// LEGAL

Privacy
Policy.

Last Updated: August 2, 2025

1. Introduction

Omniatix takes your privacy seriously and considers it important that your personal data be treated with the necessary care and confidentiality at all times.

This privacy policy ("Privacy Policy") applies to all visitors and users of Omniatix services and websites (collectively, the "Service" or the "Websites") and any related applications, offered by Omniatix (available at https://omniatix.com) and/or any of its affiliates ("Omniatix", "we" or "our"). We ask that you read this Privacy Policy carefully. By accessing or using any part of the Service, you acknowledge having been informed of and consent to our practices regarding your information and personal data.

1.1. Who does this Policy apply to?

This Privacy Policy applies to the processing of personal data of:

  • Your Business (Client): Companies or individuals who contract Omniatix services.
  • Client Employees: Individuals who work for the Client and use the Platform.
  • End Users (Customers of Your Business): Individuals who interact with Omniatix through the channels enabled by the Client.
  • Website Visitors: Individuals who browse the Omniatix website.

Important: Omniatix acts as Data Controller for the data of Your Business, Client Employees, and Website Visitors. However, for the data of End Users, Omniatix acts as Data Processor, with Your Business being the Data Controller of such data.

2. Personal Data

2.1. Purpose of Personal Data Processing

Omniatix, in its commitment to privacy and personal data protection, informs that personal data collected or received during interaction with our services —including, but not limited to, first name, last name, contact information, and usage preferences— may be stored in both structured and unstructured formats in digital records.

The collection and processing of this data has the following main purposes:

  • Provide, manage, and improve the services offered to Your Business and/or the Customers of Your Business.
  • Facilitate effective communication between Your Business and the Customers of Your Business through the channels available on the platform.
  • Personalize and optimize the user experience of the platform for Your Business and Client Employees.
  • Ensure the security, integrity, and operability of our services, including the prevention of fraudulent activities or misuse.
  • Comply with legal and regulatory obligations applicable to our services and commercial operations.
  • Develop and improve our services through statistical analysis and market research.

2.2. Types of Personal Data Processed

The personal data we collect, store, and process varies depending on the type of user and the nature of the interaction with our services:

2.2.1. Data of Your Business (Client)

  • Contact and account information: company name, first and last names of representatives, email addresses, phone numbers, postal addresses.
  • Financial and billing information: bank details, payment history, tax information necessary for business relationship management.
  • Contractual data: information related to contracted services, specific terms and conditions, and any additional agreements.
  • Communication information: correspondence records, support requests, feedback, and service-related communications.

2.2.2. Data of Client Employees

  • Identity and contact information: name, surname, job title, professional email address, professional phone number.
  • Access and usage data: access credentials, activity logs on the platform, settings, and usage preferences.
  • Performance and activity data: performance metrics, history of managed interactions, response times, evaluations, and feedback.

2.2.3. Data of End Users (Customers of Your Business)

Important note: For this data, Omniatix acts as Data Processor, with Your Business being the Data Controller.

  • Identity and contact information: name, surname, email address, phone number, social media identifiers, and other communication channels.
  • Content of communications: text messages, voice, images, and other content shared through communication channels integrated into the platform.
  • Preference and behavior data: communication preferences, interaction history, frequent queries, products or services of interest.
  • Metadata associated with communications: date, time, duration of interactions, channel used, access device.

2.2.4. Data of Website Visitors

  • Technical information: IP address, browser type, Internet service provider, operating system, approximate location data.
  • Browsing data: pages visited, time spent, links accessed, search terms used on the site.
  • Form data: information voluntarily provided in contact forms, newsletter subscriptions, requests for demos or service trials.
  • Cookie and similar technology data: as specified in our Cookie Policy.

2.3. Legal Basis for Data Processing

The processing of personal data by Omniatix is carried out under the following legal bases, depending on the type of data and the purpose of the processing:

  • Contractual execution: Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures at the request of the data subject.
  • Legitimate interest of the controller: There is a legitimate interest on the part of Omniatix to improve its services, ensure the security of the platform, and develop its business activity efficiently.
  • Consent of the data subject: In certain cases, processing is based on the express and informed consent of the data owner, especially for marketing activities and commercial communications.
  • Compliance with legal obligations: Some processing is necessary to comply with legal obligations applicable to Omniatix, such as those related to taxation, accounting, or information security.

2.3.1. Additional information for End User data

Regarding End User data (Customers of Your Business), we remind you that Omniatix acts as Data Processor, with Your Business being the Data Controller. Therefore, the legal basis for processing this data must be established and ensured by Your Business, in accordance with applicable law.

As an Omniatix Client, Your Business is responsible for:

  • Adequately informing End Users about the processing of their personal data.
  • Obtaining and managing necessary consents when it is the applicable legal basis.
  • Ensuring the exercise of End Users' rights regarding their personal data.
  • Ensuring that the processing complies with all legal obligations applicable according to the corresponding jurisdiction.

3. Personal Data Processing

3.1. How do we collect personal information?

We collect personal information through various sources and methods, including:

  • Information provided directly: Data you provide to us when registering on the platform, completing forms, contacting our customer service, or interacting with our services.
  • Automatically collected information: Data generated or captured during your interaction with our services, websites, or applications, including technical, analytical, and usage information.
  • Information received from third parties: Data we may receive from business partners, service providers, or publicly available sources, in compliance with applicable law.
  • End User Information: In our role as Data Processor, we receive End User data through Your Business or directly through their interactions with the Omniatix platform implemented by Your Business.

3.2. How do we use personal information?

We use the collected personal information for various purposes, always in compliance with applicable law and the legal bases mentioned above:

3.2.1. Use of data of Your Business (Client) and Client Employees

  • Provision and management of services: Configure, maintain, and operate the Omniatix platform according to contracted terms.
  • Billing and administration: Manage aspects related to payments, subscriptions, renewals, and administrative documentation.
  • Technical support and customer service: Resolve queries, incidents, and provide technical or commercial assistance.
  • Service-related communications: Send important notices, service updates, changes to terms and conditions, or information related to account security.
  • Product and service improvement: Analyze usage patterns, preferences, and needs to optimize and develop new functionalities.
  • Marketing communications (with prior consent): Inform about new products, services, events, or content that may be of interest, always respecting established communication preferences.
  • Security and protection: Verify identities, prevent unauthorized access, detect and prevent fraud or misuse of the platform.

3.2.2. Use of End User data (as Data Processor)

In our capacity as Data Processor, we process End User data exclusively according to the instructions and purposes determined by Your Business (the Data Controller), which generally include:

  • Facilitating communication between Your Business and its customers through the various channels integrated into the platform.
  • Providing AI-based automated responses using the knowledge base configured by Your Business.
  • Storing and managing conversation history to maintain context in interactions.
  • Generating statistics and reports on interactions, which Your Business can use to improve its customer service.
  • Training and improving specific AI models implemented for Your Business, when so agreed.

3.2.3. Use of Website Visitor data

  • Analyzing traffic and user behavior on our website to improve the browsing experience and content offered.
  • Personalizing content shown based on detected interests and preferences.
  • Managing requests for information, demos, or subscriptions made through web forms.
  • Measuring the effectiveness of our marketing campaigns and improving our communication strategies.
  • Ensuring website security and preventing fraudulent or malicious activities.

3.3. Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Criteria used to determine our retention periods include:

  • The duration of our contractual relationship with Your Business.
  • Legal obligations to which we are subject.
  • Limitation requirements applicable in each jurisdiction.
  • The existence of current or potential legal proceedings.
  • Guidelines issued by relevant data protection authorities.

Specifically, we apply the following retention criteria for different types of personal data:

  • Data of Your Business (Client): Retained for the duration of the contractual relationship and up to 5 years after its termination for legal, tax, and accounting reasons.
  • Data of Client Employees: Retained while the employee maintains active access to the platform and up to 1 year after account deactivation for security and audit reasons.
  • Data of End Users: As Data Processor, we retain this data according to the instructions of Your Business and the settings established in the platform. By default, conversations and associated data are kept for a period of 2 years, but this period can be configured by Your Business according to its specific policies and needs.
  • Data of Website Visitors: Technical and browsing information is retained for a maximum of 2 years. Data provided in contact forms is kept up to 1 year after resolving the query or request, unless a subsequent commercial relationship is established.

At the end of the established retention periods, personal data will be securely deleted or anonymized, unless there is a legal obligation requiring its retention for a longer period.

4. Data Sharing with Third Parties

4.1. Payment Processor and Merchant of Record

Lemon Squeezy is our Merchant of Record and payment processor. They manage:

  • Payment processing (credit cards, PayPal, and other payment methods)
  • Billing and subscription invoicing
  • Tax/VAT calculation and collection
  • Customer payment data (securely, PCI compliant)
  • Refunds and chargebacks

When you purchase a subscription, your payment information is collected and processed directly by Lemon Squeezy. We DO NOT store credit card information. Lemon Squeezy operates as an independent data controller for payment data and complies with PCI DSS standards.

Lemon Squeezy's privacy policy governs their processing: https://www.lemonsqueezy.com/privacy

4.2. Other Service Providers

We share data with providers who help us operate our services:

  • Hosting and cloud storage providers: AWS, Supabase for platform infrastructure
  • Analytics and monitoring services: For platform performance and usage analytics
  • Customer service services: To provide customer assistance
  • Email service providers: For transactional and service-related communications

All service providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

4.3. Legal Requirements

We may disclose information when required by:

  • Court orders or legal processes
  • Government investigations
  • Protection of our legal rights
  • Compliance with applicable laws and regulations

4.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any change in ownership or control of your personal data.

5. Data Security

5.1. Security Measures

We implement appropriate technical and organizational measures:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Continuous security monitoring
  • Regular security audits

5.2. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Satisfy legal and regulatory requirements
  • Resolve disputes and enforce our agreements

6. Your Rights

Under applicable data protection laws, you have the following rights:

6.1. Right of Access

You can request information about what personal data we process about you.

6.2. Right of Rectification

You can request correction of inaccurate or incomplete data.

6.3. Right of Erasure

You can request deletion of your personal data in certain circumstances.

6.4. Right of Restriction

You can request that we limit the processing of your data in certain situations.

6.5. Right of Portability

You can request to receive your data in a structured, machine-readable format.

6.6. Right of Object

You can object to the processing of your data for certain purposes.

6.7. Exercise of Rights

To exercise any of these rights, contact us at [email protected].

7. International Transfers

Your data may be transferred and processed in countries outside your jurisdiction. When this occurs, we implement appropriate safeguards such as:

  • Approved standard contractual clauses
  • Adequacy certifications
  • Other recognized protection measures

8. Minors

Our services are not directed to minors under 16 years of age. We do not knowingly collect personal data from minors without appropriate parental consent.

9. Changes to this Policy

We may update this policy periodically. We will notify you of significant changes through:

  • Notice on our website
  • Email (if you have an account with us)
  • Other appropriate means

10. Contact and Data Protection Officer

For any questions regarding this privacy policy, you can contact us at:

By email: [email protected]