Security Overview

How Omniops protects your data, credentials, and business information.

Overview

Your business data, credentials, and customer information are protected at every level. Here's how.

Data Protection

Encryption

  • At rest — all sensitive data is encrypted using industry-standard encryption (AES-256)
  • In transit — all connections are protected with the same encryption used by online banking
  • Credentials — API keys and tokens for integrations are encrypted before storage and decrypted only at the moment of use

Multi-Tenant Isolation

Each organization's data is fully isolated:

  • Database queries are scoped to your organization at every level
  • Data separation is enforced at every level of the system
  • Cross-tenant data access is architecturally impossible

Continuous Security Checks

Every time you or your team access Omniops, your identity is verified. There are no shortcuts — every request is checked, every time.

Infrastructure

Hosting

  • Hosted on European infrastructure (Hetzner Cloud, Germany)
  • All data stays within the EU
  • Cloudflare protects against malicious traffic and helps your widget load quickly worldwide

Access Controls

  • Role-based access within organizations
  • Audit logging for sensitive operations
  • Automatic session expiry

Integration Security

When you connect third-party services:

  • Credentials are encrypted immediately upon receipt
  • API calls use the minimum required permissions
  • Connections can be revoked at any time
  • No credentials are ever logged or exposed in error messages

Incident Response

In the event of a security incident:

  1. Affected systems are isolated immediately
  2. Affected organizations are notified within 72 hours (per GDPR requirements)
  3. Root cause analysis is conducted and shared
  4. Remediation measures are implemented and verified