Built with state-of-the-art encryption and industry-leading security practices. Your data stays yours, always.
Encryption First
Every piece of your data is encrypted using industry-standard algorithms before it ever touches our servers.
AES-256 Encryption
All sensitive data is encrypted at rest using AES-256-GCM, the same standard used by governments and financial institutions worldwide.
TLS 1.3 Transport
All connections use the latest TLS 1.3 protocol, ensuring your data is encrypted in transit from your device to our servers.
Zero-Knowledge Design
Your OAuth tokens and sensitive credentials are encrypted before storage. We never store them in plain text.
Authentication & Access Control
Multi-layered security ensures only you can access your data.
Industry-Standard Authentication
Powered by Firebase Authentication (Google Cloud), used by millions of applications worldwide.
- JWT-based tokens with automatic refresh
- Token verification on every request
- Secure session management
Complete Data Isolation
Your data is completely isolated from other users with strict access controls.
- Unique tenant ID for every user
- Database-level isolation
- Ownership verification on every API call
Privacy by Design
We believe privacy is a fundamental right, not a feature.
What We Promise
- No data sharing: Your data is never shared with third parties for marketing or analytics
- No AI training: Your conversations and documents are never used to train AI models
- No human access: Our team cannot read your messages or documents
- Complete deletion: Delete your data anytime, purged within 30 days
What We Never Do
- Store passwords or API keys in plain text
- Sell or monetize your personal information
- Allow cross-tenant data access
- Share data without your explicit consent
AI Processing & Privacy
We use Google Gemini and Anthropic Claude for AI features. Your data is processed to provide intelligent responses but is never stored by these AI providers and never used for training. All AI processing happens in real-time and your conversations remain completely private.
Built on Trusted Infrastructure
We leverage industry-leading cloud providers with proven security track records.
Google Cloud Firestore
Industry-leading NoSQL database with built-in security and reliability.
Cloudflare R2
Secure object storage with global edge caching and zero egress fees.
Vercel Hosting
Serverless deployment with automatic HTTPS and DDoS protection.
Compliance Status
Building on certified infrastructure while working toward our own certifications.
GDPR Compliant
Built with EU data protection standards in mind. You have full control over your data with rights to access, modify, and delete.
CCPA Compliant
Respecting California Consumer Privacy Act requirements with transparent data practices and user rights.
SOC 2 Certification Roadmap
While we're building on SOC 2-certified infrastructure (Firebase/GCP and Cloudflare), formal SOC 2 Type II certification for OmnyxAI is planned as we scale.
SOC 2 audits require significant investment ($30-50K) and 6+ months of preparation. As a bootstrapped startup, we've prioritized building on certified infrastructure from day one, with formal certification planned as we reach revenue milestones.
Our Commitment to Pilot Users
Non-Disclosure Agreement
As a pilot user, you're trusted with early access to OmnyxAI. We take this relationship seriously and have established a mutual Non-Disclosure Agreement to protect both your data and our intellectual property.
Your data remains confidential
We will never share, discuss, or reference your specific data in any public or private communications
Pilot feedback stays private
Your feedback, feature requests, and usage patterns are used only for product improvement, never for marketing or external disclosure
Protected pilot access
Your pilot status and participation details are treated as confidential business information
Early feature confidentiality
Unreleased features and capabilities you test remain confidential until public launch
Security Best Practices for Pilot Users
- Never share your login credentials or API keys with anyone
- Use a strong, unique password for your OmnyxAI account
- Report any suspicious activity to pranavsagar0209@gmail.com immediately
- Revoke OAuth access for any connected apps you no longer use
Questions About Security?
We're transparent about our security practices. If you have questions or concerns, we're here to help.