Security & integration
Security and integration: the technical brief
This page is for the IT team and the Odoo administrator who need to approve an UpBoard integration. It covers the connection architecture, permission scope, data residency and compliance, with no marketing detours.
Connection architecture
- UpBoard connects to your Odoo over JSON-RPC, on the network you allow. No module to install on the Odoo side.
- The connector is the only ERP entry point. It works on your real data, with no bulk copy of your database.
- Compatible with Odoo 17, 18 and 19 (version-aware introspection of fields and models).
Permission scope
- Read-only by default: analyses use Odoo's search_read operation.
- Any write operation (create / write / unlink / method execution) goes through explicit human validation (human-in-the-loop), non-bypassable.
- Sensitive models are blocked at the connector level (system parameters, mail servers, user API keys).
- Secret fields (passwords, API keys) are redacted before any cache or response.
Data and residency
- Hosting in Europe (Switzerland, Infomaniak), GDPR-compliant.
- End-to-end encrypted connection (TLS). Your data never travels in clear text.
- ERP credentials encrypted (Fernet, key rotation). No clear-text storage of your business data.
- Automatic masking of personal data (emails, phones, IBAN, national IDs) in logs.
Authentication and access
- We recommend a dedicated Odoo API key rather than a password: revocable anytime from your Odoo.
- Application access via JWT (short sessions) and roles (owner / admin / member).
- Changing or resetting a password invalidates earlier sessions.
Compliance
- GDPR: EU hosting, data minimization, PII masking, right to erasure.
- SOC 2 process underway.
- Published by Organize IT SRL (Belgium), VAT BE 0650.555.046.
A technical question before you approve?
Book a technical demo with our team, or start with a read-only diagnostic on your own instance.