Oddr Tenant Access Policy

Oddr respects the confidentiality of customer data and restricts access to customer tenant environments to the minimum necessary for delivering and supporting the platform. This policy describes the circumstances under which Oddr personnel may access a customer’s tenant, the controls governing that access, and the transparency measures in place.

When Oddr May Access a Customer Tenant

Oddr personnel may access a customer’s Production or Sandbox tenant environment only under the following circumstances:

Customer-Initiated Support

When a customer submits a support request that requires Oddr personnel to access the tenant for troubleshooting, configuration assistance, or issue resolution. Access is limited to what is necessary to address the specific request.

Scheduled Maintenance and Upgrades

During scheduled release deployments or platform maintenance activities where access to tenant-level resources is required. These activities follow the timelines described in the Oddr Cloud Maintenance Policy.

Security Incident Response

In the event of a suspected or confirmed security incident affecting a customer’s tenant environment, Oddr security personnel may access the tenant to investigate, contain, and remediate the issue. Customers are notified of such access as soon as operationally feasible.

Regulatory or Legal Obligation

If required by law, regulation, or valid legal process. Oddr will notify the customer in advance of such access unless prohibited by law from doing so.

Access Controls

All access to customer tenant environments is governed by the following controls

Least Privilege

Oddr personnel are granted access only to the specific systems and data needed for the task at hand. Standing access to customer tenants is not provided by default.

Authentication and Authorization

Access to production systems requires multi-factor authentication. Access requests are authorized through Oddr’s internal access management process and approved by the appropriate technical lead.

Audit Logging

All access to customer tenant environments is logged, including the identity of the individual, the timestamp, and the actions performed. Access logs are retained and available for review during audits. Customers may request tenant access records through Oddr Support for the most recent 30 days.

Time-Limited Access

Where access is granted for a specific support or maintenance task, that access is scoped to the duration of the task and revoked upon completion.

No Unauthorized Data Use

Oddr personnel who access a customer tenant do not copy, extract, retain, or use customer data for any purpose other than the specific task requiring access. Customer data encountered during support or maintenance activities is treated as confidential in accordance with Oddr’s confidentiality obligations and NDA terms.

Customer Notification

For customer-initiated support requests, the customer’s act of submitting the request serves as authorization for Oddr personnel to access the tenant as needed to resolve the issue.
For other categories of access (maintenance, security incidents, legal obligations), Oddr provides notification to the customer either in advance or as soon as operationally practical.

FAQ

1. Does Oddr have standing access to my firm’s tenant?

A: No. Oddr personnel do not have standing, persistent access to customer tenants. Access is granted on a per-task basis and revoked upon completion.

2. Is access to my tenant logged?

A: Yes. All access to customer tenant environments is audit-logged with the identity of the individual, timestamp, and actions performed.

3. Will Oddr notify me if they access my tenant for maintenance?

A: Scheduled maintenance activities are communicated in advance per the Oddr Cloud Maintenance Policy. If maintenance requires tenant-level access, it falls within the notified maintenance window.

TABLE OF CONTENTS

When Oddr May Access
a Customer Tenant Access Controls No Unauthorized Data Use Customer Notification FAQ