We use cookies to personalise content, to provide social media features and to analyse our traffic and support our customers. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. You consent to our cookies if you continue to use our website. Learn more

Resilience & Availability

Will Offr software be available?
Yes! Offr aims to be available consistently above 99.9%. Customer data is 100% backed up to multiple online replicas with additional snapshots and other backups.

What if something isn’t working as expected?
If there’s ever a customer-impacting situation, we will make you aware of it on our Status page and keep you continually updated.

Does Offr monitor its systems and software?
Yes! Our operations teams monitor software and application behavior 24x7x365 using in-house and 3rd party industry-recognized solutions.

Does the Offr software contain system redundancy?
Yes! Every part of the Offr product is distributed across at least 3 data center availability zones. Databases, application servers, web servers, jobs servers, and load balancers all have multiple failover instances to prevent outage from single points of failure.

Where is Offr Hosted
Offr is hosted on AWS in EU West (Dublin), all servers and data are protected by Irish and European law.

Application Security

Does Offr encrypt data in transit?
Yes! Sessions between you and your portal are always protected with top end in-transit encryption, advanced TLS (1.0, 1.1, and 1.2) protocols, and 2,048-bit keys.

Does Offr encrypt data at rest?
Yes! Data that is uploaded to Offr is encrypted at rest using industry grade encryption standards.

How is my account protected?
As well as serving all traffic over HTTPS, we store all user password details in a hashed format, meaning not even Offr has access to your account passwords. In addition to this user logins can optional be protected by 2FA (2 Factor Authentication) meaning a password and mobile 2nd form of verification will be required to login.

How is Offr protected from attacks?
Offr prevents attacks with industry grade network firewalls and Web Application  firewalls. Our technology stack is built with AWS best practices in mind we benefit from the safeguards that AWS provide as standard.

What about my credit card / banking details? how are these handled
Offr partners with Stripe.com as a payment processor. Offr does not store any credit card or bank related details on our servers.

Datacenter Protections

Are physical security protections in place to protect my data?
Yes! Offr products are hosted with the world’s leading data center providers (AWS). Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Are diverse data centers used?
Yes! The Offr infrastructure is distributed between three distinct availability zones, a failure in one of these zones will not prevent the service from being compromised.

Software Security

Does Offr bring in outside third parties to find security issues?
Yes! We bring in industry-respected 3rd party penetration testing firms yearly to test the Offr product and corporate infrastructure.

Does Offr patch and update when vulnerabilities are identified?
Yes! Offrs patch management process pushes security updates fast and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.

Does the Offr infrastructure detect and prevent attacks?
Yes! Offr uses enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks.

Does Offr have an incident response program?
Yes! Offr’s incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.