Legal

Security

Last updated 2026-04-30

Encryption

All data in transit uses TLS 1.3. Data at rest is encrypted via AES-256 with envelope encryption (KEK in AWS KMS, DEK rotated quarterly).

Authentication

Passwords are bcrypt-hashed with per-account salt. Optional 2FA (TOTP) and SAML SSO (Okta, Azure AD, Auth0) on enterprise plans.

Audit logging

Every contact, deal, and email send is logged. Standard plans retain 30 days; enterprise retains 7 years for compliance.

Compliance

GDPR + CCPA built in. SOC 2 Type II + HIPAA + ISO 27001 audit packages available on enterprise. Multi-region data residency (US-East, EU, India, Asia).

Penetration testing

Annual third-party pentests. Bug bounty program at security.omnimark.pro.

Incident response

Status page at status.omnimark.pro. Critical incidents notified within 4 hours; resolution post-mortems published within 7 days.