Personal Data Security
Personal data can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
OPI Cloud only collects minimal data (first name, last name, username, IP address, and email) for the person who is assigned to manage the configuration. This data is collected for audit trail and notification purposes only.
OPERA Cloud users are managed by OPERA Shared Security Domain (SSD) or OPERA Cloud Identity Management (OCIM). Oracle personnel with proper privileges assigned will manage the PSP related configurations. OPI Cloud does not own or manage any Oracle Cloud Identity Service (IDCS) or SSD.
The data saved in the database, such as audit records and configuration data, is secured by Oracle ADB’s database-level Transparent Data Encryption (TDE). The data is secured in transmission by HTTPS with TLS 1.2 or above. Tokenization is always enabled to protect the user’s credit card information. OPI Cloud does not persist credit card information except for the OPI Internal Token Service. It uses AES-256 to encrypt the credit card information before saving it to the database. The encryption key is generated randomly and rotated periodically. The rotation period is configurable and the maximum value is12 months. The encrypted credit card data is purged after 12 months. OPI uses masked credit card numbers in logs.
OPI Cloud configuration logs user sign-in and sign-out activity and configuration data modifications. OPI Cloud logs are located in OCI Logging. The security logs retention period is 365 days.