Security
More on what data Omlet collects and its security controls
Omlet is a product developed and provided by Zeplin which has SOC2 TypeII attestation. The existing terms and privacy policy of Zeplin apply to Omlet.
Omlet never collects, stores or upload your code. The scanning process is always done locally using the Omlet CLI available for download via NPM. Only metadata is collected. As a user, you have full control over what code Omlet will scan by choosing which repository it should scan. You have the option to also limit scanning to certain files or directories.
Regarding metadata, function names related to frontend code, file path of where the function is defined, where this function is called are collected. Other metadata we collect are… IP address of the user who uploads the data, node.js version, OS type/version, URL to your git repository and current branch name. These are used for troubleshooting purpose.
Omlet CLI has an option to only generate the output locally which you can use to inspect the data. You can do this by running
omlet analyze --dry-run. This will generate a local file omlet.out.json with the scanned output that is normally uploaded to Omlet web app. When using --dry-run, the results are never uploaded to Omlet web app. You can check a sample output file which was generated from this open source project from here.
The metadata collected is uploaded to Omlet backend hosted on AWS (S3) and MongoDB. We only use this data to provide the service directly to you.
Further details of Zeplin & Omlet security controls are also documented in this whitepaper. If you have further security questions, please contact us.
Last modified 23d ago