Client-owned operating data
CRM records, lead data, workflows, and implementation assets are treated as client business infrastructure. Handover documentation is part of delivery.
Trust & Security
Security expectations for serious operating systems.
OG Marka builds CRM, WhatsApp Commerce, ERP, AI automation, and web infrastructure for teams that rely on clean data and controlled access. This page clarifies how we think about trust before implementation begins.
Least-privilege access
Project access is scoped to the work being delivered. Admin credentials, API keys, and platform roles should be reviewed during onboarding and offboarding.
Vendor compliance clarity
OG Marka uses modern cloud vendors and security features, but vendor compliance is not the same as OG Marka holding its own SOC 2 certification.
Baseline controls
- HTTPS/TLS for web traffic and API communication.
- Role-based access patterns for dashboards and internal tools.
- Row-level security patterns where Supabase-backed client data is used.
- Environment variable separation for secrets and deployment configuration.
- Rate limiting on public lead-capture and feedback endpoints.
- Documented handover for implementation assets, workflows, and critical accounts.
Implementation review points
Before a production build goes live, the scope should identify data sources, WhatsApp/API approvals, payment and ERP integrations, dashboard roles, backup ownership, escalation contacts, and offboarding steps.
For regulated or higher-risk deployments, OG Marka should document a client-specific data flow, access matrix, and vendor list before implementation.
Request Security Review