Privacy isn’t a feature.
It’s the architecture.
Omna masks sensitive data on your device, before it ever reaches an AI service. Here’s how we keep your data — and your customers’ data — safe.
Local-first by design
PII detection and masking run on your device using WebAssembly. Your files and prompts never reach an Omna server — sensitive data is masked before it ever leaves your machine.
Zero content retention
We never collect or store your file contents, prompts, or detected PII. The only data we receive is anonymous usage telemetry and the account details needed to run paid plans.
Encryption everywhere
All traffic to omna.dev is encrypted in transit with TLS. Account and telemetry data is stored encrypted at rest by our infrastructure providers.
SSO & access control
Enterprise plans support SSO / SAML and role-based access so your team signs in with your identity provider and you control who can do what.
SOC 2 & HIPAA
SOC 2 and HIPAA compliance — including a signed BAA — are available under Enterprise agreements for teams handling regulated or healthcare data.
On-prem & VPC
Run Omna entirely inside your own infrastructure. Enterprise deployments support on-prem and private-cloud (VPC) installs so data never leaves your network.
Need our security details?
We’re happy to share our DPA, sub-processor list, and answer security questionnaires for Enterprise evaluations.
More on how data is handled in our Privacy Policy and Terms of Service.