Access Controls
We enforce strict access controls to protect your financial data.
Least-Privilege Access
Team members only access the systems they need. No blanket admin access.
SSO & MFA Enforced
Single sign-on with multi-factor authentication required for all team access.
API Key Management
Integration credentials rotated regularly and scoped to minimum permissions.
Customer Data Isolation
Each customer's data is logically isolated. No cross-client data access.
Encryption & Data Protection
Your data is encrypted at every stage—in transit, at rest, and in backups.
In Transit
All data transmitted between your browser, our servers, and third-party integrations uses TLS 1.2+ encryption.
- •HTTPS enforced on all connections
- •API calls encrypted with TLS 1.2+
- •Certificate pinning for critical services
At Rest
All database records and file storage use AES-256 encryption at rest.
- •AES-256 encryption for all stored data
- •Encrypted backups with separate key management
- •Database encryption enforced by cloud provider
Auditability & Audit Trail
Every action is logged with immutable audit trails for full accountability.
What We Log
- •All user logins and access attempts
- •Financial entry creation, edits, and deletions
- •Approval and escalation actions
- •Integration credential usage
- •Report generation and exports
Audit Trail Features
- •Immutable logs (cannot be edited or deleted)
- •Timestamp, user, and action details
- •Change history with before/after states
- •Reviewer notes and approval reasoning
- •Available in-app for customer visibility
Data Handling & Retention
We handle your data responsibly and in compliance with applicable regulations.
Data Location
All customer data is stored in US-based data centers (AWS us-east-1 and us-west-2 regions).
Data Retention
Active customer data retained for the duration of service. Post-cancellation data retained for 90 days, then securely deleted.
Data Portability
Customers can export all data at any time. We provide full data export in standard formats on request.
Subprocessors
We work with trusted third-party service providers to deliver our service. All subprocessors are vetted for security compliance.
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and database hosting | United States |
| Vercel | Application hosting and edge network | United States |
| PostHog | Product analytics and observability | United States |
| HubSpot | Customer relationship management (CRM) | United States |
| Plaid | Bank connection and transaction sync | United States |
This list is updated as subprocessors change. Last updated: February 2026.
Incident Response
We have a documented incident response plan to quickly detect, contain, and resolve security incidents.
Detection
Automated monitoring and alerts detect potential security incidents in real-time.
Notification
Security team notified immediately. Customer notification within 24 hours if data breach confirmed.
Containment
Immediate action to contain the incident, prevent further unauthorized access, and preserve evidence.
Resolution & Review
Incident resolved, root cause analyzed, and preventive measures implemented. Full incident report provided.
To report a security incident or vulnerability, contact security@omniga.ai
Customer Responsibilities
Security is a shared responsibility. Here's what we ask you to do to keep your data safe.
Maintain secure passwords and enable MFA on your account
Protect API keys and integration credentials (never share publicly)
Review user access permissions regularly and remove inactive users
Report suspicious activity or potential security incidents immediately
Keep your QuickBooks and integration platform credentials up to date
Ensure your team follows security best practices when accessing Omniga
Questions about security practices? Contact security@omniga.ai
Trust starts with security
We take security seriously so you can focus on your business. SOC 2 Type II in progress, encryption everywhere, and full audit trails by default.
Questions? Email us at security@omniga.ai