Your documents stay yours.
Ohmix turns your workshop manuals into a private diagnostic knowledge base. This page states plainly how that data is handled — and what we have not yet certified.
Last updated 11 Jul 2026 · questions: security@ohmix.eu
Data ownership & isolation
The manuals and case data you upload remain yours. You can export or delete them at any time.
Each organisation's data is scoped to that organisation. Access is enforced at the database layer with row-level security, not only in the UI. (Multi-tenant workspace is in active build; the current live surface is registration only.)
In transit via TLS/HTTPS. At rest through our storage and database providers' encryption.
Sign-in is passwordless (email magic link). Roles (admin, service manager, technician, reviewer) are planned for the workspace.
Subprocessors
We use a small number of vetted providers. We name them honestly:
- Supabase — authentication, database, file storage (EU region).
- Netlify — website hosting and edge delivery.
- AI providers — used server-side for diagnostic reasoning and retrieval once that engine is connected. The provider and region will be listed here before any customer document is processed by it.
AI-training policy
Your documents and case data are not used to train Ohmix models or shared to train third-party foundation models. AI is used only to answer your questions from your sources, server-side.
Retention, deletion & export
- You may request export or permanent deletion of your organisation's data.
- Deletion removes both database records and stored files (durable deletes, no silent resurrection).
- Audit events (who did what, when) are retained to support warranty-grade accountability.
What is not in place yet
- The multi-tenant workspace, real document ingestion and the diagnostic engine are in active development — this site currently captures pilot registrations.
- No formal certification (ISO/SOC 2) — practices are GDPR-aligned but not independently audited.
- Penetration testing and a formal incident-response SLA are planned before general availability.
Reporting a concern
Security issue or data request: security@ohmix.eu. We aim to acknowledge within two business days.