Security

Infrastructure

• Production workloads run on hardened cloud infrastructure with network isolation
• Encryption in transit using TLS for all web and API traffic
• Encryption at rest for stored account data, simulation artifacts, and backups
• Role-based access controls for internal systems with least-privilege principles

Application security

• Authenticated access to workspaces with session management and secure cookie handling
• Input validation and rate limiting designed to reduce abuse of simulation and API endpoints
• Regular dependency monitoring and patching of critical vulnerabilities
• Separation between customer environments in multi-tenant deployments

Data handling

Customer Content — including world models, simulation inputs, and run history — is processed only to deliver the Services. We do not use private customer simulation data to train shared public models without contractual authorization.

Data retention and deletion practices are described in our Privacy Policy. Enterprise deployments may support custom retention, residency, and deletion schedules.

Monitoring and incident response

• Centralized logging and alerting for production anomalies
• Documented incident response procedures with customer notification for material events
• Post-incident review and remediation tracking

Compliance roadmap

Omida is building toward formal compliance programs appropriate for enterprise simulation workloads, including SOC 2. Availability of specific certifications depends on plan tier and deployment model. Contact security@omida.ai for current status and enterprise requirements.

Responsible disclosure

If you believe you have discovered a security vulnerability, please report it to security@omida.ai. We ask that you allow reasonable time for investigation before public disclosure and avoid accessing data that is not yours.