Security in Omlet
Last updated
Last updated
Omlet is a product developed and provided by Zeplin, Inc. which has SOC 2 Type II attestation. For Omlet, we implement the same security controls as the rest of the Zeplin ecosystem. When we refer to Zeplin, the same controls are in place for Omlet as well.
Omlet CLI collects only the metadata, your code is never collected, stored or uploaded. The scanning process is always done locally and you have full control over what Omlet will scan by choosing which repository/directory it should scan.
You can learn more about the data collection for Omlet here:
You can access the vendor details for Zeplin, Inc. from:
The existing terms and privacy policy of Zeplin apply to Omlet too. You can access them from:
We understand how important security and compliance are, and we’ve worked hard to make sure that our products are secure. The security and protection of our customers’ data is definitely a top priority.
We outline our approach to security & compliance, and the details of the technical controls that keep your data safe in this whitepaper:
In summary, we implement strict security controls, ensuring secure integrations with communication tools and adherence to regulatory standards like SOC 2. Our comprehensive approach includes rigorous hiring practices, physical and network security measures, regular penetration tests, and a commitment to privacy and confidentiality for user data.
Zeplin, Inc. may engage data processors, subcontractors or content delivery networks to support the delivery of the services. You can access the information about the identity, location, and role of each subprocessor here:
We use specialist security consulting firms to complete penetration tests on our infrastructure. You can read more and see the results here:
Zeplin, Inc. maintains a comprehensive set of IT controls to ensure it meets various compliance obligations and aligns with SOC 2. You can read more about our regulatory compliance here:
We appreciate responsible disclosure and will acknowledge security researchers who have reported an issue that is proven and of sufficient severity:
The signing process will start once you enter your name and email address. Then, you’ll be able to review the document, fill out the fields, sign, and download if you need.
AICPA rules do not permit public dissemination of SOC 2 reports. Please ping us at "" to request a copy of our attestation under NDA.
Zeplin, Inc. provides a GDPR compliant DPA adapted to our services, which you can sign automatically following the steps .
If you have further security questions, please .