OneMore Secure (OMS) and its affiliates prioritise your security and privacy. We are committed to safeguarding the data within our services. This security measures document outlines your privacy rights and our dedication to protecting your personal information. All significant privacy decisions at OneMore Secure are made at the management level.
Who we are
"OneMore Secure" refers to OneMore Secure AB, a company registered in Sweden (Org no 559389-1764).
OneMore Secure assists businesses across Europe in enhancing their cyber security. The company develops and sells digital products under the banner "Supply Chain Security". Founded in 2022, OneMore Secure is headquartered in Stockholm, Sweden.
Executive summary
OMS is a cloud-native cybersecurity platform designed to manage cyber risks in supply chains while supporting compliance with NIS2, GDPR, and the EU AI Act. The system is built on Microsoft Azure using a Service-Oriented Architecture and implements a defence-in-depth security model spanning infrastructure, application, and DevSecOps layers.
Overall security maturity is robust and suitable for regulated European SaaS environments.
Key security strengths
Data protection by design
Dual-database architecture separates system data from customer data.
Transparent Data Encryption (TDE) safeguards data, backups, and logs.
TLS is enforced for all communications.
Argon2 password hashing is implemented.
Identity & access governance
JWT-based authentication with optional two-factor authentication (2FA).
Strict role-based access control (Admin, Auditor, Client).
System-assigned managed identities remove the need to store credentials.
All secrets are stored in Azure Key Vault with role-based access control enforcement.
Infrastructure & environment security
Completely isolated development, staging, and production environments.
Deny-by-default network policies for Key Vault and storage.
SQL firewall IP allowlisting.
DevSecOps & vulnerability management
Controlled CI/CD promotion with approval gates through development, staging, and production environments.
Dependency scanning (Dependabot, OWASP tools).
OWASP Top 10 (2025) risk coverage with automated and manual testing.
Technology stack
Our application is built on a proven technology stack to ensure reliable performance and security:
Backend & REST API: .Net Core framework offers a structured approach to web application development, facilitating efficient development and maintenance.
Frontend framework: Next.js is used for web forms and dynamic web applications, enhancing interactivity.
Hosting platform: Azure Web App hosts all web services.
Database: Azure SQL Database is used for data storage and retrieval, ensuring integrity and reliability.
Multi-factor authentication (MFA)
Our application incorporates multi-factor authentication (MFA) to strengthen user account security. One MFA method used is Microsoft or Google Authenticator, requiring users to provide a one-time code alongside their password. This adds an extra layer of protection against unauthorised access.
Single sign-on (SSO)
Our application supports single sign-on (SSO) to enhance user account security, with authentication against Entra ID.
HTTPS (SSL/TLS) for secure communication
We use HTTPS (SSL/TLS) to protect data in transit. This cryptographic protocol ensures that data exchanged between the user's browser and our servers is encrypted and shielded from eavesdropping.
Database encryption for data-at-rest security
Data security is a priority; we employ database encryption to protect data at rest. This means that even if the database is accessed unlawfully, the data remains encrypted and unreadable without the correct decryption keys.
Encryption: SHA256 for data in transit and AES256 for data at rest.
HTTP security headers
Our application uses various HTTP security headers to enhance protection:
Content-Security-Policy: Defines allowed content sources for our web pages, reducing the risk of cross-site scripting (XSS) attacks.
Strict-Transport-Security: Enforces HTTPS to prevent man-in-the-middle attacks and secure client-server communication.
X-Content-Type-Options: Stops browsers from interpreting files as a different content type than declared, lowering certain attack risks.
Referrer-Policy: Controls the information included in the Referrer header when navigating between pages.
Permissions-Policy: Specifies permissions for browser features, giving greater control over how the application interacts with the user's device.
X-Frame-Options: Helps prevent clickjacking by specifying whether a browser can render a page within a frame, iframe, embed, or object.
Deployment architecture
Our application is hosted on Azure, Microsoft's cloud platform, which offers scalability, reliability, and security essential to our system's performance.
o Location: Sweden Central
o Servers are accessible only from whitelisted IP addresses
Use of AI
We use AI solely for translation and text generation within the service. No client data is sent to or processed by AI.
Summary
The OMS application follows a Service-Oriented Architecture (SOA) to ensure scalability, flexibility, and modularity. Using Next.js for the frontend, ASP.NET Core 9.0 for the backend, and Azure SQL Database for storage, the architecture maintains clear separation of concerns. Secure file storage is provided by Azure Blob Storage, secret management via Azure Key Vault, and all services are deployed and scaled on Microsoft Azure.
Certification
OneMore Secure holds SSF 1101 Cybersecurity certification, valid until 22 October 2026.
Additional information
For more details on the Data Protection Agreement, see OneMore Secure's DPA.
For more on Terms & conditions, see OneMore Secure's Terms & Conditions.
How to contact us
Please get in touch if you have any questions about our privacy policy:
