Omnithium, Inc. ("Omnithium," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
1. Information We Collect
1.1 Information You Provide
- Account data: Name, email address, company name, job title, and password when you register
- Billing data: Payment method details processed by our payment processor (Stripe); we do not store raw card numbers
- Communications: Messages you send us via email, support tickets, or feedback forms
- Content: Prompts, documents, files, and other data you submit to the AI platform
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, API calls made, timestamps, and session duration
- Device data: IP address, browser type and version, operating system, and screen resolution
- Log data: Server logs including request paths, response codes, and error events
- Cookies and similar technologies: See our Cookie Policy for details
1.3 Information from Third Parties
We may receive information about you from identity providers (e.g., Google, Microsoft, Okta) if you use SSO, and from analytics and fraud prevention partners. We combine this with information we already hold about you.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Process transactions and send related notices
- Send administrative and service-related communications
- Respond to your comments and questions
- Send marketing communications where you have opted in
- Monitor and analyze usage patterns to improve user experience
- Detect, prevent, and address security incidents and abuse
- Comply with legal obligations and enforce our agreements
3. AI Model Inputs and Outputs
Content you submit to Omnithium's AI agents (prompts, documents, uploaded files) is processed to generate responses. We do not use your inputs or outputs to train our foundation models without your explicit consent. Enterprise customers on dedicated plans have their data fully isolated and never used for any cross-customer processing.
Conversation data may be retained for up to 90 days for service quality, debugging, and safety monitoring purposes, unless you request earlier deletion or your plan includes shorter retention.
4. Legal Basis for Processing (EEA/UK)
If you are located in the European Economic Area or United Kingdom, our legal bases for processing personal data include:
- Contract: Processing necessary to perform our agreement with you
- Legitimate interests: Security monitoring, fraud prevention, product improvement
- Consent: Marketing emails and optional analytics (you may withdraw at any time)
- Legal obligation: Compliance with applicable laws and regulations
5. How We Share Your Information
We do not sell your personal data. We may share it with:
- Service providers: Cloud infrastructure (AWS), payment processing (Stripe), customer support (Intercom), and analytics (Posthog) — all under data processing agreements
- AI model providers: Third-party foundation model APIs used to fulfill your requests, under confidentiality obligations
- Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
- Legal requirements: When required by law, subpoena, or to protect rights and safety
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. After account deletion, we retain anonymized usage statistics and billing records for up to 7 years as required by law. AI conversation data is deleted within 90 days of generation unless you have configured a shorter retention period.
7. Your Rights and Choices
Depending on your location, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request that we restrict processing of your data
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@omnithium.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
8. Data Security
We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, audit logging, regular penetration testing, and SOC 2 Type II compliance. No method of transmission or storage is 100% secure; we encourage you to report any suspected security issues to security@omnithium.ai.
9. International Data Transfers
Omnithium operates globally. If you are located outside the United States, your data may be transferred to and processed in the United States. For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission, or other appropriate safeguards as required.
10. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 30 days before the changes take effect. Your continued use after the effective date constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related inquiries, contact our Data Protection Officer at privacy@omnithium.ai. For EU/UK residents, our EU representative can be reached at eu-rep@omnithium.ai.