# Security in Omlet

Omlet is a product developed and provided by Zeplin, Inc. which has SOC 2 Type II attestation. For Omlet, we implement the same security controls as the rest of the Zeplin ecosystem. When we refer to Zeplin, the same controls are in place for Omlet as well.

## **Data collection for Omlet**

Omlet CLI collects only the metadata, **your code is never collected, stored or uploaded**. The scanning process is always done *locally* and you have full control over what Omlet will scan by choosing which repository/directory it should scan.

You can learn more about the data collection for Omlet here:

* [Data collection for Omlet](https://docs.omlet.dev/security/data-collection)

## Company

You can access the vendor details for Zeplin, Inc. from:&#x20;

* [Vendor details for Zeplin](https://support.zeplin.io/en/articles/1750260-vendor-details-for-zeplin)

## Terms and Privacy

The existing terms and privacy policy of Zeplin apply to Omlet too. You can access them from:

* [Terms of Service](https://zeplin.io/terms/)
* [Privacy Policy](https://zeplin.io/privacy/)

## Security Whitepaper

We understand how important security and compliance are, and we’ve worked hard to make sure that our products are secure. The security and protection of our customers’ data is definitely a top priority.&#x20;

We outline our approach to security & compliance, and the details of the technical controls that keep your data safe in this whitepaper:

* [Security Whitepaper](https://support.zeplin.io/en/articles/2472293-security-whitepaper)

In summary, we implement strict security controls, ensuring secure integrations with communication tools and adherence to regulatory standards like SOC 2. Our comprehensive approach includes rigorous hiring practices, physical and network security measures, regular penetration tests, and a commitment to privacy and confidentiality for user data.

### Subprocessors

Zeplin, Inc. may engage data processors, subcontractors or content delivery networks to support the delivery of the services. You can access the information about the identity, location, and role of each subprocessor here:

* [Zeplin Subprocessors](https://zeplin.io/subprocessors)

### Penetration Testing

We use specialist security consulting firms to complete penetration tests on our infrastructure. You can read more and see the results here:

* [Zeplin Security Penetration Test](https://support.zeplin.io/en/articles/3991799-zeplin-security-penetration-test)

### Regulatory Compliance <a href="#regulatory-compliance" id="regulatory-compliance"></a>

Zeplin, Inc. maintains a comprehensive set of IT controls to ensure it meets various compliance obligations and aligns with SOC 2. You can read more about our regulatory compliance here:

* [Regulatory Compliance](https://support.zeplin.io/en/articles/4113683-regulatory-compliance)

{% hint style="info" %}
AICPA rules do not permit public dissemination of SOC 2 reports. Please ping us at "<support@omlet.dev>" to request a copy of our attestation under NDA.
{% endhint %}

### Responsible Disclosure

We appreciate responsible disclosure and will acknowledge security researchers who have reported an issue that is proven and of sufficient severity:

* [Responsible Disclosure](https://support.zeplin.io/en/articles/2632495-responsible-disclosure)

## Data Processing Addendum, or DPA

Zeplin, Inc. provides a GDPR compliant DPA adapted to our services, which you can sign automatically following the steps [here](https://zpl.io/dpa).

The signing process will start once you enter your name and email address. Then, you’ll be able to review the document, fill out the fields, sign, and download if you need.

{% hint style="info" %}
**Have more questions?**

If you have further security questions, please [contact us](mailto:support@omlet.dev).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.omlet.dev/security/security-in-omlet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.