Trust Center
Incident response
How we detect, respond to, and notify you about security incidents.
Last updated: 24 April 2026
An incident is any event that impacts the confidentiality, integrity, or availability of the Services. This page describes how we run incident response — from detection to resolution to notification — so you know what to expect if something goes wrong.
Detection
- Continuous monitoring of authentication, privilege escalation, data-access anomalies, and infrastructure health.
- Alerts routed to a 24/7 on-call rotation.
- Customer reports to security@opendoors.ai are triaged immediately.
Severity levels
| Level | Definition | Customer notice target |
|---|---|---|
| P1 | Confirmed breach of customer data or full outage. | Within 24 hours of confirmation. |
| P2 | Partial outage or security issue with material customer impact. | Within 72 hours. |
| P3 | Degraded performance or isolated security issue, contained. | Status page update; direct email if applicable. |
| P4 | Minor issue with limited impact. | Status page update. |
Response process
- Detect — alert fires or report received.
- Triage — on-call engineer assesses scope and severity.
- Contain — isolate affected systems; rotate credentials if needed.
- Eradicate — remove the root cause.
- Recover — restore service with verification.
- Communicate — keep customers informed through the status page and direct outreach for affected workspaces.
- Learn — post-incident review and action items within 5 business days for P1.
Personal data breaches
Where an incident meets the threshold of a personal data breach under the GDPR, UK GDPR, UAE PDPL, or equivalent law, we notify you without undue delay — and, as a processor, assist you with your own notification obligations to regulators and data subjects. For regulators where Open Doors is the controller, we meet the statutory deadline (72 hours under GDPR/UK GDPR; equivalent under PDPL).
Status and postmortems
The status page is the authoritative source for ongoing incidents. For P1 events, we publish a public postmortem within five business days describing timeline, root cause, impact, and remediation.
Questions about this page? Contact privacy@opendoors.ai.
← Back to Privacy & Security