The Oddr Secure Cloud

Built for the security, compliance, and data protection standards that law firms demand.

Oddr's cloud infrastructure was purpose-built for firms that handle sensitive client and financial data every day. Hosted on Microsoft Azure with data centers in your region, the Oddr Secure Cloud delivers enterprise-grade security, per-tenant data isolation, and the compliance certifications your firm requires

Data Protection

Per-tenant data isolation and regional residency; data is never commingled.

Infrastructure

Traffic enters via a WAF-enabled Azure Application Gateway over TLS; resources sit in a private virtual network.

Availability

High-availability architecture with no single point of failure and multi-region failover.

Compliance

ISO 27001:2022 certified and SOC 2 Type II audited with annual risk assessments.

Certifications & Regions

By leveraging the footprint of Microsoft Azure, Oddr allows firms to host applications within regions that match local regulatory requirements, avoiding uncertainty.

ISO/IEC 27001:2022

Provides independent assurance that Oddr has a certified information security management system.

SOC 2 Type II

Provides independent assurance that Oddr’s security controls are audited and operating effectively over time.

Tenant Regions

Data residency options aligned to yout region and compliance requirements,

United States

Primary Azure Region

East US (Virginia)

Secondary Azure Region

West US

Canada

Primary Azure Region

Canada Central (Toronto)

Secondary Azure Region

Canada East (Quebec City)

Europe

Primary Azure Region

West Europe (Netherlands)

Secondary Azure Region

North Europe (Ireland)

APAC

Primary Azure Region

Australia East (New South Wales)

Secondary Azure Region

Australia Southeast (Victoria)

Shared Responsibility Model

Securing your data is a shared effort. Oddr’s model clearly defines responsibilities across three parties so there are no gaps or ambiguity.

Microsoft Azure

INFRASTRUCTURE SECURITY

Microsoft Azure is responsible for the security of the cloud

Physical datacenter security

Network infrastructure

Compute, storage, and database infrastructure

Platform patching and maintenance

Availability of Azure services

Oddr

APPLICATION & SECURITY

Oddr is responsible for the security in and of our applications

Application security and hardening

Encryption, backups and data protection

Access controls and tenant isolation

Vulnerability and patch management

Platform incident detection and response

Your Firm

ACCESS & GOVERNANCE

Your firm is responsible for security in your organization.

User access governance

Integration credentials management

SSO configuration and enforcement

Security awareness and training

Incident reporting within your organization

Continuous Monitoring & Service Status

Oddr continuously monitors the health, performance, and security of the Oddr Secure Cloud around the clock. Monitoring spans infrastructure metrics (CPU, memory, storage, network), application health, authentication events, and anomalous activity patterns. Alerts are configured to trigger immediately when thresholds are breached, enabling the operations team to respond before issues impact users.

Coming soon - Customers will be able to monitor the real-time status of Oddr services, view historical uptime, and subscribe to incident notifications through the Oddr Service Status page.

Cloud Policies

Oddr publishes a set of cloud policies that provide transparency into how the platform is maintained, updated, and operated. These policies are available to all current and prospective customers.

Cloud Maintenance Policy - Release cadence, maintenance windows, and notification timelines
Sandbox Policy - How sandbox environments are managed and how releases are previewed
Tenant Access Policy - When and how Oddr personnel may access customer tenant data
Deprecated Features Policy - How feature deprecations are communicated and timelines for removal
Customer Data Retention Policy - Data retention periods and secure deletion procedures

View Cloud Policies

Trust & Resources

We are transparent about our security posture. The following documentation is available upon request:

ISO 27001:2022 Certificate
SOC 2 Type II Report (under NDA)
Penetration Test Summary (under NDA)
Oddr Secure Cloud Data Sheet
Data Integration Guide

To request any of these documents, contact us at security@oddr.com or reach out to your Oddr account team.

FAQ

1. Who is Oddr’s cloud hosting provider?

A: Oddr is hosted on Microsoft Azure. Azure provides the physical infrastructure and platform services, while Oddr manages the application, data security, and operational controls on top of Azure’s infrastructure.

2. Where is my firm’s data stored?

A: Your data resides in the Azure region you select during onboarding. US-based firms use East US (Virginia) as the primary region with West US as secondary. Canadian firms use Canada Central (Toronto) with Canada East (Quebec City) as secondary. European firms use West Europe (Netherlands) with North Europe (Ireland) as secondary. APAC firms use Australia East (New South Wales) as the primary region with Australia Southeast (Victoria) as secondary. Additional regions are available upon request.

3. Is my firm’s data kept separate from other firms?

A: Yes. Although Oddr uses a multitenant architecture, each tenant’s data is logically isolated. Data is never commingled across tenants for any reason.

4. What certifications does Oddr hold?

A: Oddr holds ISO/IEC 27001:2022 certification and has completed a SOC 2 Type II audit covering Security, Availability, and Confidentiality. Copies of both reports are available upon request.

5. Can I get a copy of the SOC 2 report?

A: Yes. The SOC 2 Type II report is available under NDA. Contact your Oddr account team or email security@oddr.com to request a copy.

6. Does Oddr support Single Sign-On?

A: Yes. Oddr supports SSO with providers including Okta, Google, Duo, and Microsoft Entra ID (Azure AD), using OIDC.

7. How is Oddr’s platform monitored?

A: Oddr continuously monitors the health of its cloud services including infrastructure metrics, application performance, and security events. Real-time alerts are configured for anomalous conditions. Coming soon - Customers will be able to view current service status and subscribe to notifications at status.oddr.com.

8. Does Oddr have a change moratorium during year-end?

A: Oddr may observe a change moratorium during the last two weeks of December and the first week of January to ensure platform stability during year-end close periods — a critical time for law firm billing and collections.

9. How does Oddr handle incident notification?

A: If a security or availability incident impacts a customer’s environment, Oddr notifies affected customers via email with details on the nature of the incident, the scope of impact, and the steps being taken to resolve it. Post-incident, a root cause analysis is provided when applicable.

10. Where can I find Oddr’s cloud policies?

A: Oddr’s cloud policies — covering maintenance windows, sandbox environments, tenant access, deprecated features, and data retention — are published at oddr.com/cloud/policies.