Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

At Omni ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business assistant service (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, organization name, and password when you create an account
  • Profile Information: Job title, department, and other professional details you choose to share
  • Integration Credentials: OAuth tokens and API keys for Salesforce, Slack, Trello, Jira, and other services
  • Communication Data: Messages and queries you send through our Service
  • Payment Information: Billing details, credit card information (processed by our payment processor)

1.2 Information We Automatically Collect

  • Usage Data: Features used, queries made, integration usage patterns
  • Device Information: Browser type, IP address, operating system
  • Log Data: Server logs, error reports, performance data
  • Cookies and Tracking: Session cookies for authentication and preferences

1.3 Information from Third-Party Services

When you connect third-party services (Salesforce, Slack, etc.), we may access and store:

  • Organization metadata and structure
  • User lists and permissions (for authentication)
  • Business data necessary to respond to your queries
  • Message history from integrated platforms (with your permission)

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain our Service
  • Process your queries and provide AI-powered responses
  • Authenticate users and manage accounts
  • Integrate with your business tools and services
  • Improve our AI models and Service functionality
  • Send service updates and important notifications
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Data Storage and Security

3.1 Data Storage

  • Your data is stored on secure servers in the United States
  • We use industry-standard encryption for data at rest and in transit
  • Integration credentials are encrypted using AES-256 encryption
  • We maintain regular backups with encrypted storage

3.2 Security Measures

  • SSL/TLS encryption for all data transmissions
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in these circumstances:

  • Service Providers: With vendors who help us operate our Service (hosting, analytics, support)
  • AI Providers: With AI model providers (Anthropic, OpenAI, Google) to process your queries
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, sale, or acquisition
  • Protection: To protect rights, safety, or property
  • Consent: With your explicit consent

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt-out of marketing communications
  • Revoke integration permissions

5.2 Data Retention

We retain your data only as long as necessary to provide our Service and comply with legal obligations. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

6. AI and Machine Learning

Our Service uses AI to process your queries. Here's what you should know:

  • Your queries are processed by AI models from providers like Anthropic, OpenAI, or Google
  • We do not use your business data to train public AI models
  • Query history is retained to improve your experience but can be deleted upon request
  • You can choose which AI provider processes your data in your settings

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering your preferences
  • Analytics and performance monitoring
  • Security and fraud prevention

You can control cookies through your browser settings, though some features may not function properly without them.

8. International Data Transfers

If you access our Service from outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will promptly delete it.

10. California Privacy Rights

California residents have additional rights under CCPA:

  • Right to know about personal information collected, used, or disclosed
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising privacy rights

11. GDPR Rights (European Users)

If you are in the European Economic Area, you have rights under GDPR including:

  • Right to access and portability
  • Right to rectification and erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authorities

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes indicates acceptance of the updated policy.

13. Data Breach Notification

In the event of a data breach that may impact your personal information, we will notify affected users within 72 hours of discovery and take immediate steps to minimize harm.

14. Contact Us

For privacy-related questions, requests, or concerns, please contact us:

Omni Privacy Team

Email: privacy@omnibloo.com

Data Protection Officer: dpo@omnibloo.com

Address: San Francisco, CA, United States

Data Processing Details

The following table summarizes how we process different types of data:

Data Category Purpose Legal Basis Retention Period
Account Information Service provision, authentication Contract performance Account lifetime + 30 days
Integration Data Service functionality Contract performance While integration active
Query History Service improvement, support Legitimate interest 90 days or upon request
Usage Analytics Service optimization Legitimate interest 2 years
Security Logs Security, compliance Legal obligation 1 year