At OmniSentient, we take a "privacy-first" approach to building security tooling. Our platform is designed to process the minimum amount of data required to remediate vulnerabilities.
1. Data We Collect
When you install the OmniSentient GitHub App, we collect:
- GitHub installation ID and username
- Repository names and dependency manifest files (e.g., package.json, requirements.txt)
- Webhook event metadata for triggering actions
We do not store your raw source code. We only read manifest files to identify vulnerable versions.
2. How We Use Data
Data is used exclusively for:
- Identifying vulnerable dependencies via advisory databases
- Opening remediation Pull Requests on your behalf
- Maintaining the forensic incident ledger for your organization
3. Data Retention
Forensic logs are retained for as long as your subscription is active to maintain chain integrity. Upon uninstallation, repository metadata is purged within 30 days.
4. Security Measures
All data is encrypted in transit via TLS 1.3 and at rest with AES-256. Access is protected by kernel-level Row Level Security (RLS) ensuring strict isolation between customers.