Security & Trust
Last updated: June 15, 2026
Orth Inc., doing business as Orthogonal ("Orthogonal," "we," "us," or "our") operates a unified API platform that lets AI agents and developers discover, authenticate with, and pay for third-party APIs through a single integration point. Because we sit between your applications and the providers they call, security and trust are central to how we build the platform.
This page describes our approach to security and the practices we follow to protect your data and credentials. It is intended to be transparent about how the platform works; it is not a warranty. For the contractual terms governing your use of the Services, see our Terms of Service and Privacy Policy.
1. Our Approach to Security
We aim to apply security practices that are reasonable and appropriate for a platform of our kind, and we treat security as an ongoing process rather than a one-time effort. Our goals are to keep your data confidential, to protect the integrity of API requests flowing through the platform, and to maintain the availability of the Services. We follow the principle of least privilege, collect only the data we need to operate the platform, and review our practices as the platform evolves.
2. Data Protection
2.1 Encryption in Transit
All traffic between your clients and Orthogonal is encrypted in transit using TLS (HTTPS). Requests we route to third-party API providers are likewise made over encrypted connections wherever the provider supports them.
2.2 Encryption at Rest
Sensitive data we store, including credentials and account information, is encrypted at rest using industry-standard encryption.
2.3 Access Controls
We restrict access to production systems and customer data to authorized personnel who need it to operate and support the platform, and we apply the principle of least privilege. Access to internal systems is authenticated and, where appropriate, protected by additional controls.
2.4 Data Minimization
We log API call metadata (such as timestamps, endpoints, status codes, and usage volume) to operate and bill the platform, but we do not log API request or response bodies unless required for debugging with your consent. See our Privacy Policy for details on what we collect and how long we retain it.
3. Authentication & API Key Security
The platform uses API keys and credentials to authenticate your requests. We handle and store these credentials with encryption and restricted access. Keys can be created and revoked from your dashboard, so you can rotate credentials and immediately disable any key you believe may be compromised.
You are responsible for safeguarding your API keys and account credentials. Treat keys as secrets: do not embed them in client-side code or public repositories, and rotate them periodically. If you become aware of any unauthorized use of your account or keys, notify us immediately at security@orthogonal.com so we can help you respond. This is consistent with your account security obligations in Section 2.2 of our Terms of Service.
4. Infrastructure & Availability
Orthogonal runs on reputable cloud infrastructure providers that maintain their own physical and environmental security controls for their data centers. We design the platform to be resilient and monitor it for performance, errors, and availability so we can detect and respond to issues. We apply security updates to our systems and dependencies as part of routine maintenance.
No online service can guarantee uninterrupted availability. As noted in our Terms of Service, the Services are provided on an "as is" and "as available" basis, and we cannot guarantee that they will be uninterrupted, error-free, or completely secure.
5. Third-Party API Providers & Data Flow
Orthogonal acts as an intermediary between you and third-party API providers. When you make a call through the platform, we route your request to the applicable provider and return their response to you. We transmit only the data necessary to fulfill your request, and connections to providers are made over encrypted channels where supported.
We do not control the security or data practices of third-party providers. Each provider has its own terms and privacy practices, and your use of a provider through our platform is also subject to those terms. We encourage you to review the practices of any provider you rely on. This intermediary role is described further in Section 6 of our Terms of Service.
6. Payment Security
Card payments are processed by a third-party payment processor. We do not store full payment card numbers on our systems; that sensitive payment data is handled by the processor. We retain only the billing information needed to manage your account and credit balance, as described in our Privacy Policy.
7. Data Privacy
Our collection, use, and retention of personal information is governed by our Privacy Policy. It explains what we collect, how we share it (we do not sell personal information), how long we keep it, and the rights you may have over your data, including access, correction, and deletion.
8. Responsible Disclosure
We welcome reports from security researchers and users. If you believe you have found a security vulnerability in Orthogonal, please report it to us at security@orthogonal.com with enough detail for us to reproduce and investigate the issue.
We ask that you give us a reasonable opportunity to investigate and remediate before public disclosure, that you avoid accessing or modifying data that is not your own, and that you do not degrade or disrupt the Services or other users while testing. We will acknowledge legitimate reports and work to address confirmed issues promptly.
9. Contact
If you have questions about our security practices or want to report a concern, please contact us:
- Email: security@orthogonal.com
- Website: orthogonal.com