Privacy & Compliance
GDPR compliance, data handling, and privacy practices at Omniops.
Overview
Omniops is built with privacy by design. We comply with GDPR, CCPA, and other data protection regulations.
GDPR Compliance
Data Processing
- Omniops acts as a data processor on behalf of your organization (the data controller)
- We process data only as necessary to provide the service
- No data is used for purposes beyond what you've authorized
Data Subject Rights
Omniops supports all GDPR data subject rights:
- Right of access — export all data associated with a customer
- Right to erasure — delete all customer data on request
- Right to portability — export data in machine-readable format
- Right to rectification — update incorrect personal data
Data Retention
- Conversation history is retained for the duration of your subscription
- Deleted conversations are purged within 30 days
- Account deletion removes all organization data permanently
What Data We Collect
Organization Data
- Organization profile and settings
- Integration credentials (encrypted)
- Conversation history with Omni
Customer Data (via Widget)
- Conversation messages
- Device and browser metadata (for analytics)
- Email address (if voluntarily provided)
What We Don't Collect
- We don't track customers across websites
- We don't sell or share data with third parties
- We don't use your data to train AI models
Cookies
The chat widget uses minimal cookies:
- Session cookie — maintains the conversation session (essential, no consent required)
- No tracking cookies, no analytics cookies, no third-party cookies
Sub-Processors
We use the following sub-processors:
Provider Purpose Location Hetzner Infrastructure hosting Germany Cloudflare CDN and DDoS protection Global (EU data routing) Supabase Database EU OpenAI AI processing US (with DPA)Contact
For privacy-related enquiries, contact our data protection team at the email address listed on our website.