Security Overview

How Omniops protects your data, credentials, and business information.

Overview

Your business data, credentials, and customer information are protected at every level. Here's how.

Data Protection

Encryption

  • At rest — all sensitive data is encrypted using industry-standard encryption (AES-256)
  • In transit — all connections are protected with the same encryption used by online banking
  • Credentials — API keys and tokens for integrations are encrypted before storage and decrypted only at the moment of use

Multi-Tenant Isolation

Each organisation's data is fully isolated:

  • Database queries are scoped to your organisation at every level
  • Data separation is enforced at every level of the system
  • Cross-tenant data access is prevented at the database level

Continuous Security Checks

Every time you or your team access Omniops, your identity is verified. There are no shortcuts — every request is checked, every time.

Infrastructure

Hosting

  • Hosted on European infrastructure (Hetzner Cloud, Germany)
  • Your business data is stored in the EU. Some AI processing runs on OpenAI in the US under a data processing agreement
  • Cloudflare protects against malicious traffic and helps your widget load quickly worldwide

Access Controls

  • Role-based access within organisations
  • Audit logging for sensitive operations
  • Automatic session expiry

Integration Security

When you connect third-party services:

  • Credentials are encrypted immediately upon receipt
  • API calls use the minimum required permissions
  • Connections can be revoked at any time
  • No credentials are ever logged or exposed in error messages

Incident Response

In the event of a security incident:

  1. Affected systems are isolated immediately
  2. Affected organisations are notified within 72 hours (per GDPR requirements)
  3. Root cause analysis is conducted and shared
  4. Remediation measures are implemented and verified