Enterprise · Omni Studio

AI infrastructure
your security team
will actually approve.

Private environments. Isolated data. Role-based access. Immutable audit logs. Human approval on every sensitive action. Documentation ready, controls already in place, BAAs available on request.

Private deploy SSO · SCIM RBAC Audit logs Customer-managed keys Human approval
Deployment options
3 · Omni cloud, your VPC, hybrid
Compliance posture
GDPR / CCPA aligned · HIPAA-ready
Review process
5 steps · NDA to managed go-live
Security review
Walkthrough with your team · under NDA
Compliance posture

The controls behind the badges — operating today.

Every claim below is backed by a control that is running in your environment right now. Operational, reviewable and tied back to a policy you wrote. No "in progress", no "coming soon" — we'd rather show you the work than ask you to take it on trust.

EU data protection
GDPR aligned
DPA on request · standard SCCs · data-subject rights workflow.
California consumer act
CCPA aligned
Opt-out, deletion and access requests handled in 30 days.
US healthcare
HIPAA-ready · BAA on request
PHI redaction, scoped access, audit, encryption — configurable per workflow.
Audit log
Immutable
Write-once event log, retained on your terms, exportable to your SIEM.
Encryption
In transit + at rest
TLS 1.3 + AES-256 · customer-managed keys on enterprise plans.
Human approval
Inline gating
Configurable per action and per agent. Bypasses require justification.
Security pillars

Six controls. Reviewable in one place.

Wired into the platform, not bolted on. Configurable per agent, per tool and per data source. Auditable from a single dashboard — no spelunking through six vendor consoles to answer one security question.

Private environment

Your control plane runs in its own private space. Data never crosses customers, never trains another customer's model, never reaches a public endpoint.

Default

Encryption at rest & in transit

TLS 1.3 in transit, AES-256 at rest. Customer-managed keys on enterprise plans — rotated on your cadence, revocable on demand.

Default

Role-based access

Granular permissions per agent, tool and data source. SSO + SCIM out of the box — Okta, Azure AD, Google. Just-in-time access supported.

Default

Immutable audit logs

Every agent action, approval and data access. Write-once, queryable, retained on your terms, streamable to your SIEM.

Default

Human approval gates

Configurable per action, per agent. Bypasses require justification & reviewer sign-off. Annotations feed back into the training loop.

Default

Data residency & subprocessors

US-default with regional options on request. Vetted subprocessor list available under NDA — with a 30-day change-notification clause.

On request
Security review process

A review your security team already knows.

Standard enterprise security review. We bring the documentation, you bring the questionnaire. No special process, no creative re-interpretation of controls — the same five steps every well-run procurement team has run before.

Step 01

NDA & intake

Standard NDA, security questionnaire, vendor risk form. We turn around in 48 hours.

Step 02

Architecture review

Joint review of deployment topology, data flows, integration boundaries and identity.

Step 03

Controls walkthrough

Control mapping · pen-test summary on request · sample audit log walkthrough.

Step 04

Pilot in your env

Private deployment, a 2–4 week pilot, observability open to your team end-to-end.

Step 05

Go-live & ops

Managed operations · monthly business review · annual recertification on your cadence.

Deployment options

Where Omni runs is your call.

Three deployment options depending on your data sensitivity, procurement model and platform-team preference. Same product, same audit trail — different reach and control surface. Switching later is a migration, not a re-platform.

Default Fastest go-live
OMNI · US-EAST + US-WEST Your private environment PRIVATE NAMESPACE ISOLATED DB · YOUR KMS SHARED PLATFORM · NO CUSTOMER DATA MULTI-REGION US · 99.9% SLA

Omni-managed cloud

Multi-region US deployment. Each customer in their own private environment. Fastest go-live — pilots stand up in days, not weeks.

Enterprise Your stack
YOUR VPC · AWS / AZURE / GCP Omni control plane · deployed YOUR KMS · YOUR CLOUDTRAIL · YOUR VPN PRIVATELINK · NO PUBLIC EGRESS Your services Your databases YOUR PERIMETER · YOUR LOGS · YOUR KEYS

Your VPC

Deploy into your AWS / Azure / GCP. PrivateLink, your KMS, your CloudTrail. Logs land in your SIEM by default — not a vendor portal.

Regulated Quote-based
HYBRID · ON-PREM + CLOUD On-prem REGULATED DATA PHI · PII vault Inference (local) Audit log Omni cloud NON-SENSITIVE Orchestration Approval queue Reports

On-prem / hybrid

For regulated workloads. Sensitive data and inference stay on-prem; orchestration and reporting can sit in cloud. Jointly managed.

Data handling

The rules we publish — and stand behind.

The non-negotiables for any customer on Omni. Anything we can't promise here, we won't promise on a slide.

No cross-customer training

Your data never trains a model that another customer touches. Period.

No data sale, no share

We don't sell your conversations, transcripts or business records. Not now, not later.

Right to export

Take your data with you at any time — structured, dated, complete. No re-keying.

Right to delete

Deletion on request, propagated to backups within the documented retention window.

Security review

Walk your security team
through the controls.

Request a security review Book enterprise call
Live walkthrough with your security team · under NDA · scheduled within 48h
Security review · under NDA Live
A live walkthrough.
  • Architecture & data flow 15 min
  • Controls & access 15 min
  • Audit log & observability 10 min
  • Questionnaire turnaround 48h
  • Q&A with our team 20 min
Scheduled within 48 hours of NDA
A working session with your security team — architecture, controls, data flow, retention and a live Q&A. Documentation shared during the call.