Security

Security and data protection at OmniHubX

Protecting your account credentials and your customers' data is core to how we build OmniHubX. This page summarizes the technical and organizational measures we apply.

How we protect your data

  • Encryption at rest

    Shop OAuth tokens and other secrets are encrypted at rest using AES-GCM. Nothing sensitive is stored in plain text.

  • Encryption in transit

    All traffic between your browser, our servers and marketplace APIs is encrypted with TLS.

  • Hashed passwords

    Account passwords are hashed with bcrypt and are never stored or logged in plain text.

  • Tenant isolation

    Each account's data is isolated at the database layer with row-level security, so one customer can never access another customer's data.

  • Least-privilege access

    We connect to marketplaces over OAuth and request only the scopes needed to run your shop. We never ask for your platform password.

  • Data deletion

    You can revoke a shop connection or delete your account at any time. We stop syncing immediately and remove associated data within 30 days.

Operational practices

  • We access marketplace data only to provide OmniHubX features to you — we never sell it or use it for advertising.
  • Access to production systems is restricted and monitored.
  • We keep dependencies and infrastructure patched and monitor the platform for availability and errors.

Reporting a security issue

If you believe you have found a security vulnerability, please contact our team so we can investigate promptly.

[email protected]