Last updated: August 8th, 2025
OmnibusX is dedicated to advancing life sciences research by providing powerful, intuitive software tools for the scientific community. We understand that groundbreaking discovery depends on the integrity and confidentiality of research data. Our commitment to you is built on a foundation of trust, transparency, and an unwavering respect for your intellectual property.
This Security Policy articulates our core philosophy: to empower your research by architecting our products and systems to be secure by design. This policy is designed to be a comprehensive and clear guide to our security practices, ensuring you understand how we protect the trust you place in our products and services.
This policy governs the security measures related to all interactions with OmnibusX and its services. It applies to:
- The use of our public-facing website, https://omnibusx.com (the "Website").
- The use of the OmnibusX Application, our cross-platform desktop software for Windows, macOS, and Ubuntu (the "Application").
- The creation and management of user accounts for licensing, authentication, and support purposes.
To ensure absolute clarity, the following terms are used throughout this policy with the meanings defined below.
- Personal Data: Any information relating to an identified or identifiable natural person (a "Data Subject"). This is a broad definition that includes direct identifiers such as a name or email address, as well as indirect identifiers like an IP address, account credentials, or license keys that can be linked to an individual.
- Scientific Data: Any and all data, content, or information that a User processes, analyzes, stores, or generates within the OmnibusX Application. This includes, but is not limited to, multi-omics datasets (e.g., scRNA-seq, scATAC-seq), analysis results, metadata, annotations, visualizations, and exported figures. OmnibusX does not access, collect, or store your Scientific Data.
- User: Any individual or entity using our Website or Application. This includes individual license holders, authorized users under an enterprise license, and visitors to our Website.
OmnibusX maintains a comprehensive Information Security Program designed to prevent, detect, and respond to threats. Our security policies, procedures, and technical controls are aligned with recognized industry standards and frameworks, such as the NIST Cybersecurity Framework, to ensure a robust and holistic approach to protecting our systems and the limited Personal Data we process.
The security of your Scientific Data is our highest priority. The OmnibusX Application has been architected from the ground up to ensure its confidentiality and integrity.
- Security by Design: The fundamental design principle of the Application is to keep your research data under your exclusive control.
- Complete Data Isolation: The Application is a desktop client that operates entirely on your local machine. Your Scientific Data—including datasets, metadata, and analysis results—is never transmitted to, stored on, or accessed by OmnibusX servers. This architectural model provides the strongest possible protection for your sensitive research and intellectual property.
- Secure Communications: All external network communications initiated by the Application are strictly limited to essential functions like authentication, license checks, update notifications, and reference file downloads. These connections are always encrypted in transit using industry-standard Transport Layer Security (TLS) 1.2 or higher, with strong cryptographic protocols to prevent eavesdropping or man-in-the-middle attacks
- No Remote Access or Backdoors: The OmnibusX Application contains no hidden functionality, backdoors, or remote access capabilities that would allow OmnibusX or any third party to view, access, or manipulate your local data, files, or system environment.
We apply robust security measures to protect the infrastructure that processes the limited Personal Data under our control (e.g., account and license information).
- Encryption: All Personal Data we store is encrypted at rest using strong, industry-accepted cryptographic algorithms such as AES-256. Data in transit is always encrypted using TLS.
- Access Control: We rigorously enforce the principle of least privilege. Access to backend systems and databases containing Personal Data is strictly limited to authorized OmnibusX personnel whose job responsibilities explicitly require it. Multi-factor authentication (MFA) is mandatory for all administrative access to critical infrastructure, adding a crucial layer of security against credential theft.
- Personnel Security: All OmnibusX employees and contractors undergo background screening as a condition of employment. Furthermore, all personnel are required to complete comprehensive security and privacy awareness training upon hiring and on an annual basis thereafter. This training ensures our team understands their role in protecting customer data and is aware of the latest security threats and best practices.
For our enterprise customers who deploy the OmnibusX Application within their own IT environments, security is a shared responsibility. It is vital to clearly delineate these roles to ensure a secure and compliant deployment.
OmnibusX's Responsibility: We are responsible for the security of the OmnibusX Application software itself. This includes:
- Developing and maintaining secure code according to industry best practices.
- Performing regular security assessments, including vulnerability scanning and penetration testing, to identify and remediate potential security flaws in the Application.
- Ensuring the Application's communication protocols are secure and that it functions exactly as described in this policy.
The Customer's Responsibility: When an enterprise customer deploys the OmnibusX Application on its own infrastructure (whether on-premise data centers or a private cloud environment), the customer is solely responsible for the security of that underlying infrastructure. This includes, but is not limited to:
-Securing the physical servers and virtual machines.
- Hardening the underlying operating systems and managing patches.
- Configuring and maintaining network security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation.
- Managing all user access controls, permissions, and authentication within their environment.
- Implementing and managing their own data backup, disaster recovery, and logging procedures.
- Ensuring the physical security of their data centers and facilities.
This shared responsibility model provides our enterprise customers with the control and flexibility they need to integrate OmnibusX into their existing security frameworks.
OmnibusX maintains a formal Incident Response Plan that outlines the procedures for detecting, containing, investigating, and remediating security incidents. In the event of a confirmed data breach involving Personal Data under our control, we are committed to notifying affected users and the relevant supervisory authorities without undue delay and within the timeframes mandated by law, such as the 72-hour notification requirement under GDPR and Vietnam's PDPD.
The OmnibusX Application is a research tool. It is intended for Research Use Only (RUO) and is not designed, intended, or validated for any diagnostic, clinical, therapeutic, or other medical uses. The software has not been submitted to, cleared, or approved as a medical device by the U.S. Food and Drug Administration (FDA), the Vietnamese Ministry of Health, or any other national or international regulatory agency. Users are solely responsible for ensuring that their use of the software complies with all laws, regulations, and institutional policies applicable to their research. Any clinical or diagnostic interpretation of results generated by the Application is the sole responsibility of the User. Furthermore, using the Application to provide data analysis as a commercial service to third parties, or for any other service bureau purpose, is strictly prohibited unless explicitly authorized under a separate written agreement with OmnibusX.
OmnibusX explicitly acknowledges and agrees that the User retains full and exclusive ownership of all Scientific Data processed within the Application. Furthermore, any and all analysis results, discoveries, derivative data, intellectual property, and commercialized products (such as treatments or drugs) that are generated by the User through their use of the Application belong solely to the User. OmnibusX claims no right, title, or interest in or to the User's Scientific Data or the outputs and discoveries resulting from its analysis. This policy reaffirms that while OmnibusX retains all intellectual property rights to the Application itself, the User is free to publish, commercialize, or otherwise utilize the results of their research as they see fit, in accordance with the terms of this policy.
For any versions of our software provided free of charge, such as trial, beta, or academic versions, OmnibusX provides the services on an "as-is" and "as-available" basis. We do not guarantee that the service will be uninterrupted or error-free.
We may update this policy from time to time to reflect changes in our security practices or for other operational, legal, or regulatory reasons. If we make material changes to this policy, we will notify you by posting the updated version on our Website and updating the "Last Updated" date at the top of this page. For significant changes, we may also provide more prominent notice, such as via email. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
This Security Policy, and any disputes arising out of or related to it, shall be governed by and construed in accordance with the laws of the Socialist Republic of Vietnam, without regard to its conflict of law provisions. Any legal action or proceeding arising under this policy will be brought exclusively in the competent courts of Vietnam.
If you have any questions, comments, or concerns about this policy or our security practices, please do not hesitate to contact us at support@omnibusx.com