Documentation updated: March 2026
Application modules
Choose a category from the menu or module overview. Content appears in the panel below.
OmniFlow is a SaaS application by OmniSys focused on simplicity, clarity, and data security. Click any module to instantly view the related help content.
A clear guide to modules, document relationships and security principles of the OmniFlow professional SaaS service.
OmniFlow is a cloud invoicing, payables and stock application for Czech businesses. The product is developed by OmniSys s.r.o. The service runs as SaaS: browser access; data is stored with the installation operator (hosted deployments with the provider).
One user account may access multiple companies (e.g. parent and subsidiary, or several trades). Company data is separated; you only see companies you were granted access to. Switch the active company from the sidebar.
Customers and suppliers (contacts) always belong to the active company – they are not shared across all OmniFlow customers globally; each of your companies has its own directory.
Users sign in with e-mail and password. After login, they always work in the context of the active company (and can switch when they have access to multiple companies).
Roles and permissions are designed so work can be safely distributed across owners, accountants, and other team members.
• Owner – full company administration, users, sensitive settings, and selected accounting actions.
• Accountant – documents, payments, exports, and reporting based on assigned permissions.
• Other roles – available actions and menu items depend on role and licence status.
Multiple users can work in the same company at the same time. Each user should have their own credentials for security and traceability.
In SaaS mode, multiple companies can be grouped under one customer account (subscription entity with the operator) with central licensing and limits. Exact behaviour depends on deployment configuration.
The issued invoices module handles tax documents for customers. It supports the full lifecycle from draft to payment and related accounting actions.
Typical workflow:
• create a draft,
• issue/send the document,
• track due dates,
• record payment, or process cancellation/correction when needed.
Statuses and transitions are controlled to keep accounting logic consistent:
• Draft → Sent / Cancelled,
• Sent → Paid / Overdue / Cancelled,
• Overdue → Paid / Cancelled,
• Paid → revert to issued only in specific permission-based cases,
• Cancelled → terminal status.
Editing can be restricted on issued documents when linked records exist (for example deposit links or corrective documents). The app shows a reason when an action is blocked.
Invoices can be downloaded as PDF, sent by e-mail, and include QR payment support. Reminder behaviour and templates are managed in company settings.
A deposit invoice requests advance payment. After payment, VAT payers usually issue a tax document for the received deposit (often referred to as DDPP in the UI workflow).
Deposits can be paid, cancelled (per rules) and followed by a final invoice that applies the deposit. The app enforces consistency of data and numbering according to company settings.
What usually cannot be done without following steps: create a final invoice inconsistent with the tax document date or with an unresolved deposit – the system shows an error. Follow on-screen messages.
Track supplier invoices: attachments, due dates, partial and full payments, statuses. Useful for payables and cash flow. Exports are available (e.g. CSV). Documents always belong to the active company.
After issuing a VAT invoice, corrections use a corrective tax document per VAT rules. The app has a dedicated module and PDF.
You typically cannot simply overwrite an issued invoice once a corrective document exists – accounting reality is handled by the corrective document. Buttons and availability depend on invoice state and version.
Prepare quotes as separate documents, track validity and convert to invoice without re-entering lines. PDF and e-mail similar to invoices.
Contacts are your customer/supplier directory per company. For legal entities enter company ID and load data from the public ARES register. If the service is down or ID is wrong, enter details manually.
Product catalogue with prices and stock levels. Movements – goods in/out, linked to invoice lines (dispatch). Stocktaking for physical checks. Where enabled, serial numbers can be tracked on products and documents.
The dashboard summarises revenue, receivables, payables, top customers, debtors, due alerts and stock value (from company data).
Exports – CSV, ZIP of PDFs, POHODA XML for accountants (if available in your installation). Formats depend on version and configuration.
In Settings edit company details, logo, numbering series, bank accounts and invoicing defaults.
After the first non-draft issued invoice, company ID often cannot be changed (protects consistency). VAT payer / non-payer transitions may lock fields after certain steps.
E-mail uses SMTP – your company server or system-wide admin settings. Templates (invoice, reminders, …) can be edited when you have permission.
The owner can add users to the company and set roles. Invitations and registration depend on configuration (open / invite-only / closed). Each user should have their own login; sharing one account is discouraged for security.
In multi-company SaaS mode your company may belong to a customer account with a licence (validity, limits on companies or users). After expiry, access may be restricted (licence notice, export rules per installation).
Registration creates a user and initial company; more companies can be added if allowed. Self-service registration may be disabled – then access is by admin invitation.
The app records selected accounting and security-related events (depending on implementation). Entries help answer “who did what and when”. Retention depends on server configuration and version.
At OmniSys, data security and product quality are top priorities. We run OmniFlow as a professional SaaS service with continuous maintenance, monitoring, and secure operating practices.
Access and identity
• secure session-based sign-in,
• strict company and customer-account data separation,
• all user operations run in active tenant context.
Account protection
• one-way password hashing (bcrypt),
• CSRF protection on state-changing requests,
• login attempt limits to reduce automated abuse.
Credential recovery
• password change/reset via time-limited links,
• optional session invalidation after sensitive security events.
Operational security
• HTTPS transport,
• regular infrastructure/dependency patching,
• monitoring and logs used for timely incident response.
Security detail note: internal control parameters are intentionally not published publicly to avoid helping attackers.
How do I switch documentation language?
Use the CS/EN switch in the header of the documentation page.
Why do different users see different actions?
Feature visibility and available actions depend on user role and licence state.
Can one account manage multiple companies?
Yes. A single account can access multiple companies and switch active context.
Where can I find privacy and data processing information?
On the Privacy page (`/privacy`).
How do backups and data restore work?
We keep daily backups with a 30-day retention window. Data restore is available for a fee to a selected date within the available backup window.
Do you publish internal security configuration details?
No. Public documentation covers principles, not internal protection parameters.
Personal data and cookies are described under Privacy policy (/privacy). Marketing and public terms may live on omniflow.cz.
This documentation is not legal advice. For tax and legal conclusions consult a professional.