Security at Omnara.
Your code is your most valuable asset. We've built Omnara with security at its core, giving you complete control over your data.
End-to-End Encryption
All data in transit is encrypted using TLS 1.3. Cloud-synced data is encrypted at rest with AES-256.
Local-First Architecture
Your code stays on your machine by default. Cloud sync is opt-in per repository.
Secure Authentication
Industry-standard OAuth 2.0 and optional two-factor authentication for all accounts.
Zero-Knowledge Design
We cannot see your code or session data. Only you have the keys to decrypt your synced content.
SOC 2 Compliant
Our infrastructure and processes are audited annually for security and compliance.
Regular Audits
Third-party security researchers regularly audit our codebase and infrastructure.
How we protect your data
Local by Default
When you use Omnara, your code and agent sessions stay on your local machine. Nothing is uploaded to our servers unless you explicitly enable cloud sync for a repository.
Opt-In Cloud Sync
When you enable cloud sync, your session data is encrypted on your device before being uploaded. We use AES-256 encryption with keys derived from your account credentials. We cannot decrypt your data.
Secure Infrastructure
Our infrastructure runs on AWS with strict access controls, network isolation, and continuous monitoring. All services are deployed in SOC 2 compliant data centers.
Responsible Disclosure
We maintain a security vulnerability disclosure program. If you discover a security issue, please report it to security@omnara.co
Have security questions?
Our security team is happy to answer questions about our practices or discuss enterprise security requirements.
Contact Security Team