Security
Your data security is our foundation
Omniday is built on enterprise-grade security principles. We implement rigorous technical and organisational measures to protect your data and your customers' data at every layer.
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Database backups are encrypted with customer-managed keys where applicable.
EU-Based Infrastructure
Our platform runs on Microsoft Azure in the West Europe (Amsterdam) region. Your data never leaves the EU unless explicitly required and covered by appropriate safeguards (SCCs).
Access Controls
We enforce role-based access control (RBAC) with the principle of least privilege. All access to production systems requires multi-factor authentication and is logged for audit purposes.
Monitoring & Detection
Real-time threat detection via Azure Defender for Cloud and Application Insights. Security events are monitored 24/7 with automated alerting for anomalous behaviour.
Incident Response
We maintain a documented incident response plan. In the event of a personal data breach, we will notify affected customers and the Danish Data Protection Agency (Datatilsynet) within 72 hours as required by GDPR Article 33.
Compliance & Audits
Our practices are aligned with SOC 2 Type II principles and ISO 27001 controls. We conduct regular penetration testing and vulnerability assessments through independent third parties.
Data Processing
When you use Omniday to process your customers' interactions, we act as a Data Processor under GDPR Article 28. We process data only on your documented instructions and offer a comprehensive Data Processing Agreement (DPA) to all customers.
Sub-Processors
We maintain a transparent list of sub-processors. All sub-processors are vetted for GDPR compliance and bound by Data Processing Agreements. We will notify you at least 30 days before adding a new sub-processor, giving you the right to object.
- Microsoft Azure (West Europe) — infrastructure & compute
- Azure Application Insights — performance monitoring
- Resend — transactional email
Responsible Disclosure
If you discover a security vulnerability in our Platform, please report it responsibly to security@omniday.ai. We ask that you give us reasonable time to investigate and patch before public disclosure. We do not pursue legal action against researchers who act in good faith.
Questions?
For security inquiries or to request our latest penetration test summary, contact us at security@omniday.ai. For privacy-related queries, see our Privacy Policy.