Your Security. Your Control.

Your trust is our foundation. We've built a platform that gives you complete control over your private health data, backed by a world-class security system.

Security You Can Control

We provide flexible options that put you in charge of your own security, along with a multi-layered defense to protect your data at every step.

🔑

Flexible Account Access

You choose the security level you're comfortable with. We offer everything from simple, easy-to-remember access, all the way to premium Multi-Factor Authentication (MFA) for the highest level of account security. You are in control.

🎛️

You Are The Gatekeeper

You never have to share your whole record. You can grant a specific doctor access to only your blood test results for only 48 hours. Our system also traces a 'web of trust,' showing you how professionals are connected to your care, so you can share with confidence.

🚑

Emergency Lifeline

In a critical emergency, speed matters. You can designate specific, life-saving information (like blood type or severe allergies) to be available to registered emergency professionals. This data is only accessible in an emergency, giving first responders what they need.

Omnihealth's multi-layered defense system

Our Multi-Layered Defense

Our security is not a single wall; it's a deep, intelligent, and active system designed to make data theft unfeasible.

Decentralised & Encrypted Data:
Your data is not in one place. We use field-level encryption to scramble each piece of your record, and those encrypted pieces are stored on different servers in different locations. Even the encryption keys are randomised and stored separately.

Active Data Pollution:
To make your data useless to an attacker, we "pollute" it, mixing every piece of your real information in a sea of over **10x fake, randomly-generated data.** Even in the unlikely event of a full database breach, this "noise" renders the stolen data effectively worthless.

Secure Transit & Honeypots:
We use SSL and secure VPNs for all communication, and add a proprietary layer of random "noise" to obscure data in transit. We also deploy numerous "honeypots" - digital traps, to detect, identify, and safely guide attackers away from real user data.

Our Internal Promise: Zero Access

Protecting your data from outside threats isn't enough. We have built industry-leading controls to protect your data from within.

🚫

No Developer Access. Ever.

Our development team never has access to live data servers. They work in a completely separate, audited environment using "jump servers." Your personal data is never used for testing, and the engineers building the system cannot see it.

👥

Accountability & Immutable Logs

No single employee has the keys. We enforce a "two-person rule" for critical maintenance. Furthermore, all critical actions are written to an immutable audit log (similar to a private blockchain), creating a permanent, tamper-proof record that cannot be altered, even by our admins.

📦

Secure Software Supply Chain

Our systems are under constant review by "white-hat" hackers. We also use Software Composition Analysis (SCA) to continuously scan all third-party code libraries for vulnerabilities, ensuring our entire software supply chain is secure before it's deployed.

Transparency & Response in a Crisis

Our responsibility to you extends to being prepared for the unexpected. We have a robust, clear plan for how we handle a potential data breach.

1. Immediate Containment & Analysis:
Our first priority is to contain the threat. Our on-call security team works 24/7 to analyze any breach, understand its scope, and preserve a detailed analysis for the relevant authorities.

2. Responsible Disclosure:
To protect our users and avoid aiding attackers, our policy is to neither confirm nor deny the specifics of a breach publicly. We work directly and transparently with law enforcement and regulatory bodies to ensure a coordinated response.

3. User Notification & Support:
If we determine that user data is affected, we will notify affected users directly. We are committed to providing clear information, in simple language, on what happened and offering concrete support and guidance to help our users navigate the situation safely.