Trust center
What we actually do
What we actually do
to protect your data.
Omega Digital is a small operation. We're not SOC 2 certified. We don't have a compliance team. What we do have is a specific set of controls, documented plainly, that you can evaluate yourself.
Security controls
What's in place.
- Encryption in transit
- TLS 1.3 on all connections. TLS 1.0/1.1 disabled. HSTS with preload.
- Encryption at rest
- Disk-level encryption depends on the underlying VPS provider configuration. No application-level encryption of the database file is applied beyond what the provider enforces.
- Password hashing
- argon2id (memory=19456, iterations=2, parallelism=1). Current OWASP recommendation.
- Session security
- 32-byte random session IDs. httpOnly, Secure, SameSite=Lax cookies. 30-day expiry.
- Input validation
- Zod schemas on every API endpoint. No raw SQL string interpolation: prepared statements only.
- Rate limiting
- Login: 5 attempts per 5 minutes per IP. Sliding window, in-memory.
- Vulnerability disclosure
- Report issues to [email protected]. We aim to respond within one business day.
Certifications
Third-party audits.
As of April 2026, Omega Digital has not completed third-party security audits (SOC 2, ISO 27001, PCI-DSS, or similar). We're a recently launched operation and won't claim certifications we don't hold.
If your organisation requires specific certifications, email [email protected] before purchasing. We'll give you an honest answer about whether we're the right fit.
Security questions?
Email [email protected] for vulnerability reports and security questions. For privacy inquiries: [email protected].