Security at Onymos

Your app security is nonnegotiable

The Onymos Features-as-a-Service platform is subject to rigorous third-party audits and penetration tests. We even make it available as licensed source code so you can verify it yourself.

Security and Onymos

Built like your team would build them

We built each Onymos Feature to be an enterprise-grade solution for apps in any industry. That means they’re built to keep every data type (including PII, PHI, and PCI) secure.

No-data architecture
“No-data” architecture

Being serverless is part of our ethos, and it’s how we help keep your data safe — because we can’t see or access any of it.

Source code license
Source code license

When our founder asked himself if he could trust code he couldn’t see, the answer was no. That’s why we license the actual source code to our customers.

Built-in security
Built-in security

Four levels of encryption for Onymos Chat. Fully configured security certificates for Onymos Edge. Client-side document validation for Onymos DocID. Every feature is secure.


Onymos is a SOC 2 and HIPAA certified organization and our Features-as-a-Service platform is used to build web, mobile, and IoT apps that meet HIPAA and PCI DSS standards.

Insight and analysis

Recognized as industry experts

You can find our engineering leaders discussing topics like cybersecurity, best practices, and more on some of the most popular tech news sites, including VentureBeat and InformationWeek (and right here on the Onymos blog too).

Insights and analysis

Read more from the Onymos team

Beyond SOC 2

“Onymos ‘no-data’ architecture offers a different plane of security not found in any other offering. We have no visibility into our customers’ data because it all remains in their own ecosystems — and in their control, not ours.”

– Shiva Nathan, Founder & CEO, Onymos

Get the Onymos SOC 2 report