Security First

Your documents contain sensitive information. We take security seriously.

Encryption in Transit

All data is encrypted using TLS 1.3 during transmission. We enforce HTTPS for all connections.

Encryption at Rest

Documents and data are encrypted at rest using AES-256 encryption with regularly rotated keys.

Access Controls

Strict role-based access controls ensure only authorized personnel can access systems.

SOC 2 Type II

We maintain SOC 2 Type II compliance, with annual audits by independent third parties.

GDPR Compliant

Full GDPR compliance with EU data residency options and data processing agreements.

Security Training

All employees complete regular security awareness training and background checks.

Document Handling

Processing: Documents are processed in isolated, ephemeral containers. Each processing job runs in its own sandboxed environment with no access to other customer data.

Retention: By default, documents are automatically deleted within 24 hours of processing. Enterprise customers can configure custom retention policies.

No Training: We never use your documents to train our models. Your data is yours alone.

Infrastructure

Our infrastructure runs on Cloudflare's global edge network, providing enterprise-grade security and DDoS protection. We use multiple layers of defense including Web Application Firewalls, rate limiting, and bot management.

All systems are monitored 24/7 with automated alerting. We conduct regular penetration testing and vulnerability assessments.

Reporting Vulnerabilities

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to:

security@ocr-omega.com

We commit to acknowledging reports within 24 hours and providing regular updates on our investigation.