Security & Incident Response

Effective date: Jul 12, 2026

This statement summarises the technical and organisational measures Omixo AI uses to protect personal data, and our process for handling security incidents.

1. Encryption

2. Access control

3. Data loss prevention & resilience

4. Data minimisation & retention

We collect only the data required to deliver the service, retain it only as long as needed, and delete integration data on uninstall and account data on closure or verified erasure request.

5. Security incident response policy

If a security incident affecting personal data is suspected or confirmed, we follow this process:

  1. Detect & triage — assess scope, severity, and affected data/Merchants.
  2. Contain — isolate affected systems, rotate credentials/keys, and stop ongoing exposure.
  3. Eradicate & recover — remove the cause and restore service from known-good, encrypted backups.
  4. Notify — inform affected Merchants without undue delay with the details they need to meet their own obligations; support regulatory notification as required.
  5. Review — conduct a post-incident review and apply corrective actions to prevent recurrence.

6. Reporting a vulnerability

If you believe you have found a security issue, please contact us using the details in the footer. We investigate all reports and appreciate responsible disclosure.