privileges assigned will manage the PSP related configurations. OPI Cloud does not own or manage any Oracle Cloud Identity Service (IDCS) or SSD.

The data saved in the database, such as audit records and configuration data, is secured by Oracle ADB’s database level Transparent Data Encryption (TDE). The data is secured in transmission by HTTPS with TLS 1.2 or above. Tokenization is always enabled to protect the user’s credit card information. OPI Cloud does not persist credit card information except for the OPI Internal Token Service. It uses AES-256 to encrypt the credit card information before saving it to the database. The encryption key is generated randomly and rotated periodically. The rotation period is configurable, with a maximum value of 12 months. The encrypted credit card data is purged after 12 months. OPI only logs masked credit card values.

OPI Cloud configuration logs user log in and out activities, as well as configuration data modifications. OPI Cloud logs are located in OCI logging. The security logs retention period is 365 days.