Data security

Omniloy is built on industry-leading security and privacy standards that ensure our customers' data remains secure throughout all processes of connecting, querying, analyzing, and sharing. We are committed to helping customers of all sizes meet their data protection and compliance requirements.

As a testament to our commitment, Omniloy follows California Consumer Privacy Act (CCPA), is fully GDPR compliant and offers a comprehensive Data Processing Agreement (DPA) to all our customers. This DPA outlines our responsibilities as a data processor and provides assurances about our data handling practices.

1. Data Security is our most important job

At Omniloy, we've fostered a security-first company culture that begins with employee onboarding and continues throughout their tenure. We instill a sense of accountability in our team regarding our obligation to ensure customer data security and privacy protection. All employees undergo regular security training and are required to adhere to strict security policies.

We conduct internal and external security audits to ensure the robustness of our security measures. Additionally, we employ third-party security experts to perform penetration testing and vulnerability assessments, helping us maintain the highest standards of security.

2. Your data, temporary by design, secure everywhere

With Omniloy, your analytics are powered by secure queries against your data sources, with results processed through our semantic layer. This approach ensures that raw data connected via API is never stored unless explicitly configured to do so. Our AI insights feature operates on this semantic layer, providing powerful analytics without compromising data security, ensuring consistency and reducing potential errors.

Data processed by Omniloy is ephemeral by design. Our configurable caching layer gives you full control over query performance and cost optimization without the need for long-term data storage. All cached data is encrypted at rest and can be configured to auto-expire based on your security requirements.

Omniloy's approach minimizes data movement and restricts data access on a need-to-know basis. This is particularly beneficial for companies dealing with sensitive data or those operating in highly regulated industries

Compliance and Certifications

In addition to our GDPR compliance, Omniloy adheres to various international data protection standards. We are committed to obtaining relevant security certifications to provide our customers with additional assurance. Our team is currently working towards SOC 2 certification, which will further attest to the effectiveness of our security controls and processes.

We also offer features to help our customers maintain compliance with regulations such as CCPA, HIPAA, and other industry-specific requirements. Our detailed audit logs and access controls support customers in meeting their compliance obligations.

By choosing Omniloy, you're partnering with a company that places data security and privacy at the forefront of everything we do. We continuously evolve our security measures to stay ahead of emerging threats and to provide our customers with the highest level of data protection in the rapidly changing landscape of data analytics

Data handling and storage

Omniloy's approach to data handling and storage is designed to maximize security while optimizing performance and delivering advanced AI-powered insights:

  • AI insights: our new AI insights feature leverages the semantic layer to respond to any question about your data and create proactive insights. This powerful capability operates within our secure environment, ensuring that your data remains protected while providing valuable analytics.
  • AI driven semantic layer: Omniloy acts as a semantic layer between your data sources and your applications. We process queries and generate insights based on your data model without storing raw data.
  • Caching: our intelligent caching system temporarily stores aggregated query results and AI-generated insights to improve performance and reduce costs. These caches are encrypted and can be configured or disabled based on your security requirements.
  • Data minimization: we adhere to the principle of data minimization, only processing the data necessary for the functioning of our analytics and AI insights services.
  • Encryption: all data processed by Omniloy, including AI-generated insights, is encrypted in transit using industry-standard protocols. Cached data and aggregations are encrypted at rest using strong encryption algorithms.

Omniloy's architecture allows you to keep your data within your own infrastructure, providing an additional layer of control and security. Our system is designed to work with your existing data warehouse or database, meaning sensitive data never leaves your environment unless you explicitly configure it to do so. Our AI insights feature operates on the semantic layer and aggregations, further enhancing security by not requiring direct access to raw data and increasing the reliability of it.

Control

Omniloy's approach to data access is especially valuable for companies with GDPR or other privacy considerations and in sectors with specific security requirements. Omniloy implements robust access control measures to ensure that only authorized users can access your data and insights:

  • API Keys and JWT tokens: secure API keys and JWT tokens are used for authenticating and authorizing programmatic access to Omniloy.
  • Role-Based Access Control (RBAC): Omniloy provides fine-grained RBAC, allowing you to define precise permissions for different user roles within your organization.
  • Data access control: our semantic layer allows you to define data access policies at a granular level, ensuring users only see the data they're authorized to access.
  • Encryption everywhere: all data is encrypted at rest using industry standard AES-256 encryption and all communication is encrypted using TLS 1.2.
3. Data Security is our most important job
What data does Omniloy store?

At Omniloy, we follow a policy of data minimization. We will never access data that is not actively used by a current Omniloy project, and all the data we store is related to your data’s structure, we don’t store any data itself for purposes other than caching results.

Access control

We also subscribe to the policy of least privilege at Omniloy. As a project owner you can configure the data each member of your team can access, including data sources and created items or dashboards.

Data use

Our customers' data is their data. We don't sell, access, or use it for anything, ever, not even to improve our product.

Security-first culture

Omniloy cultivates a security-first culture that permeates every aspect of our organization:

  • Employee Training: All Omniloy team members undergo comprehensive security awareness training upon joining and participate in regular refresher courses.
  • Security Policies: We maintain and regularly update a set of security policies that govern data handling, access controls, and incident response procedures.
  • Continuous Improvement: Our security practices are subject to ongoing review and enhancement to address emerging threats and incorporate industry best practices.
Support

For all customers, Omniloy provides technical support via email on weekdays from 9 am to 5 pm Pacific Time as a minimum. Support via Slack channel may also be provided upon request.

Incident response

In the event of a security incident, leadership is immediately notified and the incident triage according to its severity. From there, we work under the strictly defined GDPR requirements to quickly notify you of the issue and mitigate the issue and eventually come to a resolution.

Enterprise secure & compliant

Designed for data protection and security