Compliance is
a property of the chain.
Most platforms add compliance as a paid tier. Omega's compliance posture is a property of the substrate's design — capability scoping, signed audit chains, per-tenant encryption, customer-owned hardware (Habitat). The certifications below ride that foundation.
Type II · annual
ISO 27001 · ISO 27017 · 27018
BAA-ready (Habitat + Standard)
aligned (Habitat air-gap)
The properties
that matter.
Annual third-party audit. Trust services criteria: Security, Availability, Confidentiality, Processing Integrity.
Information security management; cloud-specific controls; PII protection in cloud.
Available on Habitat substrate with Standard capability. We do not sign BAAs covering Frontier on Gaia for unrestricted PHI workloads.
Per-tenant data residency through substrate selection. Article 28 processor agreements available.
Standard data subject rights pipeline. Per-brane export and deletion via signed audit log.
We don't carry an active ATO; we provide the air-gapped Habitat deployment pattern that federal customers can take through their own.
What you
can rely on.
Compliance starts with capability scoping
The cheapest part of any compliance program is "we don't collect that." Capability-scoped branes don't reach what they didn't declare. Auditors love this.
Hash-chained audit log for everything
Spawn, kill, capability change, egress denial, policy violation, key revocation — all signed, hash-chained, optionally anchored to Sigil for tamper-evident long-term archive.
Sovereign by deployment
Sensitive-data workloads run on Habitat — your hardware, your network, your jurisdiction. The substrate operator never sees the plaintext or the metadata.
GDPR/CCPA pipelines are first-class
Per-tenant data export is a single command (`ω tenant export`). Per-brane deletion respects content-addressing and propagates revocation.