Security & Trust Center

Trust Center

Real-time compliance posture • Auditable evidence • Cryptographic proof

Every control is backed by code, not just policy. Explore our live compliance posture across SOC 2, NIST AI RMF, ISO 42001, and the EU AI Act.

This is a self-assessment, not an independent audit. OmegaEngine evaluates its own controls against these frameworks and is not SOC 2 / ISO 42001 certified. See the full self-assessed report for scope and caveats.

LIVE ASSESSMENT • 2026-06-28

100%Controls Passing

100%

SOC 2

21/21 controls

90%

NIST AI RMF

17/19 controls

88%

ISO 42001

10/12 controls

85%

EU AI Act

10/12 controls

№ 02Trust Service Criteria

Trust Service Criteria

21 controls

№ 03Security Infrastructure

Security Infrastructure

8,674+

AUTOMATED TESTS

538 test files

CI WORKFLOWS

Zero-trust pipeline

511

API ROUTES

616 endpoints

SAFETY LAYERS

3,736 lines

AES-256

ENCRYPTION REST

PostgreSQL

TLS 1.3

ENCRYPTION TRANSIT

Vercel Edge

HMAC

AUDIT CHAIN

Tamper-evident

24/7

MONITORING

Sentry + SLO signals

№ 04Compliance Documents

Compliance Documents

Privacy Policy

GDPR, CCPA, and international data protection

Terms of Service

Service agreement and usage terms

Security Architecture

Defense-in-depth technical controls

Incident Response

Severity levels, escalation, and recovery

Data Retention

Per-tier retention windows and compliance

Data Processing Agreement

GDPR Art. 28 DPA for enterprise customers

Compliance Report

View the full compliance assessment with per-control evidence, framework scores, and attestation. Print-ready for auditors.

View Full Report JSON Request NDA Package

Full audit packages with evidence chains and penetration test results available under NDA.

Verify us — don't trust us

The compliance posture above is self-assessed. This part is not: every Agent Security Attestation we issue is signed with an Ed25519 key and committed to a signed, tamper-evident transparency log (RFC 6962). Anyone can verify one offline — trusting only the public key and the math, never our servers.

Verify any attestationRe-runs the signature + Merkle proof in your browser Public signing key (JWKS)The Ed25519 key every signature is checked against Transparency logSigned Merkle tree head (RFC 6962) — lets monitors detect a rewrite or backdated entry Offline verifier (open source)Zero-dependency npm package — runs the proof locally

# fetch a signed attestation, then verify its Ed25519 signature — offline
curl -s https://omegaengine.ai/api/verify/<id> > attestation.json
npx @omegaengine/verify attestation.json   # ✓ VERIFIED

Security Bug Bounty

Found a vulnerability? We reward responsible disclosure of qualifying issues; reward amounts are determined case-by-case based on severity.

Report a Vulnerability

Last assessed: June 28, 2026 • SOC 2 Type II observation period planned • Contact security@omegaengine.ai for audit requests

Security & Trust Center

Trust Center

Real-time compliance posture • Auditable evidence • Cryptographic proof

Every control is backed by code, not just policy. Explore our live compliance posture across SOC 2, NIST AI RMF, ISO 42001, and the EU AI Act.

LIVE ASSESSMENT • 2026-06-28

100%Controls Passing

100%

SOC 2

21/21 controls

90%

NIST AI RMF

17/19 controls

88%

ISO 42001

10/12 controls

85%

EU AI Act

10/12 controls

№ 02Trust Service Criteria

Trust Service Criteria

21 controls

№ 03Security Infrastructure

Security Infrastructure

8,674+

AUTOMATED TESTS

538 test files

CI WORKFLOWS

Zero-trust pipeline

511

API ROUTES

616 endpoints

SAFETY LAYERS

3,736 lines

AES-256

ENCRYPTION REST

PostgreSQL

TLS 1.3

ENCRYPTION TRANSIT

Vercel Edge

HMAC

AUDIT CHAIN

Tamper-evident

24/7

MONITORING

Sentry + SLO signals

№ 04Compliance Documents

Compliance Documents

Privacy Policy

GDPR, CCPA, and international data protection

Terms of Service

Service agreement and usage terms

Security Architecture

Defense-in-depth technical controls

Incident Response

Severity levels, escalation, and recovery

Data Retention

Per-tier retention windows and compliance

Data Processing Agreement

GDPR Art. 28 DPA for enterprise customers

Compliance Report

View the full compliance assessment with per-control evidence, framework scores, and attestation. Print-ready for auditors.

View Full Report JSON Request NDA Package

Full audit packages with evidence chains and penetration test results available under NDA.

Verify us — don't trust us

# fetch a signed attestation, then verify its Ed25519 signature — offline
curl -s https://omegaengine.ai/api/verify/<id> > attestation.json
npx @omegaengine/verify attestation.json   # ✓ VERIFIED

Security Bug Bounty

Found a vulnerability? We reward responsible disclosure of qualifying issues; reward amounts are determined case-by-case based on severity.

Report a Vulnerability

Last assessed: June 28, 2026 • SOC 2 Type II observation period planned • Contact security@omegaengine.ai for audit requests