top of page


Trust Guide

Trust is the foundation of our relationship with utility businesses around the world. In turn, that trust needs to extend to the millions of end-consumers for whom we process smart meter consumption data every day. We value the confidence that our customers put in us and take the responsibility of protecting their information and information of their customers incredibly seriously.

To be worthy of your trust, we have built and will continue to grow ONZO with an emphasis on security, compliance and privacy.


Security: protect and control

ONZO is designed with a secure, highly distributed infrastructure, with multiple layers of protection.

Our robust information security management framework is designed to assess risks and build a protective culture of security at ONZO.

Architecture overview

The ONZO platform is designed with multiple layers of protection, including secure data transfer, data encryption, multi factor authentication and role-based access controls distributed across a scalable, secure infrastructure, provided by Amazon Web Services, the worlds leading Cloud infrastructure provider. Using a highly distributed platform allows us to operate a resilient service with a high level of reliability, with no single points of failure.

Information security

We continually assess risks to improve the security, confidentiality, integrity and availability of the ONZO platform. We regularly review and update security policies, provide our employees with security training, perform application and network security testing (including penetration testing), conduct risk assessments, and monitor compliance with security policies.

  • Control and visibility

We utilise a number of tools that allow ONZO to maintain a robust security posture.

  • Multi factor authentication

This security feature adds an extra layer of protection to our infrastructure by only allowing selected ONZO team members access to our platform via a combination of something they know (typically a password) and something they have (an electronic security token).

  • API authentication

Our API requires secure authentication to happen before the API will return data. Authentication is provided by our partner Auth0, who are a world leader in authentication and access control technology.

  • Recovery and history

Every item of consumption data is stored and archived in its raw form before being processed. This allows us to examine, when necessary original data before it is cleansed and processed and also allows us to restore original data should there ever be a need.

Compliance: trust and verify

Compliance is an effective way to validate a service’s trustworthiness.  Our partner AWS is certified to standards such as ISO 27001 and SOC 1, 2 and 3 and Cyber Essentials. Their independent third-party auditors test their controls and provide their reports and opinions – which we share with you whenever possible. ONZO is working towards ISO 27001.


Privacy: our commitment

We do our very best to look after your data and we are committed to keeping it private. Our Privacy Policy clearly describes how we handle and protect your information.

  • ONZO privacy

Every day, millions of households trust ONZO with their personal consumption data. Because of this, it’s our responsibility to protect this information keep it private. Our commitment to privacy is at the heart of every decision we make.

  • Protecting your data

We work hard to protect your information from unauthorised access and have designed policies and controls to safeguard the collection, use and disclosure of your information.

We use your data to provide you with our services. Our Privacy Policy describes how we handle your information when you use our websites, software and services, including:

  • What kind of data we collect

  • With whom we may share information

  • How we protect this data and how long we retain it

  • Where we keep and transmit your data

  • What happens if the policy changes or if you have questions

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

bottom of page