Data Compliance & Cyber Security Policy

Committed to safeguarding data integrity, privacy, and compliance with regulatory standards, this document defines OmniGraph A/S’s approach to secure data handling and protection measures.

1. Introduction

This document outlines OmniGraph A/S's commitments and practices regarding data processing, security, availability, processing integrity, confidentiality, and privacy. We are dedicated to maintaining high standards of data protection and compliance with applicable laws and regulations.This document aims to provide a clear understanding of our data handling practices and the measures we take to protect the data entrusted to us by our users, customers, consumers, and employees. OmniGraph retains the right to update this document from time to time.

1.1 Definitions

User

An individual who interacts with our services, typically employees or representatives of our customers.

Customer

An entity (such as a company or organization) that has entered into an agreement with OmniGraph A/S to use our SaaS platform.

Consumer

An individual whose data (e.g., address, purchases, name, email) is processed by OmniGraph A/S as part of the services provided to our customers.

Employee

An individual employed by OmniGraph A/S, including developers, support staff, and other personnel who have access to internal systems and data.

Data Subject

Any individual whose personal data is processed by OmniGraph A/S, including users, customers, and consumers.

Personal Data

Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, and purchase details.

1.2 Scope

Security

This section details the measures we take to protect data from unauthorized access, breaches, and other security threats, ensuring the integrity and confidentiality of customer data.

Service Availability

This section outlines our commitments and practices to ensure the continuous availability and reliability of our services, including our disaster recovery and incident response protocols.

Processing Integrity

This section describes the controls and practices we implement to ensure the accuracy, completeness, and validity of data throughout its processing lifecycle.

Confidentiality

This section explains how we protect sensitive information from unauthorized access and disclosure, maintaining the confidentiality of customer and user data.

Privacy

This section covers our practices for collecting, using, and protecting personal data, including compliance with GDPR and other data protection regulations, as well as respecting the rights of data subjects.

2. Defined Controls

OmniGraph A/S implements the following controls and measures to ensure high standards of data protection and compliance with applicable laws and regulations.

2.1 Security

OmniGraph A/S is committed to ensuring high standards of security for data storage and processing. Our security measures are designed to protect the confidentiality, integrity, and availability of customer data. This section outlines the key security practices and technologies we employ to safeguard data.

Data Storage Technologies

OmniGraph A/S leverages industry-recognised cloud service providers and contemporary standard technologies to ensure secure data management:

  • Cloud Services Providers (CSP): 
    • Infrastructure, computation and storage is generally hosted one of three (AWS, Azure, GCP) core CSPs. The CSP’s provide capabilities for high levels of security features through virtual private cloud (VPC), containerization and orchestration (Kubernetes) etc.
      The specific CSPs in use by OmniGraph A/S at present is documented on
      https://www.omnigraph.io/legal/sub-processors-list
  • Storage Technology:
    • Files & Binary Large Objects (BLOBs) representing customer data are stored using distributed file system technologies with underlying CSP disks.
    • Structured system data is stored on CSP provided relational databases.
    • Semi-structured records of customer data and configuration is stored on distributed wide-column stores provided by CSP and/or database Service Providers.

For a full description of current technologies and subprocessors used for storage and their physical locations, please refer to https://www.omnigraph.io/legal/sub-processors-list

Encryption

To protect data from unauthorized access, we implement robust encryption mechanisms:

  • Encryption at Rest:
    • All data stored in our cloud environments is encrypted at rest using the native encryption services provided by our CSP or database Service Providers.
    • These encryption services comply with industry standards such as AES-256.
  • Encryption in Transit:
    • Data in transit is protected using TLS 1.2 or higher to ensure secure communication over public networks.
  • Internal Service-to-Service Connections: 
    • Communication between services within or between Kubernetes clusters predominantly occurs over private VPC subnets unexposed to public networks.
    • Any personal, confidential or otherwise sensitive data is encrypted in transit regardless of whether the connection is private or public.
    • Any connectivity over public networks is encrypted and secured regardless of the nature of the data.

Access Controls

OmniGraph A/S enforces rigorous access control measures to ensure that both internal personnel and external customers have secure and appropriate access to data and systems. Our access control policies are designed to protect sensitive information and maintain the integrity and confidentiality of our services.

Employee and Developer Access Control

  • Role-Based Access Control (RBAC):
    • Principle of Least Privilege (PoLP): Access to data and systems is granted based on the principle of least privilege, ensuring that employees and developers have only the necessary permissions required for their roles.
    • Role Assignments: Employees and developers are assigned roles with specific permissions tailored to their job functions. Access roles are regularly reviewed and updated based on changes in job responsibilities.
  • Multi-Factor Authentication (MFA):
    • MFA is mandatory for accessing critical systems and data, providing an additional layer of security.
    • All employees and developers must use MFA when accessing the company's internal systems, including development environments and administrative tools.
  • Access Reviews:
    • Regular access reviews are conducted to ensure that only authorized personnel retain access to sensitive data and systems.
    • Any unnecessary or outdated access permissions are promptly revoked.
  • Audit Logging and Monitoring:
    • Comprehensive audit logs are maintained to track access and modifications to data and systems by employees and developers.
    • Continuous monitoring is in place to detect and respond to any unauthorized access attempts or suspicious activities.

Customer and User Access Control:

  • User Authentication:
    • Customers and users must authenticate themselves using secure login methods before accessing our services. Users are identified through their email address.
    • Users may utilize a Single Sign-on (SSO) provider, use their “social login” through OpenID (e.g., using a Google Account) or create an account locally for the service.
    • Strong password policies are enforced, including minimum length, complexity requirements, and regular password updates on locally created accounts.
    • For Social / SSO logins, we only allow email-verified authentication, meaning that the authentication provider has verified the user through their email address before authenticating them. For a list of identity providers, please refer to the subprocessor list:
      https://www.omnigraph.io/legal/sub-processors-list.
  • User Roles and Permissions:
    • Customers can define and manage user roles within their accounts, granting specific permissions based on user responsibilities.
    • Role-based access controls are implemented to ensure users can only access data and features relevant to their roles.
  • Multi-Factor Authentication (MFA) for Users:
    • MFA is available and strongly recommended for customer accounts to enhance security.
    • Customers can enforce MFA for their users to provide an additional layer of protection for accessing sensitive data.
  • Self-Service Access Management:
    • Customers have the ability to manage user access through self-service portals, including adding, modifying, and removing user access as needed.
    • Detailed access logs are available to customers, allowing them to monitor and review user activity within their accounts.
  • Data Isolation:
    • Tenant-isolated environments ensure that each customer's data is segregated and inaccessible to other customers.
    • Strict access controls are in place to prevent unauthorized access across tenant boundaries.
  • Access Reviews and Audits:
    • Regular access reviews are conducted in collaboration with customers to ensure that user access is appropriate and aligns with current needs.
    • Customers are encouraged to periodically audit their user access and permissions to maintain optimal security.

By implementing these comprehensive access control measures, OmniGraph A/S ensures that both internal personnel and external customers can securely access the data and systems they need while protecting sensitive information from unauthorized access. If you have any questions or require further details about our access control practices, please contact us at compliance@omnigraph.io

Monitoring and Incident Response

Continuous monitoring and proactive incident response are integral to our security strategy:

  • Monitoring Tools:
    • Service and native cloud monitoring tools are used to monitor system performance, detect anomalies, and identify potential security threats in real time.
  • Incident Response Plan:
    • A detailed incident response plan is in place to address security incidents promptly and effectively.
    • In the event of a data breach, customers will be notified without undue delay, and necessary details about the breach will be provided, including its nature, impact, and mitigation measures.

Regular Security Assessments

OmniGraph A/S conducts regular security assessments to identify and mitigate potential vulnerabilities:

  • Penetration Testing:
    • Periodic penetration tests are performed by independent security experts to evaluate the security of our systems.
  • Vulnerability Scanning:
    • Automated vulnerability scans are conducted regularly to detect and address security weaknesses.
  • Compliance Audits:
    • Regular compliance audits are conducted to ensure adherence to GDPR and other applicable data protection regulations.

Data Backup and Disaster Recovery

To ensure data availability and resilience, OmniGraph A/S has implemented comprehensive backup and disaster recovery strategies:

  • Data Backup:
    • Regular backups of all critical data are performed and stored in secure, geographically dispersed locations.
  • Disaster Recovery:
    • A robust disaster recovery plan is in place to ensure quick restoration of services and data in the event of a disaster.
    • Regular disaster recovery drills are conducted to validate the effectiveness of our recovery procedures.

Subprocessor Management

OmniGraph A/S engages subprocessors to assist with data storage and processing, ensuring they meet our stringent security standards:

  • Subprocessor Agreements:
    • All subprocessors are required to comply with data protection obligations equivalent to those set out in our agreements with customers.
  • Regular Assessments:
    • Regular assessments of subprocessors are conducted to ensure ongoing compliance with our security requirements.

By implementing these comprehensive security measures, OmniGraph A/S demonstrates its commitment to protecting customer data and maintaining trust in our data storage and processing services. If you have any questions or require further details about our security practices, please contact us at compliance@omnigraph.io.

A list of subprocessors used by OmniGraph A/S and how they are used will be available on: https://www.omnigraph.io/legal/sub-processors-list

2.2 Service Availability

OmniGraph A/S is committed to ensuring the continuous availability of our services and maintaining high standards of data quality. This section outlines the measures we take to ensure data quality, service availability, and our communication protocols for incidents affecting availability.

Measures for Ensuring Data Quality

  • Data Validation:some text
    • Rigorous data validation checks are performed during data ingestion to ensure that incoming data meets predefined quality standards.
    • Automated validation rules detect and flag anomalies, inconsistencies, and incomplete data for further review.
  • Data Monitoring:some text
    • Continuous monitoring of data quality metrics is conducted to identify and address issues proactively.
    • Alerts and notifications are configured to inform relevant teams of any data quality concerns, enabling timely intervention and resolution.

Measures for Ensuring Service Availability

  • High Availability Architecture:
    • Our infrastructure is designed for high availability, utilizing redundant systems and components to eliminate single points of failure.
    • Load balancing, failover mechanisms, and geographically dispersed data centers ensure continuous service operation even in the event of hardware or network failures.
  • Scalability:
    • Elastic scaling capabilities allow our services to handle varying workloads and traffic volumes without degradation of performance.
    • Automated scaling mechanisms adjust resources dynamically to maintain optimal service levels during peak demand periods.
  • Disaster Recovery:
    • A comprehensive disaster recovery plan is in place to ensure rapid recovery of services in the event of a catastrophic failure.
    • Regular disaster recovery drills are conducted to validate and improve recovery procedures, ensuring minimal downtime and data loss.
  • Maintenance and Updates:
    • Scheduled maintenance windows are planned and communicated in advance to minimize impact on service availability.
    • Software updates and patches are deployed following a rigorous testing process to ensure stability and reliability.

Communication for Any Incidence Affecting Availability

  • Incident Detection and Response:
    • Advanced monitoring tools and systems continuously monitor service health and performance, detecting potential issues in real time.
  • Customer Notifications:
    • In the event of an incident affecting availability, customers will be notified promptly through multiple channels, including email and our service status page.
    • Notifications will include details about the incident, its impact, estimated resolution time, and any steps customers need to take.
  • Status Updates:
    • Regular status updates will be provided to keep customers informed about the progress of incident resolution.
    • Customers can subscribe to our service status page for real-time updates on service availability and ongoing incidents.
  • Post-Incident Review:
    • A thorough post-incident review is conducted to analyze the root cause, impact, and effectiveness of the response.
    • Findings from the review are used to implement corrective actions and improve our incident management processes.

By implementing these measures, OmniGraph A/S ensures the high availability and quality of our services, providing our customers with reliable and uninterrupted access to the tools and data they need. If you have any questions or require further information about our availability practices, please contact us at compliance@omnigraph.io

2.3 Processing Integrity

OmniGraph A/S is dedicated to ensuring the accuracy, completeness, and validity of its services and relevant data throughout its processing lifecycle. We implement a range of controls and best practices to maintain high standards of processing integrity.

Accuracy and Validity of Ingested & Processed Data

  • Automated Validation:
    • Processed data is subjected to automated validation checks during ingestion to verify accuracy against predefined criteria.
    • Any discrepancies are flagged for further investigation and correction.
  • Audit Trails:
    • Comprehensive audit trails are maintained to track data throughout its lifecycle, ensuring completeness and facilitating traceability.
    • Regular audits are conducted to confirm the completeness of the data and identify any gaps.
  • Validation Rules:
    • Validation rules are applied to ensure that processed data conforms to the expected ranges and formats and any discrepancy is logged.
    • Rules are regularly reviewed and updated to align with evolving business requirements and data standards.
  • Exception Handling:
    • Robust exception handling mechanisms are in place to manage and resolve invalid data entries.
    • Detailed logs of exceptions and their resolutions are maintained to improve future processing integrity.

By implementing these controls, OmniGraph A/S ensures that data processed within our systems is accurate, complete, and valid, thereby maintaining the integrity of the information and supporting our commitment to high-quality data management. If you have any questions or require further details about our processing integrity practices, please contact us at compliance@omnigraph.io

2.4 Confidentiality

OmniGraph A/S is committed to maintaining the confidentiality of customer data. We implement stringent measures to ensure that sensitive information is protected from unauthorized access and disclosure.

Measures to Ensure Confidentiality of Confidential Information

  • Data Encryption:
    • All data is encrypted both at rest and in transit using industry-standard encryption protocols (e.g., AES-256 for data at rest and TLS 1.2 or higher for data in transit).
  • Access Controls:
    • Strict role-based access controls (RBAC) are enforced to limit data access to authorized personnel only.
    • Multi-factor authentication (MFA) is required for accessing sensitive systems and data.
  • Confidentiality Agreements:
    • All employees and subprocessors are required to sign confidentiality agreements, ensuring they understand and commit to our data protection policies.
  • Regular Training:
    • Employees receive regular training on data privacy and confidentiality to stay informed about best practices and regulatory requirements.

By adopting these measures, OmniGraph A/S ensures that customer data remains confidential and secure, reinforcing our dedication to data protection. If you have any questions or need further information about our confidentiality practices, please contact us at compliance@omnigraph.io

2.5 Privacy

OmniGraph A/S prioritizes the privacy of customer and user data. We adhere to strict privacy principles and comply with relevant regulations to protect personal information.

Measures to Ensure Privacy Protection of Customers, Users and Consumer Data

  • Data Minimization:
    • We only collect data that is necessary for providing our services and minimize the use of personal data wherever possible.
  • User Consent:
    • We obtain explicit consent from users before collecting, using, or sharing their personal data, ensuring transparency in our data practices.
  • Data Subject Rights:
    • We respect and facilitate data subject rights under GDPR, including the rights to access, rectify, delete, and port personal data.
    • Users can exercise their rights by contacting us, and we respond to such requests promptly.
  • Privacy by Design:
    • Privacy considerations are integrated into our systems and processes from the outset, ensuring that data protection is a core aspect of our operations.
  • Compliance:
    • We comply with GDPR and other applicable data protection laws, conducting regular audits and assessments to ensure ongoing compliance.
    • Our privacy policy is regularly reviewed and updated to reflect any changes in regulations or our data practices.

By implementing these privacy measures, OmniGraph A/S demonstrates its commitment to protecting personal data and upholding high standards of privacy. If you have any questions or need further information about our privacy practices, please contact us at compliance@omnigraph.io

Product

ProductPricing

Company

AboutContact us

Legal

Terms of UseCookiesPrivacy PolicySubscription TermsData Compliance & Cyber SecurityData Processing AgreementSub-Processor List

© OmniGraph 2024