Security in Omlet

Omlet is a product developed and provided by Zeplin, Inc. which has SOC 2 Type II attestation. For Omlet, we implement the same security controls as the rest of the Zeplin ecosystem. When we refer to Zeplin, the same controls are in place for Omlet as well.

Data collection for Omlet

Omlet CLI collects only the metadata, your code is never collected, stored or uploaded. The scanning process is always done locally and you have full control over what Omlet will scan. You can learn more about the data collection for Omlet here:


You can access the vendor details for Zeplin, Inc. from:

Terms and Privacy

The existing terms and privacy policy of Zeplin apply to Omlet too. You can access them from:

Security Whitepaper

We understand how important security and compliance are, and we’ve worked hard to make sure that our products are secure. The security and protection of our customers’ data is definitely a top priority.

We outline our approach to security & compliance, and the details of the technical controls that keep your data safe in this whitepaper:

In summary, we implement strict security controls, ensuring secure integrations with communication tools and adherence to regulatory standards like SOC 2. Our comprehensive approach includes rigorous hiring practices, physical and network security measures, regular penetration tests, and a commitment to privacy and confidentiality for user data.


Zeplin, Inc. may engage data processors, subcontractors or content delivery networks to support the delivery of the services. You can access the information about the identity, location, and role of each subprocessor here:

Penetration Testing

We use specialist security consulting firms to complete penetration tests on our infrastructure. You can read more and see the results here:

Regulatory Compliance

Zeplin, Inc. maintains a comprehensive set of IT controls to ensure it meets various compliance obligations and aligns with SOC 2. You can read more about our regulatory compliance here:

AICPA rules do not permit public dissemination of SOC 2 reports. Please ping us at "" to request a copy of our attestation under NDA.

Responsible Disclosure

We appreciate responsible disclosure and will acknowledge security researchers who have reported an issue that is proven and of sufficient severity:

Have more questions?

If you have further security questions, please contact us.

Last updated