Security

Your data
Protected

Omnys connects to sensitive store data. We treat that responsibility seriously — with infrastructure, practices, and policies to match.

Security pillars

Encryption at rest & in transit

All data is encrypted using AES-256 at rest. All connections are enforced over TLS 1.2+. No plaintext, ever.

Access control

Role-based access is enforced throughout. We use the principle of least privilege — every integration only receives the permissions it needs.

Audit logging

Every data access and action is logged with timestamps and actor identity. Logs are tamper-evident and retained for 90 days.

Data isolation

Each store's data is logically isolated. Row-level security enforced at the database layer means one store can never access another's data.

Shopify permissions

Omnys connects to your Shopify store using the official Shopify OAuth flow. We request only the scopes required to power the features you use. We do not store your Shopify Admin API credentials — only scoped access tokens.

Products and variants (read-only by default)
Orders (read-only, for analytics)
Inventory levels (read-only)
Write permissions only granted when a feature explicitly requires it

Infrastructure

Omnys runs on enterprise-grade cloud infrastructure with automated backups, DDoS mitigation, and 99.9% uptime SLA. Our stack is designed for horizontal scale and zero single points of failure.

We use Supabase for database and storage, which provides PostgreSQL with row-level security, automatic backups, and SOC 2 Type II compliance.

Responsible disclosure

Found a security issue? We appreciate responsible disclosure. Contact us at security@omnys.app with details and we will respond within 48 hours. Please do not publicly disclose vulnerabilities before we have had a chance to address them.

Your dataProtected

Your data
Protected