Security, by default

Omnyra runs on Amazon Web Services with network segmentation and private subnets for sensitive services. We use managed gateways, security groups, and a web application firewall to reduce attack surface. Infrastructure is deployed as code with immutable builds. Backups follow a 3-2-1 pattern and are regularly tested.

We use Stripe for billing. Omnyra never sees or stores full card numbers. Stripe’s own certifications apply to Stripe’s systems and help reduce our scope.

Traffic is encrypted in transit (TLS 1.2+). Data is encrypted at rest with strong keys managed in the cloud. Secrets live in a dedicated secrets manager and are never committed to source control. Keys and credentials rotate on a regular cadence and after relevant changes.

We enforce least-privilege access and role-based controls. Sensitive actions require extra checks and are logged. Sessions use short-lived, httpOnly, same-site cookies. Admin activity is captured in an audit log.

Important changes leave a tamper-evident record so edits are visible later. You can trace what changed and why.

We operate with SOC 2–aligned controls and are working toward independent SOC 2 attestation. We’ll share updates when the report is available.

Need diligence materials? Contact support@omnyra.ai. You can disconnect anytime—see Disconnect.