Data Protection & Security

Effective Date: January 2, 2026

This Data Protection & Security Statement describes Omnieon Inc.’s (“Omnieon,” “we,” “us,” or “our”) approach to protecting information and maintaining the security, integrity, and resilience of its financial infrastructure.

Omnieon operates as a global financial infrastructure and coordination platform. Security and data protection are foundational to our role and are integrated into our governance, architecture, and operational practices.

1. Security-by-Design Approach

Omnieon’s infrastructure is designed with security and privacy considerations embedded from the outset. This includes:

Defense-in-depth architecture
Least-privilege and role-based access controls
Segmentation of systems and environments
Continuous monitoring and logging

Security controls are designed to support regulated environments and evolving threat landscapes.

2. Data Protection Principles

Omnieon’s approach to data protection is guided by the following principles:

Data minimization: Collecting and processing only data necessary for infrastructure operation
Purpose limitation: Using data solely for defined, legitimate purposes
Access control: Restricting access based on role and authorization
Accountability: Maintaining auditability and traceability

These principles align with global data protection expectations, including GDPR-grade standards, without asserting jurisdiction-specific compliance unless contractually defined.

3. Encryption and Safeguards

Omnieon employs appropriate technical safeguards to protect information, which may include:

Encryption of data in transit and at rest
Secure key management practices
Network security controls and monitoring

Specific implementations may vary based on service context, risk profile, and regulatory requirements.

4. Operational Resilience and Availability

As infrastructure, Omnieon prioritizes resilience and continuity. Measures may include:

Redundancy and fault-tolerant design
Incident detection and response processes
Change management and operational controls

Despite these measures, no system can be guaranteed to be free from disruption.

5. Incident Response and Management

Omnieon maintains incident response processes designed to:

Detect and assess security events
Contain and mitigate impact
Support notification obligations where required by law or contract

Incident response practices are periodically reviewed and updated to reflect evolving risks.

6. Third-Party and Supply Chain Security

Omnieon may rely on third-party service providers and infrastructure partners.

Risk management measures include:

Due diligence and risk assessment
Contractual security and confidentiality obligations
Ongoing monitoring appropriate to the service provided

Third-party dependencies remain a shared risk across the ecosystem.

7. Shared Responsibility Model

Omnieon operates within a shared responsibility model:

Omnieon is responsible for securing its infrastructure and systems
Participating institutions and FinTechs remain responsible for:
- Their own environments
- Customer data and endpoints
- Regulatory compliance obligations

Security outcomes depend on coordinated practices across all participants.

8. No Absolute Guarantee

While Omnieon implements robust safeguards, no technology or system can be entirely free from risk. Omnieon does not guarantee that unauthorized access, disruption, or data loss will never occur.

Stakeholders should independently assess risk and implement appropriate controls.

9. Alignment With Governance and Compliance

Omnieon’s data protection and security practices are aligned with its broader governance, risk management, and compliance posture, as described in its Privacy Policy, Compliance Statements, and Risk Disclosures.

10. Updates to This Statement

Omnieon may update this Data Protection & Security Statement from time to time to reflect evolving practices, risks, or regulatory expectations. Updates will be posted with a revised effective date.

11. Contact Information

For questions regarding data protection or security, please contact:

security@omnieon.com or privacy@omnieon.com

Platform Overview

How the Platform Works

Governance & Oversight

Risk, Capital & Containment

Participation & Onboarding

Security, Resilience & Reliability

For Banks & Credit Unions

For Fintechs

For Regulated Financial Operators

For Regulators

Why Omnieon Exists

Why Omnieon Exists

Who We Are

Leadership & Stewardship

Foundations

Structure & Governance

Value & Performance

Impact Overview

System Sustainability and Long-Term Outcomes

Access, Participation, and End Users

Institutions, Communities, and Local Economies

Public Interest, Stability, and Systemic Trust

Corporate Information

Data Protection & Security

Legal & Use of Website

Privacy, Data & Security

Risk, Compliance & Governance