Security in Omlet
Omlet is a product developed and provided by Zeplin, Inc. which has SOC 2 Type II attestation. For Omlet, we implement the same security controls as the rest of the Zeplin ecosystem. When we refer to Zeplin, the same controls are in place for Omlet as well.
Data collection for Omlet
Omlet CLI collects only the metadata, your code is never collected, stored or uploaded. The scanning process is always done locally and you have full control over what Omlet will scan. You can learn more about the data collection for Omlet here:
Company
You can access the vendor details for Zeplin, Inc. from:
Terms and Privacy
The existing terms and privacy policy of Zeplin apply to Omlet too. You can access them from:
Security Whitepaper
We understand how important security and compliance are, and we’ve worked hard to make sure that our products are secure. The security and protection of our customers’ data is definitely a top priority.
We outline our approach to security & compliance, and the details of the technical controls that keep your data safe in this whitepaper:
In summary, we implement strict security controls, ensuring secure integrations with communication tools and adherence to regulatory standards like SOC 2. Our comprehensive approach includes rigorous hiring practices, physical and network security measures, regular penetration tests, and a commitment to privacy and confidentiality for user data.
Subprocessors
Zeplin, Inc. may engage data processors, subcontractors or content delivery networks to support the delivery of the services. You can access the information about the identity, location, and role of each subprocessor here:
Penetration Testing
We use specialist security consulting firms to complete penetration tests on our infrastructure. You can read more and see the results here:
Regulatory Compliance
Zeplin, Inc. maintains a comprehensive set of IT controls to ensure it meets various compliance obligations and aligns with SOC 2. You can read more about our regulatory compliance here:
AICPA rules do not permit public dissemination of SOC 2 reports. Please ping us at "support@omlet.dev" to request a copy of our attestation under NDA.
Responsible Disclosure
We appreciate responsible disclosure and will acknowledge security researchers who have reported an issue that is proven and of sufficient severity:
Data Processing Addendum, or DPA
Zeplin, Inc. provides a GDPR compliant DPA adapted to our services, which you can sign automatically following the steps here.
The signing process will start once you enter your name and email address. Then, you’ll be able to review the document, fill out the fields, sign, and download if you need.
Have more questions?
If you have further security questions, please contact us.
Last updated