OmniStrat® Security Statement

Security at all levels

We know security of your data is crucial, and we treat the security of any information you add on your OmniStrat account as a top priority. Every aspect of OmniStrat is designed to be secure at all levels and to only allow access to the registered users on your account. We are completely committed to all aspects of security, and work to make our hosted service as secure as having a server behind your own firewall.

Application and Data Security

Users can access OmniStrat accounts only with a valid username and password. All transmissions between your browser and our hosted service servers are encrypted. If a user chooses to have OmniStrat remember their login, user sessions are stored in an encrypted cookie which does not reveal any login information.

The application architecture follows all best practices to ensure users only have access to information to which they are given permission. A security model is enforced at every level of the application to prevent a user of another account from accessing your information. OmniStrat employees do not have direct access to data stored on the OmniStrat servers, except where necessary for system maintenance and backups.

Server Security and Data Backups

The servers are hosted by a managed service which has 24-hour physical security and highly controlled server access, as well as redundant power and network systems. The servers have firewall protection and intrusion detection systems, and have a minimal number of access points. We follow all best practices in server security and maintenance to ensure no outside intruders gain access.

All customer data is stored on RAID disks with multiple data paths, and nightly backups of all data are performed. Backups are moved to an off-site secure location.