Security & trust · Updated quarterly
Built for the nervous CISO.
Omie processes performance and skill data on behalf of some of Europe's most regulated companies. Here is what we do, what we don't do, and the receipts.
SOC
SOC 2 Type II · active
ISO
ISO 27001 · active
EU
GDPR · compliant
99.99
Uptime, trailing 90 days
Encryption end to end
Everything you push to Omie is encrypted in transit and at rest, with key rotation handled automatically.
- ✓AES-256 at rest, on EBS volumes and S3 objects
- ✓TLS 1.3 in transit, HSTS preloaded, no fallback to TLS 1.0/1.1
- ✓AWS KMS for key management, per-tenant keys available on Enterprise
- ✓Quarterly key rotation, no shared root keys
Hosting & isolation
EU data stays in the EU. US data stays in the US. No replication across regions without your explicit consent.
- ✓AWS primary, multi-AZ, daily snapshots
- ✓Regional isolation with separate VPCs per region
- ✓99.99% uptime SLA on Enterprise, with credits
- ✓15-minute RPO, 1-hour RTO on tier-1 services
Access controls
SSO, role-based permissions, full audit log. Customer admins control everything end-to-end.
- ✓SAML 2.0 / OIDC SSO on all team plans, no surcharge
- ✓SCIM for automated provisioning and deprovisioning
- ✓RBAC with five built-in roles, custom roles on Enterprise
- ✓Audit log with one-year retention, exportable to SIEM
Two things we will never do.
We won't sell your data. We won't train Omie's models on your content. Both are in the contract, both are checked by external audit, both are non-negotiable.
99.99%
Uptime · 90 day
0
Breaches to date
<15m
RPO, tier-1
24×7
On-call rotation