> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omneo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security practices for managing your Omneo instance, access control, tokens, and data handling.

## User access control

Omneo uses role-based access control. Only grant users the role they need:

| Role      | When to use                                                                        |
| --------- | ---------------------------------------------------------------------------------- |
| Admin     | Senior team members who need full access                                           |
| Manager   | Staff who manage profiles and update data but should not create new configurations |
| Reporting | Analytics or operations staff who only need to view data                           |
| Machine   | API integrations, never for human users                                            |

Review user access quarterly. Remove accounts for staff who have left the organisation.

## API token management

* Generate separate API tokens for each integration rather than using one shared token
* Use the minimum required scopes for each token
* Store tokens securely: never in source code, public repositories, or unencrypted files
* Rotate tokens when staff who had access leave, or when a security incident is suspected
* Machine user accounts should use strong, randomly generated passwords (32+ characters)

## IP allowlisting

For Clienteling access from POS terminals, Omneo maintains a per-tenant IP allowlist. Only known IP addresses can access the Clienteling portal. Contact Omneo support to update your allowlist when:

* Adding new store locations
* Changing network infrastructure
* Enabling remote access (e.g., mobile POS)

## Data handling

* Omneo stores personally identifiable information (PII) in accordance with Australian privacy law
* For GDPR-compliant erasure of a customer's data, use the [Purge endpoint](/dev-guides/profiles/working-with-profiles) rather than the standard delete
* Do not export bulk customer data to unsecured locations
* Tag profiles that should be handled with care (e.g., `"handle-with-care"`) to alert customer service staff

## Shared secrets

Omneo uses shared secrets for service authentication, for example the barcode service token and extension webhook secrets. These should be:

* Stored in environment variables or a secrets manager: never hardcoded
* Rotated regularly
* Never shared in plain text via email or chat

<Note>Content needed: Omneo's data residency and compliance certifications (ISO 27001, SOC 2, etc.), specific GDPR/APPs compliance features, and pen testing procedures.</Note>
