Security

How we protect your authentication secrets

Our Security Commitment

Security is not an afterthought at OmniCan—it's our foundation. We implement industry-leading security practices to ensure your authentication secrets remain safe and secure.

We maintain the highest standards of data protection and regularly audit our systems to identify and address vulnerabilities.

Encryption & Data Protection

Zero-Knowledge Architecture

OmniCan operates on a zero-knowledge principle: we cannot access your authentication secrets or passwords. Your data is encrypted on your device before reaching our servers.

Military-Grade AES-256 Encryption
All your authentication secrets are encrypted using AES-256, the same encryption standard used by governments and financial institutions worldwide.

End-to-End Encryption

Data is encrypted when it leaves your device and remains encrypted in transit and at rest on our servers.

TLS 1.3 Transport Security
All communication between your device and our servers is protected with TLS 1.3, the latest and most secure version of the Transport Layer Security protocol.

Password Security

User passwords are never stored in plain text. We use bcrypt with a salt round of 12 to hash all passwords, making them virtually impossible to crack even if our database were compromised.

Infrastructure Security

Secure Infrastructure

  • Servers hosted on enterprise-grade cloud infrastructure
  • Regular automated backups with encryption
  • Isolated database environments
  • DDoS protection and rate limiting
  • Web Application Firewall (WAF) protection

Access Controls

  • Multi-factor authentication for all admin accounts
  • Role-based access control (RBAC)
  • Principle of least privilege implementation
  • Audit logs for all administrative actions

Monitoring & Detection

  • 24/7 security monitoring and alerting
  • Intrusion detection systems (IDS)
  • Real-time threat analysis
  • Automated incident response procedures

Compliance & Standards

We adhere to industry standards and best practices:

  • OWASP Top 10: Protection against web application vulnerabilities
  • GDPR Compliant: Full compliance with European data protection regulations
  • SOC 2 Standards: Security, availability, and confidentiality controls
  • TOTP Standards: RFC 6238 compliance for time-based one-time passwords
  • Industry Best Practices: Regular updates to align with evolving security standards

Regular Security Audits

We conduct comprehensive security assessments:

  • Quarterly Security Audits: Third-party penetration testing and vulnerability assessments
  • Annual Security Reviews: Comprehensive security posture evaluations
  • Automated Scanning: Continuous vulnerability scanning of our infrastructure
  • Code Reviews: Security-focused code reviews for all new features

Incident Response

In the unlikely event of a security incident, we have comprehensive response procedures:

  • Immediate incident detection and containment
  • Thorough investigation and root cause analysis
  • Transparent communication with affected users
  • Implementation of preventive measures
  • Post-incident review and continuous improvement

Your Role in Security

While we maintain robust security measures, your actions also matter:

  • Strong Passwords: Use unique, complex passwords for your OmniCan account
  • Secure Backup: Keep your backup codes in a secure location
  • Device Security: Keep your devices updated with the latest security patches
  • Account Monitoring: Regularly review your account activity
  • Report Issues: Contact us immediately if you notice suspicious activity

Security Contact

If you discover a security vulnerability, please report it responsibly to:

Email: security@omnican.ca
Response Time: We respond to all security reports within 24 hours

Please do not disclose security vulnerabilities publicly until we have had an opportunity to address them.