Security

Our Commitment to Security

At Omnibo, security is not just a feature—it's fundamental to everything we build. We understand that you're trusting us with sensitive data and AI interactions, and we take that responsibility seriously.

This page outlines our security practices, certifications, and the measures we take to protect your data.

Certifications and Compliance

SOC 2 Type II

Omnibo is SOC 2 Type II certified, demonstrating our commitment to maintaining high standards for security, availability, processing integrity, confidentiality, and privacy. Our certification covers:

• Security controls and monitoring
• Access management and authentication
• Data encryption and protection
• Incident response procedures
• Vendor management

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area, including:

• Data subject rights (access, deletion, portability)
• Lawful basis for processing
• Data protection impact assessments
• Appointment of a Data Protection Officer

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA), providing California residents with rights over their personal information.

Data Protection

Encryption

We employ industry-standard encryption throughout our platform:

• In Transit: All data transmitted to and from Omnibo is encrypted using TLS 1.3
• At Rest: All stored data is encrypted using AES-256 encryption
• API Keys: Your API keys are stored using one-way cryptographic hashing

Data Isolation

Your data is logically isolated from other customers. We use strict access controls and authentication to ensure your data remains private.

Data Retention

We retain your data only for as long as necessary to provide our services. You can request deletion of your data at any time, and we will process your request within 30 days.

No Training on Your Data

Your prompts and data are never used to train AI models. We only process your data to provide the requested service and do not share it with AI model providers for training purposes.

Infrastructure Security

Cloud Infrastructure

Our platform is hosted on enterprise-grade cloud infrastructure with:

• Multi-region redundancy for high availability
• Automatic failover and disaster recovery
• 24/7 infrastructure monitoring
• DDoS protection and mitigation

Network Security

We implement multiple layers of network security:

• Web Application Firewall (WAF)
• Intrusion detection and prevention systems
• Network segmentation
• Regular vulnerability scanning

Access Controls

We follow the principle of least privilege for all system access:

• Multi-factor authentication required for all employees
• Role-based access control (RBAC)
• Regular access reviews and audits
• Immediate access revocation upon role changes

Application Security

Secure Development

Our development practices include:

• Security-focused code reviews
• Automated security testing in CI/CD pipelines
• Dependency vulnerability scanning
• Regular security training for developers

Penetration Testing

We conduct regular penetration testing through third-party security firms to identify and address vulnerabilities before they can be exploited.

Bug Bounty Program

We maintain a bug bounty program to encourage responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to security@omnibo.ai.

Enterprise Security Features

Single Sign-On (SSO)

Enterprise customers can integrate Omnibo with their existing identity providers using SAML 2.0 or OpenID Connect.

Audit Logs

Comprehensive audit logs track all account activities, API usage, and administrative actions. Logs are retained for 90 days by default, with extended retention available for enterprise customers.

Custom Data Retention

Enterprise customers can configure custom data retention policies to meet their compliance requirements.

Dedicated Support

Enterprise customers receive dedicated security support, including:

• Security questionnaire completion
• Custom security assessments
• Direct access to our security team

Incident Response

We maintain a comprehensive incident response plan that includes:

• 24/7 security monitoring and alerting
• Defined escalation procedures
• Communication protocols for affected customers
• Post-incident analysis and remediation

In the event of a security incident affecting your data, we will notify you within 72 hours in accordance with applicable regulations.

Vendor Security

We carefully vet all third-party vendors and require them to meet our security standards. Our vendor management program includes:

• Security assessments before engagement
• Contractual security requirements
• Regular vendor security reviews
• Data processing agreements

Security Resources

For more information about our security practices:

• Security Whitepaper: Contact sales@omnibo.ai for our detailed security documentation
• SOC 2 Report: Available under NDA for enterprise customers
• Privacy Policy: View our Privacy Policy
• Terms of Service: View our Terms of Service

Contact Security Team

If you have security questions or need to report a vulnerability:

• Email: security@omnibo.ai
• For urgent security issues, include “URGENT” in the subject line

We aim to respond to all security inquiries within 24 hours.