Security & Compliance
Omniflow is designed for enterprises that take security seriously. This page is the canonical reference for audit, encryption, certifications, residency, retention, and regulatory posture. Use it for security reviews, RFPs, and Trust Center inquiries.
Identity & access
| Capability | How it works |
|---|---|
| SSO | SAML 2.0 + OIDC. See SSO & SCIM. |
| SCIM provisioning | Automated user lifecycle from Okta, Azure AD, Google Workspace. |
| MFA | Enforced via the IdP for SSO workspaces; password+MFA available for non-SSO. |
| Custom roles | Built-in roles plus fully custom roles. See Roles & Permissions. |
| Per-team scoping | Permissions can be scoped to a specific team / language / customer tier. |
| API keys | Per-scope, rate-limited, IP-allowlisted, rotatable. See API Keys. |
| Password policy | Length, complexity, history, max-age all configurable per workspace (private cloud). |
Audit trail
| Surface | Granularity | Retention |
|---|---|---|
| System audit log | Every admin action — settings change, member add, key rotation. | Indefinite. |
| API key audit | Every API call: key, endpoint, status, latency, IP, payload hash. | 90 days raw payload, indefinite metadata. |
| Conversation trace | Every model turn, tool call, retrieval, transfer. | 90 days, configurable. |
| Tool audit | Every mutating tool call: caller, args, response, latency. | 365 days. |
| Webhook deliveries | Every delivery + retry history. | 30 days. |
The audit trail is immutable — appended only, never edited. It’s queryable via API, exportable to a SIEM, and signed so tampering can be detected.
RFP question: “Does the platform provide a complete, immutable audit trail showing which data sources were used to generate an AI response?” — Yes. Every retrieval, prompt, and tool call is logged in the conversation trace with the source URL and chunk text.
Encryption
| Data | At rest | In transit |
|---|---|---|
| Database (PostgreSQL) | AES-256 disk encryption + per-row encryption for sensitive columns. | TLS 1.3 to the database. |
| Audio recordings | AES-256 in object storage; signed URLs only for playback. | TLS 1.3. |
| OAuth tokens / integration credentials | AES-256 with workspace-scoped key derived from the master key. | Never logged in plain text. |
| API keys | Stored as bcrypt hashes; full secret shown only at creation. | TLS 1.3. |
| Inter-service traffic | mTLS between Supabase, Railway voice runtime, and edge functions. | mTLS. |
mTLS for customer integrations
Private cloud and on-prem deployments support mTLS for inbound webhooks and outbound tool calls:
- Customer presents a client certificate signed by their CA.
- Omniflow validates the chain and the SAN against the configured allowlist.
- Tool callbacks include a customer-provided client certificate when configured.
Configuration lives under Settings → Compliance → mTLS.
DLP integration
Omniflow integrates with major DLP tools at three points:
| Point | Coverage |
|---|---|
| Inbound channel | Inbound messages can be scanned by your DLP before they enter the inbox; rules can quarantine or redact. |
| Outbound channel | Outbound replies are scanned before send; matches block the send and route to a human. |
| Storage | Trace exports and CSV exports respect DLP redaction rules. |
Supported via Forcepoint, Symantec, and Microsoft Purview. Custom DLP via webhook.
PII handling
PII redaction runs on the way in to logs, traces, and exports:
| Field | Default behavior |
|---|---|
| Credit card | Masked: **** **** **** 4422 |
| Government ID (SSN, etc.) | Fully masked. |
| Phone numbers | Masked except last 4. |
| Email addresses | Domain-masked except for the customer’s own. |
| Free-form PII patterns | Configurable regex rules per workspace. |
PII redaction applies to:
- Conversation transcripts.
- Trace event bodies.
- Audit log payloads.
- CSV / API exports.
- Webhook payloads (configurable per subscription).
PII redaction is opt-in for some fields by design. Phone numbers, for instance, are required to make outbound calls — so they’re stored encrypted but visible in the inbox to authorized agents. Configure carefully.
Data residency
| Region | Available |
|---|---|
| EU (Frankfurt) | âś… |
| EU (Switzerland) | âś… for private cloud / Exoscale |
| US (us-east, us-west) | âś… |
| APAC (Singapore, Sydney) | âś… |
| Custom | Available for on-prem. |
Workspace data — conversations, transcripts, embeddings, audio, traces — stays in the configured region. Cross-region replication is opt-in.
Retention
| Data | Default | Configurable down to |
|---|---|---|
| Audio recordings | 90 days | 1 day |
| Transcripts | Indefinite | 7 days |
| Trace events | 90 days | 7 days |
| Audit logs | Indefinite | 1 year minimum |
| Embeddings | Lifetime of source article | Synced — bound to source |
| Backups | 30 days | 7 days |
Retention is configured under Settings → Data Retention. Shorter retention reduces audit/QA depth — a trade-off you set per workspace.
Certifications
| Certification | Status |
|---|---|
| ISO 27001 | Certified. |
| SOC 2 Type II | Certified, audited annually. |
| GDPR | Compliant; DPA available. |
| HIPAA | Available for healthcare deployments under BAA. |
| PCI-DSS | Out of scope by design — payment data should never enter Omniflow conversations; use the secure form pattern. |
| FINMA | Compliant for Swiss financial-services deployments. |
The Trust Center at https://trust.omniflow.example mirrors all certificates, the latest pen-test report (under NDA), and the data processing addendum.
EU AI Act
Omniflow is positioned for compliance with the EU AI Act based on the system risk classification:
| Annex III risk category | How Omniflow supports it |
|---|---|
| Limited risk (general-purpose chatbot) | Transparency disclosures available out of the box. |
| High risk (decisions affecting credit, insurance, employment) | Human-in-the-loop required by configuration; full audit trail; right-to-explanation supported. |
| Prohibited (manipulative or social-scoring uses) | Out of scope; refused at Terms of Service level. |
The platform supports the Article 13 transparency requirements: customers can be told they’re interacting with an AI, the bot’s role, and the logic of any automated decision affecting them.
Prompt injection / jailbreak hardening
| Defense | Coverage |
|---|---|
| System prompt isolation | Tool descriptions and system instructions are in a separate channel from user input. |
| Input sanitization | Detects and neutralizes common injection patterns (“ignore previous instructions”). |
| Output filtering | Replies can be screened for off-topic content before send. |
| Tool guardrails | Mutating tools can require explicit human confirmation. |
| Adversarial test set | The QA system runs a built-in adversarial battery against new agent versions before publish. |
Customer data is not used to train Omniflow’s models. Period.
Customer-data training
| Question | Answer |
|---|---|
| Does Omniflow train models on customer data? | No. |
| Are conversations sent to OpenAI / Anthropic / Google? | Yes, for inference — and never used by those providers for training under the contracts in place. |
| Can I disable third-party model providers? | Yes — switch to a self-hosted model in AI Infrastructure. |
Support security
Private cloud and FINMA deployments include:
- Support staff with Swiss residency and security clearance.
- Customer-controlled access to support tooling (jump-host with audit recording).
- Time-limited break-glass access for critical incidents only.
Open in Omniflow
Related
| If you want to… | Go to |
|---|---|
| Configure SSO / SCIM | SSO & SCIM |
| Configure retention | Settings overview |
| Read about deployment options | Deployment Options |
| Use a secure-form handoff for sensitive data | Escalation & Handoff |