How Omnevue handles your data
A Comprehensive Guide to Application and Data Security.
Welcome to the documentation page
on application and data security.
This page provides a comprehensive overview of the best practices and techniques that we use to safeguard your data from unauthorised access, breaches, and other potential threats. Whether you’re an IT professional or business owner, this page offers valuable insights that can help you ensure the security and integrity of our application.
Let’s explore the world of application and data security together!
Application and data security
Control who can access your data with strict permissions. You and our Audit team are the only ones with access, but you can easily add trusted collaborators.
Our Team has experience working in heavily regulated financial environments and building card payments systems. They are experts in handling data and implementing the best security practices.
Strong encryption is crucial. Your data is securely stored with Advanced Encryption Standards (AES-256), and industry best practices are used to protect it in transit with Transport Layer Security (TLS 1.2).
We entrust Amazon Web Services with our products, giving you peace of mind that the physical data centre and network security are handled by the experts. Meanwhile, we can focus on delivering a top-notch service.
We keep log of all activities on your account across all users. You can review changes made by other collaborators at any time.
Application Programming Interface (API)
We work with Codat, a market leading business data API organisation. Codat is a software intermediary that allows two applications to talk to each other. Codat stores data in a Microsoft Azure database as standard.
We will only work with organisations that prioritise your data security. To enable our vueco2e solution, we chose to partner with Plaid, a reputable world-leading data network provider for open banking.
We selected Stripe as our partner to accept payments, send payouts and automate some of our financial processes. Stripe’s platform is designed to protect your data with AES encryption and isolated infrastructure that doesn’t share any credentials with Stripe’s primary services. All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines.
How do we protect your data?
- Your data (files and databases) is securely stored with Advanced Encryption Standards (AES-256).
- Your business data artefacts are stored in a partition solely for your business.
- Our team has experience working in heavily regulated economic environments and building card payment systems. They are experts in handling data and following the best security practices.
- We perform pen testing annually to ensure that all of our public APIs and applications are safe to use.
What information is Omnevue collecting?
When we connect to your accounting system, we only gather the data required for your ESG calculations, i.e. the P&L, balance sheet, trial balance, names of and amount spent with suppliers, invoices and nominal ledger information relating to utilities usage. The data is encrypted in transit and rest and is secured with login-only access.
Why does Omnevue need to integrate with my accounting software?
A significant amount of information that is needed for non-financial (ESG) reporting is already collected within your financial reporting; you are just possibly not aware of it. Our accountancy integration therefore saves you both time and effort in the data collection process.
Our goal is to ensure that we collect accurate and complete information about every business that we work with. Therefore, we gain certainty over data collection when comparing our results with your financial information. By gathering data direct from within your business, we can generate assurance-ready (vueesg) and assured (vueesg plus) ESG results, so you can prove to stakeholders that you are not greenwashing.
Who has access to my data from Omnevue?
Your raw data is only handled by our chartered accountants. Each instance of this is tracked and recorded in our access log. Our platform is also a one-way information stream, meaning there is no way to extract any information from the platform.
You can be confident that Omnevue complies with professional standards, laws and regulations.
- None of the data can be downloaded without authentication and authorisation. This means that only you and your collaborators can access data through our Client platform.
- Omnevue’s Audit team can access your data through a strictly controlled login process with MFA (Multi-factor authentication) and correct permissions.
- Access to your data is only available to you and any collaborators you have invited to the platform.
How long do we keep the data?
- Once we have processed your annual ESG reports, the data is removed from the platform and placed in a “Long-Term Storage” facility.
- Your ESG data metrics & results are stored & accessible by your business and collaborators for as long as you require.
Where are the servers with data located?
- We use AWS (Amazon Web Services) as our cloud solution provider.
- All data is located within our production environment and disconnected from our pre-production environments. This means that unauthorised individuals can’t access your data.
- Currently, all the data physically lives on AWS servers based in Dublin, Ireland.
- You cannot choose the geolocation of your data at the moment. However, it is something that we are considering for the future.
Who can see the data from my company?
No user from your company will be able to see any of the information gathered from our integration with your accounting system. Other information that we ask you to upload, such as your employee register, can only be uploaded to the platform. It is not possible to view or download this information after uploading, even if you were the user who uploaded it (our one-way information stream). None of the confidential raw data will therefore be shown at any point to anyone other than our dedicated Audit Team.
The results from your ESG report are only accessible to the user who created your company’s account on the Omnevue platform. No collaborator will have access to information unless you specifically request this.
What is the Account Activity Log?
- The Account Activity Log enables us to keep track of all the changes on your account so that you can easily track what has changed, when and by who.
- If at any point our support team needs to help you and log in on your behalf, the information is captured in the Activity Log on your account.
Can I delete my data?
- You can request to delete all of your data from our servers anytime. However, please be aware that this might affect your products and ESG results now or in the future.
- You can send an email to email@example.com with all of the details, and our team will pick up the request
What is your confidentiality policy?
As chartered accountants, Omnevue’s ESG accountants are bound by the confidentiality requirements of the ICAEW; committed to keeping all data in their care confidential. A select few ESG accountants are assigned to each project and it is only these team members that will have access to the project data.
Do you have a code of conduct and ethics?
Yes, Omnevue’s Audit Team compromises chartered accountants who are professionally committed to upholding the Code of Ethics of the Institute of Chartered Accountants of England and Wales (ICAEW).
Omnevue Data Security
Report Security Vulnerabilities
We take the security of our web applications and APIs seriously. If you discover any vulnerabilities, we ask that you report them to our team using the form below.
Need to speak to us?
Please drop us an email at firstname.lastname@example.org if you have any questions or concerns about our security standards. When you reach out, please make sure you include your contact details and the name of your company. Alternatively, you can use the contact form.