Last Updated: December 27, 2025
AI Omelette takes the security of client data seriously. This page describes the practices and safeguards we use when working with your business information.
Our Commitment
When you engage AI Omelette for consulting, automation, or development services, you’re trusting us with access to your business systems and data. We treat that trust as a responsibility, not a convenience.
Data Handling Principles
Minimum Access: We only request access to the systems and data necessary to complete the agreed scope of work.
Purpose Limitation: Client data is used solely for delivering the services you’ve engaged us for—never for marketing, training AI models, or sharing with other clients.
Segregation: Each client’s data and credentials are stored separately. We do not commingle client information.
No Selling or Sharing: We do not sell, rent, or share your business data with third parties except as required to deliver services (see Subprocessors below).
Access Controls
Authentication: All accounts used for client work are protected with strong, unique passwords and two-factor authentication (2FA) where supported.
Password Management: We use enterprise-grade password management to generate and store credentials securely.
Limited Personnel: Only personnel directly involved in your project have access to your systems and data.
Credential Handling: Client credentials are not stored in plaintext documents, emails, or chat logs. We use secure vaults and environment variables wherever credentials are required.
Infrastructure & Tools
Encryption in Transit: All data transmitted between systems uses TLS/HTTPS encryption.
Encryption at Rest: Sensitive data stored in our systems or trusted third-party platforms is protected using industry-standard encryption at rest.
Secure Development: Automation workflows and code are developed in isolated environments. Production credentials are not used in testing.
Regular Updates: Our tools, systems, and dependencies are kept up to date with security patches.
Subprocessors
We use trusted third-party services to deliver our work. These subprocessors may process client data as part of service delivery:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Anthropic (Claude) | AI assistance for development and analysis | anthropic.com/privacy |
| OpenAI | AI assistance for content and analysis | openai.com/privacy |
| n8n (self-hosted) | Workflow automation | n8n.io/privacy |
| Notion | Project documentation and collaboration | notion.so/privacy |
| Google Workspace | Communication and file sharing | policies.google.com/privacy |
| GitHub | Code repository and version control | docs.github.com/privacy |
We evaluate subprocessors for security practices before use and maintain a current list available upon request.
Data Retention & Deletion
Active Engagements: We retain access to client systems only for the duration of the project plus a reasonable support period (typically 30 days after project completion).
Credentials: Upon project completion or client request, we revoke our access and delete stored credentials within 7 business days.
Project Files: Working files, documentation, and deliverables are retained for 90 days after project completion to support follow-up questions, then securely deleted unless otherwise agreed.
On Request: You may request deletion of your data at any time by contacting security@aiomelette.com.
Incident Response
In the event of a security incident affecting your data:
- Detection: We monitor for unauthorized access and anomalies
- Containment: Immediate steps to limit exposure
- Notification: We will notify affected clients within 72 hours of confirming a breach
- Investigation: Root cause analysis and documentation
- Remediation: Steps to prevent recurrence
- Report: Written summary provided to affected clients
To report a security concern: security@aiomelette.com
Physical Security
AI Omelette operates remotely. Work is performed on encrypted devices with:
- Full-disk encryption enabled
- Automatic screen lock
- Secure, private network connections
- No work performed on public/unsecured WiFi without VPN
Business Continuity
Backups: Critical project files and documentation are backed up regularly to encrypted cloud storage.
Recovery: In the event of system failure, we aim to restore operations within 24-48 hours.
Redundancy: Key automation workflows include error handling and alerting to prevent silent failures.
Compliance
AI Omelette is based in British Columbia, Canada and operates in compliance with:
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- GDPR (for EU/UK clients)
- CCPA (for California clients)
Compliance obligations may vary based on the nature of services and client jurisdiction. We can provide a Data Processing Agreement (DPA) upon request for clients requiring documented data handling commitments.
Questions?
If you have questions about our security practices or need documentation for your vendor review process, contact us:
Email: security@aiomelette.com
We’re happy to complete security questionnaires or provide additional detail for your compliance needs.
This page describes our current practices as of the date above. We review and update our security measures regularly.