Trust centre

Your documents stay yours.

Ohmix turns your workshop manuals into a private diagnostic knowledge base. This page states plainly how that data is handled — and what we have not yet certified.

Last updated 11 Jul 2026 · questions: security@ohmix.eu

We do not claim ISO 27001, SOC 2 or any third-party certification, and we do not claim OEM approval. Where something is planned rather than in place, it says so.

Data ownership & isolation

Ownership

The manuals and case data you upload remain yours. You can export or delete them at any time.

Tenant isolation

Each organisation's data is scoped to that organisation. Access is enforced at the database layer with row-level security on every customer-data table and on file storage — not only in the UI — and verified by a negative isolation test suite before schema promotion.

Encryption

In transit via TLS/HTTPS (HSTS enabled). At rest through our storage and database providers' encryption. Documents are served only through short-lived signed links to signed-in members.

Access control

Sign-in is passwordless (email magic link). Organisation roles: owner, admin, service manager, technician, trainer, billing manager, read-only reviewer. Nobody can raise their own role; platform staff roles are separate and cannot be self-granted.

Subprocessors

We use a small number of vetted providers. We name them honestly:

AI-training policy

Your documents and case data are not used to train Ohmix models or shared to train third-party foundation models. AI is used only to answer your questions from your sources, server-side.

Retention, deletion & export

Restricted documentation

Some brands' documentation is restricted: uploads for them are refused server-side unless Ohmix has recorded an explicit authorization grant for your organisation (for example, verified OEM-authorized dealers). Every upload additionally requires a recorded, versioned authorization confirmation from the uploader, and every document open is written to an append-only audit trail.

What is not in place yet

Reporting a concern

Security issue or data request: security@ohmix.eu. We aim to acknowledge within two business days.