Data Classification Policy
Effective March 23, 2026. This policy defines how Oceum classifies data by sensitivity level and prescribes the appropriate handling, storage, and access controls for each classification.
1. Classification Levels
All data processed or stored by Oceum is assigned one of four classification levels. Data must be handled according to the requirements of its classification.
| Classification | Description | Examples | Handling |
|---|---|---|---|
| Critical | Encryption keys, vault secrets, and password hashes | OAUTH_ENCRYPTION_KEY, bcrypt hashes, TOTP secrets | AES-256-GCM encrypted at rest, never logged, never exported, per-org key derivation |
| Confidential | Customer business data and agent configurations | Agent configs, workflow definitions, Orion conversations | Org-scoped access, RLS enforced, encrypted in transit, 90-day log retention |
| Internal | Operational data and system metrics | Agent health, error rates, task counts, deployment logs | Org-scoped, available via dashboard, auto-purged per retention policy |
| Public | Marketing content and documentation | Blog posts, landing page, SDK docs, pricing | No access restrictions, published at oceum.ai |
2. Critical Data
Critical data requires the highest level of protection. This classification applies to any data whose exposure would allow direct compromise of user accounts or encrypted data.
- Encryption at rest. All critical data is encrypted using AES-256-GCM with per-organization key derivation via HMAC-SHA256.
- No logging. Critical data values are never written to application logs, error reports, or monitoring systems.
- No export. Critical data cannot be exported via the API or dashboard. Vault entries are decrypted only at the point of use by authorized agents.
- Access control. Only the vault proxy service can decrypt critical data, and only for agents with explicit access policies.
3. Confidential Data
Confidential data represents customer business information that is sensitive but not cryptographic in nature.
- Org-scoped access. All confidential data is associated with an organization ID. Every API query filters by org_id, enforced at both the application and database (RLS) layers.
- Encrypted in transit. All data transmitted between clients and servers uses HTTPS with HSTS.
- Retention. Confidential data is retained according to the plan tier: 7 days on Free, 90 days on Pro. Customers may request earlier deletion.
4. Internal Data
Internal data is operational information used for platform monitoring and management. While not customer-facing business data, it is still org-scoped and not publicly accessible.
- Accessible via the Oceum dashboard to authenticated organization members.
- Automatically purged according to the retention policy for the organization's plan tier.
- May be aggregated anonymously for platform-wide health monitoring.
5. Public Data
Public data includes all information intentionally published by Oceum for marketing, documentation, or educational purposes. This data has no access restrictions and is served from oceum.ai without authentication.
6. Reclassification
Data classification is reviewed when:
- New data types are introduced to the platform
- Data handling requirements change due to regulatory updates
- A security incident reveals a classification gap
- Quarterly compliance reviews identify reclassification needs
7. Contact
Questions about data classification can be directed to hello@oceum.ai.