Privacy Policy

1. Introduction

Omnidora Inc. ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing platform service ("Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, billing address
• Payment Information: Credit card details (processed securely by Stripe)
• Customer Data: Contact lists, leads, and customer information you upload or create
• Communications: Email content, SMS messages, and call recordings you create through our Service
• Support Requests: Information provided when contacting customer support

2.2 Information Collected Automatically

• Usage Data: Features used, pages visited, actions taken within the Service
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Session cookies, authentication tokens, and analytics cookies
• Log Data: Server logs, error reports, and performance data

2.3 Information from Third Parties

• Social Media: Profile information when you connect social accounts
• Integrations: Data from connected services (Google Calendar, Twilio, etc.)
• Analytics Providers: Aggregated usage and performance data

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining our Service
• Processing transactions and sending billing information
• Sending transactional emails (account verification, password resets, notifications)
• Providing customer support and responding to inquiries
• Improving and personalizing the Service
• Analyzing usage patterns and optimizing performance
• Detecting and preventing fraud or abuse
• Complying with legal obligations
• Sending marketing communications (with your consent)

4. How We Share Your Information

We may share your information with:

• Service Providers: Third parties that help us operate (hosting, payment processing, email delivery, analytics)
• Integration Partners: Services you choose to connect (Twilio, Mailgun, social platforms)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

We do NOT sell your personal information to third parties.

5. Data Retention

We retain your information according to the following schedules:

After account deletion, we permanently delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention). You may request immediate deletion or export of your data at any time via Settings > Privacy.

6. Sub-Processors

We use the following third-party service providers (sub-processors) to deliver our Service:

All sub-processors are contractually bound to protect your data under terms at least as protective as this Privacy Policy. We will notify you of any material changes to our sub-processors via email at least 30 days in advance.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Secure data centers with SOC 2 compliance
• Regular security audits and penetration testing
• Access controls and multi-factor authentication
• Employee security training and background checks
• PII anonymization before AI processing

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected users within 72 hours of becoming aware of the breach via email
• Report to supervisory authorities within 72 hours as required by GDPR
• Document the breach including its effects and remedial actions taken
• Provide guidance on steps you can take to protect yourself

Our breach notification will include:

• Nature of the breach and categories of data affected
• Approximate number of records involved
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Contact information for our Data Protection Officer

9. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format (JSON, CSV)
• Opt-out: Unsubscribe from marketing communications
• Restriction: Request limitation of processing
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw previously given consent at any time

How to exercise these rights:

• Self-service: Settings > Privacy in your account dashboard
• Email: [email protected]
• Response time: We will respond within 30 days (extendable to 60 days for complex requests)

10. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for Service functionality (authentication, security)
• Analytics Cookies: Help us understand how you use the Service (with consent)
• Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through our cookie consent banner or browser settings. Disabling certain cookies may affect Service functionality.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own, primarily the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising privacy rights

13. GDPR Compliance (EU/EEA Users)

For users in the European Union or European Economic Area:

• Legal Basis: We process data based on contractual necessity, legitimate interests, consent, or legal obligations
• Data Controller: Omnidora Inc. is the data controller for your personal data
• DPO: Contact our Data Protection Officer at [email protected]
• EU Representative: For EU-specific inquiries, contact [email protected]
• Complaints: You have the right to lodge a complaint with your local supervisory authority

14. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected].

15. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days in advance and by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: