Security Overview
How Omniops protects your data, credentials, and business information.
Overview
Security is foundational to Omniops. Your business data, API credentials, and customer information are protected with enterprise-grade security practices.
Data Protection
Encryption
- At rest — all sensitive data is encrypted using AES-256 encryption
- In transit — all connections use TLS 1.3
- Credentials — API keys and tokens for integrations are encrypted before storage and decrypted only at the moment of use
Multi-Tenant Isolation
Each organization's data is fully isolated:
- Database queries are scoped to organization ID at every level
- Row Level Security (RLS) is enforced at the database layer
- Cross-tenant data access is architecturally impossible
Zero-Trust Authentication
Omniops uses a zero-trust authentication model:
- Every API request is authenticated and authorized
- Session tokens are validated on every request
- No implicit trust between services
Infrastructure
Hosting
- Hosted on European infrastructure (Hetzner Cloud, Germany)
- All data stays within the EU
- Cloudflare CDN for edge caching and DDoS protection
Access Controls
- Role-based access within organizations
- Audit logging for sensitive operations
- Automatic session expiry
Integration Security
When you connect third-party services:
- Credentials are encrypted immediately upon receipt
- API calls use the minimum required permissions
- Connections can be revoked at any time
- No credentials are ever logged or exposed in error messages
Incident Response
In the event of a security incident:
- Affected systems are isolated immediately
- Affected organizations are notified within 72 hours (per GDPR requirements)
- Root cause analysis is conducted and shared
- Remediation measures are implemented and verified