Privacy Policy

1. Data Controller & Scope

The data controller for the service is Omniflow HQ (operated pending formal incorporation). Contact: info@omniflowhq.com. This policy explains our privacy practices and does not create independent contractual rights.

2. Data Collection & Processing

We collect Account Information (Email) and Automatically Collected Data (IP addresses, browser logs via Supabase/Netlify).

AI Processing: User data is processed by third-party AI providers (e.g., Anthropic) as necessary to provide the service and generate reports.

3. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract (Necessity): To provide the analysis service.
• Legitimate Interest: For platform security and fraud prevention.
• Consent: For analytics and marketing communications.

4. International Data Transfers

Your data may be processed in the United States or other countries outside the EU/EEA. We rely on Standard Contractual Clauses (SCCs) and ensure our providers maintain appropriate data protection standards.

5. Third-Party Services & AI Processing

• AI Processing: Data is processed via Anthropic's API. We do not use your data for AI model training. Anthropic may retain API logs for up to 30 days for safety monitoring.
• Infrastructure: We use Supabase (Storage), Railway (Hosting), Netlify (Web), and Zoho Mail (Email).
• Disclaimer: We are not responsible for third-party privacy practices.

6. Cookies

We use essential technical cookies for authentication and session management. With your consent, we use Google Analytics cookies to understand visitor behavior. Cookies are stored for a limited duration necessary for their functionality. You may accept or reject non-essential cookies via the cookie banner.

7. Marketing Communications

Marketing emails are sent only to users who have given explicit consent. Users may unsubscribe at any time via the link in the email or by contacting us.

8. Data Retention & Deletion

Please note that storage durations are best-effort and may vary for operational reasons:

• Uploaded Files: Typically deleted within 7 days from our servers.
• Reports: Stored until you delete your account.
• Fraud Prevention: A cryptographic hash of your email may be retained for as long as necessary for fraud prevention purposes to prevent credit system abuse.

9. User Rights & Identity Verification

You have the right to access, rectify, or erase your data, subject to mandatory local consumer protection laws. We may request verification of your identity before fulfilling such requests to ensure data security.

10. Data Breach Notification

In the event of a data breach posing a risk to your rights, we will notify affected users and relevant authorities as required by law.

11. Age Restriction

This platform is not intended for individuals under the age of 18. We do not knowingly collect data from minors.

12. Changes to Policy

We may update this policy periodically. Significant changes will be notified via email.