Privacy Policy - Omnium

Last Updated: August 18, 2025

  1. INTRODUCTION

    2. Welcome to the Omnium Privacy Policy. This policy describes how Omnium – an AI platform developed by Avrioc Technology LLC (a UAE-registered company) – collects, uses, and protects information. It is intended for all users of Omnium, including individual users and enterprise customers. We are committed to safeguarding your privacy and ensuring compliance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), among others. By using Omnium’s services, you agree to the practices described in this Privacy Policy.

    Scope:This policy covers all AI functionalities provided by the Omnium platform – including data analysis tools, natural language processing (NLP) features, chatbot services, and image processing capabilities – for both enterprise and individual use. It explains what information we collect, how we use and share it, the legal bases for processing, and your rights regarding your personal data. Importantly, Omnium is designed not to handle sensitive personal data (such as health records, biometric identifiers, financial information, or other highly confidential data), and we do not intentionally collect or process such information. We ask that you do not provide sensitive personal data when using our platform, as described further below.

  2. INFORMATION WE COLLECT

    1. We collect information necessary to operate our platform and provide our services. This includes personal data you provide to us, data generated from your use of Omnium, and information collected through cookies or similar technologies. Below we outline the categories of information we collect and what we do not collect.

    2. Personal Data You Provide. When you register an account or contact us, we may collect certain personal details from you. This “Personal Data” typically includes:

      1. Identity and Contact Information: e.g. your name, email address, phone number, job title, and company/organization (for enterprise users).

      2. Account Credentials: e.g. username, password, and other authentication information for accessing Omnium.

      3. Profile Information: any preferences, profile photo, or other details you choose to add to your user profile.

      4. Communication Records: if you contact support or send us inquiries, we will collect the information you provide (such as email correspondence or chat messages) to address your request.

      5. We limit the personal data we ask for to the minimum needed to create and manage your account or provide support. Omnium does not require you to provide any sensitive personal data (e.g. information about your health, genetics, biometrics, finances, religious beliefs, etc.), and we will not knowingly collect such data. We do not collect government-issued identifiers, financial account numbers, health records, or biometric identifiers from you, as our services are not intended for handling such sensitive information. If we become aware that sensitive data has been inadvertently collected, we will delete it. (In certain jurisdictions, categories like health, biometric, ethnic origin, and sexual orientation are considered “sensitive personal data” and receive special protection. Omnium’s policy is to avoid processing any such data.)

    3. Content and Data You Submit (User-Provided Content)

      1. Omnium is an AI platform that allows you to input data for analysis, ask questions to an AI chatbot, process text via NLP, or upload images for analysis. All content and data that you (or your organization) submit to our platform (e.g. text prompts, documents, datasets, images, chat messages) is treated as your data. We collect and process this user-provided content only to operate the AI functionalities and deliver results back to you. In other words, we use your input data to generate the AI outputs (analysis, answers, or image results) that you request.

      2. If you use our data analysis tools, the data sets or information you upload will be processed to generate analysis or insights for you.

      3. If you interact with our NLP or chatbot features (for example, asking Omnium’s AI a question or having a conversation), the text of your queries and the AI’s responses may be temporarily stored so that the conversation can function and be shown to you.

      4. If you use our image processing feature, any images you upload will be analyzed as requested (e.g. for object recognition or other AI-derived information) and may be stored temporarily for processing.

      5. User Ownership

        You retain ownership of all content and personal data you provide in using Omnium’s services. Providing your data to Omnium does not change your rights to that data. As between you and Omnium, you maintain all rights to the inputs (data, text, images, etc. you submit) and the outputs generated for you. We will never claim ownership over your personal data or uploaded content. We only use and process your content as necessary to perform the services you request, to comply with applicable law, or to enforce our policies.

      6. No AI Training on Your Data

        We do not use the content you submit to train our underlying AI models or to improve our algorithms without your explicit permission. All AI processing on your data is performed for your use of the service, and your data remains isolated to your account/workspace. In an enterprise context, your business data and any inputs/outputs are not used by Omnium for model training or product development, unless you have explicitly opted-in to such use. By default, any text, images, or other data you provide are used only to generate the results you requested and to maintain the functionality of the service. (The only exceptions would be if you choose to participate in feedback programs or analytics that help improve our services, in which case we would obtain your consent separately.)

    4. Usage Data (Automatically Collected)

      1. Like most online services, Omnium collects usage data automatically when you interact with our platform. This information helps us understand how the platform is used, secure our services, and improve performance. Usage data may include:

        1. Device and Log Information: When you use Omnium, our servers automatically record details such as your device type, operating system, browser type, IP address, device identifiers, and the dates/times of access. We may also log actions you take on the platform (e.g. features used, pages viewed, clicks, errors).

        2. Analytics Data: We use analytics tools to collect information about how users navigate and use our website/app. This can include metrics like page response times, usage frequency of certain AI features, and crash reports. This data is generally aggregated and does not directly identify individuals. If any analytics data is linked to you, we treat it as personal data.

        3. Cookies and Similar Technologies: We use cookies, beacons, and similar tracking technologies to collect information about your usage and preferences. Cookies help us remember your settings, keep you logged in, and analyze site traffic. For more details, see the “Cookies and Tracking Technologies” section below.

        4. Usage data is typically non-identifiable on its own, but if it can be linked to you (for example, IP address or device ID that could be considered personal data in some jurisdictions), we treat it as personal data and protect it accordingly. We use this information to maintain the security of the platform, prevent fraud, debug and fix errors, and analyze trends in usage.

    5. Information from Third Parties

      1. Generally, we collect data directly from you. If you choose to integrate Omnium with third-party services (for example, if an enterprise customer connects Omnium to their cloud storage or messaging platforms via our integrations or API), we may receive certain information from those third parties as needed to perform the integration. For instance, if you link a third-party account or data source to Omnium, we might receive your profile information or content from that source after you authorize the connection. We will apply the same privacy protections to any such information.

      2. We may also receive basic account or billing information about you from an enterprise customer (your employer or organization) if they register you for an Omnium enterprise account. In such cases, the organization might provide your name, work email, and role so we can create your user profile under their enterprise subscription.

      Note: Omnium does not knowingly collect personal information from children. Our services are intended for business and adult users. If you are under the age of 18 (or the minimum age required in your jurisdiction), please do not use Omnium or provide any personal data. If we learn that we have inadvertently collected personal data from a child, we will delete it.

  3. HOW WE USE YOUR INFORMATION

    1. We use the collected information for the following purposes, all in line with operating a safe and effective AI platform:

      1. To Provide and Improve the Service: We process your personal data and content to operate the Omnium platform’s features. This includes using your inputs to generate AI outputs (data analysis results, chatbot answers, image recognition outcomes, etc.), maintaining your account, and customizing your user experience. We may also use data (including usage patterns and feedback) to improve and refine our AI models and services – but only in aggregate or anonymized form, or with your explicit consent if it involves your personal data.

      2. Account Management and Customer Support: We use your contact and account information to administer your account, verify your identity when you log in, and communicate with you about your use of Omnium. If you reach out for support, we will use your information to respond to your questions, resolve issues, and provide customer care.

      3. Security and Fraud Prevention: Information (especially usage and log data) is used to monitor and protect the security of our platform, users, and systems. We may analyze logs and user activities to detect unauthorized access, prevent abuse (such as misuse of the AI features, spam, or malicious activities), and enforce our terms of service. This is essential to keep our services safe for everyone.

      4. Analytics and Platform Development: We use aggregated usage data, cookies, and analytics tools to understand how our platform is performing and how users interact with it. This helps us troubleshoot problems, and develop new features or enhancements. For example, usage data might inform us which AI functionalities are most popular or if any feature is causing frequent errors, allowing us to focus our improvements. We ensure that analytics data is de-identified or aggregated whenever possible.

      5. Communications and Updates: We may use your contact information to send important notices, such as service updates, security alerts, and changes to this Privacy Policy or other terms. We may also send marketing or promotional communications about new features or offerings, but only if you have given us consent to receive marketing (where required by law). You can opt out of marketing emails at any time, and we will not spam you.

      6. Legal Compliance and Protection: In certain cases, we need to process personal data to comply with legal obligations – for example, keeping records for financial reporting, complying with lawful requests from government authorities, or fulfilling obligations under data protection laws. We may also process data as needed to establish or defend legal claims, investigate violations of our terms, or protect the rights, property, or safety of Omnium, our users, or the public.

      7. We will only use your personal information for the purposes described above or as otherwise disclosed at the time of collection. If we need to use your data for a new purpose that is incompatible with the purposes above, we will seek your consent or provide you with an appropriate notice, unless otherwise required or permitted by law.

      8. No Selling of Personal Data: We do not sell your personal information to third parties for their own commercial use. “Selling” (as defined by CCPA and similar laws) means exchanging personal data for monetary or other valuable consideration. Omnium does not engage in selling personal data, and we do not share your information with third parties for them to market their products to you without your consent.

      9. No Sensitive Data Processing: As stated, we avoid collecting sensitive personal data. Therefore, we do not use your data to infer sensitive characteristics (such as health, race, religion, etc.) and do not engage in any processing that would be considered “high risk” sensitive processing under laws like PDPL or GDPR without proper legal basis and safeguards. In fact, our platform is built such that we do not request or utilize sensitive data at all in providing our AI services, to protect your privacy.

  4. LEGAL BASIS FOR PROCESSING PERSONAL DATA

    1. We process personal data only when we have a valid legal basis to do so, in accordance with applicable data protection laws. This section explains the legal grounds we rely on for processing your information, particularly for users in jurisdictions like the European Economic Area (EEA), United Kingdom, and United Arab Emirates where laws require a “lawful basis” for processing. For users in other regions (e.g. the United States), we ensure that our practices align with your rights and expectations under relevant laws such as the CCPA.

      1. Consent: In cases where we ask for your consent, we will only process your personal data for the specific purpose you agreed to. For example, if we want to send you marketing emails, or if you opt-in to share certain data to improve our AI models, we will rely on your consent. You have the right to withdraw consent at any time. Under PDPL and GDPR, consent must be clear, unambiguous, and freely given; we will make it easy for you to opt out or withdraw consent if you change your mind.

      2. Contractual Necessity: Much of our processing is necessary to perform our contract with you – namely, to provide the Omnium services you signed up for. When you create an account and agree to our Terms of Service, a contract is formed between you and Avrioc (Omnium). We need to process your data (e.g. account details, and any content you submit) to fulfill our obligations under that contract: to provide and support the AI platform features you use. For example, we must process your login credentials to authenticate you, and we must process the data you input to generate the requested analysis or chatbot responses. Without this data processing, we cannot deliver the service.

      3. Legitimate Interests: We may process your personal data for the purposes of our legitimate interests, provided such processing is fair, balanced, and does not unduly impact your rights. For instance, we have a legitimate interest in securing our platform and preventing fraud, in improving and developing our services, and in understanding how users use our features. We rely on these interests to process usage data, perform analytics, and communicate with you about relevant product updates. When we rely on legitimate interests, we ensure that our interests are not overridden by your data protection rights – for example, we will offer opt-outs for activities like analytics or non-essential cookies where appropriate, and we limit what data we collect.

      4. Legal Obligation: Sometimes we need to process or retain personal data to comply with a legal obligation. This includes obligations under law (tax, accounting, anti-fraud, etc.) or responding to valid legal process (like court orders or regulatory inquiries). For example, financial regulations might require us to keep transaction records, or data protection laws might require we document user consent or respond to data subject requests. In such cases, the lawfulness of processing is based on the necessity to comply with those legal obligations.

      5. Public Interest or Vital Interests: Generally, these bases are not applicable to Omnium’s day-to-day operations. However, if ever processing is necessary to protect someone’s life (vital interests) or for a task in the public interest, we may proceed on those grounds as allowed by law. For instance, if there were an emergency situation where disclosing data could prevent serious harm, we might do so if permitted under applicable law. Additionally, PDPL and other laws provide certain exemptions for public interest (such as processing that is necessary for public health or security), but these are unlikely to be relevant to our commercial services.

      6. CCPA (California Residents): The CCPA does not require businesses to have one of the above “legal bases” in the same way GDPR/PDPL do. Instead, it requires transparency about what personal information is collected and for what purposes, and it grants consumers specific rights (see Your Rights below). We want to assure California users that we are processing personal data in line with what is allowed as a “business purpose” under CCPA (such as providing the service, security, debugging, etc.), and we do not use your data in ways that are not disclosed in this policy.

      7. UAE PDPL Compliance: For users in the UAE, we abide by the requirements of the PDPL. PDPL generally requires consent for processing personal data unless an exception applies, such as contractual necessity or compliance with law. In operating Omnium, we ensure that we have obtained consent where needed (for example, for optional uses like marketing or non-essential cookies) and that other processing falls under allowed categories (like fulfilling a contract or protecting legitimate interests that align with PDPL’s allowed circumstances). The PDPL also requires that we provide a privacy notice (which this policy serves as) detailing the purposes of processing, the parties with whom data will be shared, and how we handle cross-border transfers. We have structured this policy to meet those obligations.

      8. If you have any questions about the legal basis on which we collect and use your personal data, please contact us legal@omnisphere.ai. We will explain how the law applies to our processing of your data in your specific context or jurisdiction if needed.

  5. COOKIES AND TRACKING TECHNOLOGIES

    1. Omnium uses cookies and similar tracking technologies to enhance user experience and gather information about how our platform is used. This section explains what cookies are used for, what types of cookies we deploy, and your choices regarding cookies.

    2. What Are Cookies? Cookies are small text files placed on your device (computer or mobile) when you visit a website or use an app. They allow the site to remember your actions or preferences over time. Similar technologies include web beacons (pixel tags), local storage, and scripts that track usage. On our platform, some cookies are set by us (first-party cookies) and some might be set by third-party services that we use (third-party cookies, such as analytics providers).

    3. How We Use Cookies: We use cookies and tracking technologies for several reasons:

      1. Essential Cookies: These are necessary for our website or app to function properly. For example, they enable you to stay logged in as you navigate through secure areas of the site, or they remember your language and region preferences. Without these cookies, certain services or features (like account login or user preferences) may not be available. Because they are essential, these cookies are generally active by default and do not require consent.

      2. Analytics and Performance Cookies: We use these to collect information about how users interact with our platform, which pages or features are most popular, and whether users encounter errors. This helps us improve the way our website works and ensure a better user experience. For instance, we might use Google Analytics or a similar tool that sets cookies to track page load times, usage paths, and other metrics. The information collected is typically aggregated and does not directly identify you. Where required by law, we will ask for your consent before setting analytics cookies.

      3. Functionality Cookies: These cookies remember choices you make (such as your preferred settings) to provide a more personalized experience. For example, if you select a preferred theme or if the platform has a memory of the last dataset you accessed, a cookie might store that information so the platform can present it again to you without reconfiguration. While not strictly essential, these enhance functionality. We may treat these similar to essential cookies, but you may have the option to disable them.

      4. Advertising or Tracking Cookies: Currently, Omnium does not use advertising cookies or any cookies for third-party targeted advertising. We do not serve third-party ads on our platform at this time. If this ever changes, we will update this policy and obtain any necessary opt-ins. As a general practice, we aim to minimize invasive tracking. We do not share cookie data with social media or ad networks for their own use.

      5. Cookie Consent and Control: When you first visit our website, you will see a cookie notice or banner if required by your jurisdiction. We will ask for your consent to place any non-essential cookies (such as analytics cookies) on your device. You can choose to accept or reject these. If you opt out of certain cookies, note that some features of the site may not function as intended (for example, we may not remember your preferences).

      6. Most web browsers also allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. You can also delete cookies that have already been set. Please note that if you disable cookies entirely, our website may not function properly for you (for instance, you might not be able to log in or use certain services).

      7. For more information about cookies and how to manage or delete them, visit the help section of your browser or websites like AllAboutCookies. We also honor Do Not Track (DNT) signals where possible. If our systems detect a DNT signal from your browser, we will treat it as an opt-out of third-party tracking cookies.

      8. Other Tracking Technologies: In addition to cookies, we may use web beacons (small graphics with a unique identifier) in our HTML emails to know if an email was opened or if certain links were clicked. This helps us gauge the effectiveness of our communications and improve future outreach. You can disable the display of images in your email client if you do not wish to allow this tracking in emails.

  6. DATA SHARING AND DISCLOSURE

    1. We understand the importance of keeping your personal data confidential. Omnium will not share, sell, or rent your personal information to third parties for their own marketing purposes. However, in order to provide our services and run our business, there are certain circumstances where we may disclose information to third parties, as detailed below. In all cases, we only share the minimum information necessary and ensure that appropriate safeguards and contracts are in place to protect your data.

      1. Service Providers (Processors): We employ trusted third-party companies and individuals to perform functions on our behalf – for example, cloud hosting providers, data center operators, analytics services, email service providers, customer support software, and other IT or security vendors. These third parties may process personal data as part of providing those services to us (e.g., storing data on servers, processing queries through an AI engine, or sending out email communications). Whenever we use service providers, we remain responsible for your data and we contractually require these providers to only use your data for our specified purposes, to keep it secure, and to maintain confidentiality. For example, if our servers are in a country that is not explicitly whitelisted by the UAE, we will rely on mechanisms like contractual obligations on the data importer to protect your information at the level required by PDPL.

      2. Integration Partners and Third-Party API Services: Omnium offers integration capabilities that allow our platform to connect with other tools or services (e.g., an API that connects Omnium to your enterprise software, or plugins that let you import data from external databases, or export results to third-party applications). If you choose to use these integrations, we will share data with the third party as necessary at your direction. For instance, if you instruct Omnium to fetch data from a third-party database or to send an analysis report to a Slack channel or other service, we will transfer the required information to fulfill that request. Such transfers happen only with your consent or initiation, since you must configure the integration. We recommend you review the privacy policies of any third-party services you connect to Omnium, as we do not control those services. We do ensure that any official integration partners have agreements with us to safeguard any personal data that might be exchanged via the integration.

      3. Enterprise Accounts – Sharing within an Organization: If your Omnium account was provided by an enterprise (e.g., your employer or other organization), the admin users of that organization may have access to certain data about your use of Omnium. For example, an enterprise account administrator might see usage reports indicating which employees are using the service, or might access content that team members input into Omnium if needed for oversight. This will depend on the settings chosen by your organization. We only share your data with your employer/organization in accordance with our contract with them and as allowed by law – typically, this means data you generate in a company account may be visible to authorized colleagues or administrators on the same account. If you have questions about how your information is shared within your enterprise, please contact your organization’s admin or refer to your organization’s internal policies.

      4. Legal Requirements and Safety: We may disclose personal information to third parties (such as courts, law enforcement authorities, regulators, or external advisors) if we believe that disclosure is reasonably necessary to (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) detect, investigate, and help prevent security, fraud or technical issues; or (d) protect the rights, property, or safety of Omnium, our users, or the public. We will only do so to the extent that such disclosure is permitted by law. Where possible and lawful, we will notify you of such disclosures.

      5. Business Transfers: If Avrioc Technology LLC (the company behind Omnium) undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or a portion of its assets, your personal data may be transferred to the acquiring entity or merged with the other business. We would require any such successor entity to honor the commitments in this Privacy Policy or obtain your consent for any material changes.

      6. Aggregated or Anonymized Information: We may share information that has been aggregated (grouped with other data so it does not identify you personally) or irreversibly anonymized (stripped of personal identifiers so that it cannot be linked to you). Such information is no longer personal data. We may use and share such aggregated/anonymized data freely, for example to report overall trends about our user base or to demonstrate the effectiveness of our platform (e.g., “X% of Omnium users use the chatbot feature daily”). This may include sharing insights publicly or with partners, but in doing so, we will ensure that no individual can be identified from that data.

    2. We want to reiterate that we do not sell your personal data to data brokers or advertisers. We do not share it with third parties for their own direct marketing. All third parties who process your data are either acting on our behalf (service providers) or involved in a transaction you’ve initiated (integrations or enterprise use), or they are authorities or parties as required by law.

    3. If you would like more details about the third parties we use or the specific information disclosed, you can contact us and we will provide a list of our current subprocessors or integration partners upon request. We also execute Data Processing Addendums with enterprise clients that list out approved subprocessors to ensure transparency in data handling.

  7. DATA RETENTION AND DELETION

    1. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide you with the services, for legitimate business or legal purposes, and to comply with any regulatory or contractual obligations. This section outlines how long we keep different types of data and how you can request deletion of your data.

    2. General Retention Periods

      1. Account Information: We keep your account registration information (like your name, email, account credentials, and profile info) for as long as your account is active. If you cancel your account or it is terminated, we will delete or anonymize this information within a reasonable period after the account closure, except where we need to retain it for legitimate reasons (e.g., to comply with legal obligations or resolve disputes).

      2. User-Provided Content: Data you upload or content you generate on Omnium (documents, AI conversation history, images, etc.) is stored on our servers to enable your use of the platform. If you delete specific content from Omnium (for example, delete an uploaded dataset or clear a chatbot conversation), we will remove it from our active database. However, residual copies may remain in backups for a short period (backups are cycled and cleared regularly). If you want all your content data deleted, you may delete your account entirely or contact us with a deletion request. For enterprise users, content data is retained according to the enterprise’s agreement (often, we act as a processor and will delete or return data upon contract termination or upon instruction from the enterprise).

      3. Usage Data: We generally retain usage logs and analytics data for a shorter period, typically for 2 years, unless we need to keep it longer (for example, if needed for security investigations or legal proceedings). We either delete or anonymize usage data when it’s no longer needed for our business analysis. Aggregate data that is not personal may be retained longer.

      4. Communications: If you contacted us (support emails, feedback), we may retain those communications for our records and to help train our support team, unless you request their deletion. Typically, support tickets are retained for a period of time in case you have further issues or questions, after which we delete or anonymize them.

      5. Cookies: Cookies have varying lifespans. Some cookies (session cookies) are erased when you close your browser. Others (persistent cookies) remain on your device until they expire or you delete them. We set cookie expiration appropriately (for instance, an analytics cookie might expire after 6 months). You can clear cookies anytime via your browser settings.

      6. Deletion of Data: You have the right to request deletion of your personal data (see Your Rights below). You may delete certain information on your own – for example, you can remove or modify information in your profile, and you can delete content you’ve uploaded to the platform. For anything you cannot remove yourself, you can send us a verified request to delete your data. Upon receiving a valid deletion request, we will erase your personal data from our systems (and instruct our processors to do the same), except for information we are required or permitted to retain by law. We will also inform third parties with whom we’ve shared your data (if any) about the deletion request, to the extent required by law.

      7. Some examples of when we might retain data despite a deletion request include: if we must keep transaction records for financial reporting, if an investigation is ongoing (we may retain data until it’s resolved), or if data is needed to exercise or defend legal claims. In all cases, we will only retain what is strictly necessary and only for the duration necessary. We may also retain a note that you requested deletion, so we don’t inadvertently re-collect your data if you contact us again.

      8. Account Deactivation: If you wish to stop using Omnium, you can deactivate or delete your account at any time. Deactivating your account will pause it (your data remains but is not actively used). Deleting your account will remove your profile and personal data from active use. We will then proceed to delete data as described. Note that it may take a short time to fully remove data from backups, and we may retain minimal information to document that your account was deleted (e.g., email address hashed, with a tag “deleted on X date”) so that we know not to contact you or to allow you to reinstate your account if you change your mind within a short window.

      9. Retention for AI Model Outputs: If the platform generates AI outputs (like analysis results or chatbot transcripts) that you save, those are considered your content and handled as above. If not saved, some transient outputs might not be stored at all beyond delivering them to you in the session (for example, if our system only holds a result in memory or cache briefly). We design our systems to avoid unnecessary retention of ephemeral data. Any incidental temporary storage (like server cache or logs) for those outputs is cleared routinely.

    3. We aim to enforce our retention policies and regularly delete data that is no longer needed. If you have specific questions about our retention practices or want a certain piece of data deleted, please contact us.

  8. INTERNATIONAL DATA TRANSFERS

    1. Omnium is a global platform, and the data we collect may be transferred to or stored on servers in various countries. Avrioc Technology LLC is based in the United Arab Emirates, but we utilize cloud infrastructure that could be outside of the UAE (for example, data centers in the European Union or United States). This means your personal data might be transferred to and processed in a country different from your home country. Regardless of where your data is processed, we take steps to protect it and to comply with applicable cross-border data transfer requirements.

    2. Transfers from UAE: If you are in the UAE, be aware that your data may be processed outside the UAE. The UAE PDPL permits transfers of personal data to other countries that have been approved as having an adequate level of protection. In cases where data is transferred to a country that is not yet approved as adequate by the UAE Data Office, we ensure that appropriate safeguards are in place. Such safeguards may include standard contractual clauses (SCCs) or similar data protection agreements with the recipient of the data, obtaining your explicit consent for the transfer, or transferring as necessary to perform a contract you are involved in.

    3. Transfers from EEA/UK: If you are in the European Economic Area (EEA) or United Kingdom, your personal data may be transferred to countries outside the EEA/UK. When we transfer data internationally, we comply with the GDPR’s requirements. Typically, we rely on European Commission-approved Standard Contractual Clauses (SCCs) as our transfer mechanism, along with additional technical and organizational measures as needed. We may also rely on an adequacy decision (if the destination country is deemed by the EU to have adequate privacy laws) or, in limited cases, another derogation under Article 49 GDPR (such as your consent or necessity to provide the service). For example, data stored in the UAE or US will be governed by SCCs to ensure EU personal data remains protected.

    4. Transfers to the United States or Other Countries: Some of our service providers or team members may be located in the United States, India, or other jurisdictions. We ensure any such transfers comply with relevant law. This may mean, for instance, that for California residents, their data stored in the UAE or EU is protected by similar measures as within the US, and vice versa. Where the term “transfer” is used, it covers both direct transfers and remote access to data (for instance, an engineer in a different country might access data to fix an issue, which is considered a transfer too – we strictly control and log such access).

    5. Your Rights and International Transfers: We want to make sure you are aware that when your data moves to a different jurisdiction, it may be subject to that jurisdiction’s laws (for example, foreign governments might lawfully access data in their territory under certain conditions). However, our policy is to challenge unlawful or overbroad requests and to notify you whenever possible. We also maintain high standards of encryption and security (see Data Security below), so that your data is protected in transit and at rest, no matter where it resides.

    6. By using Omnium or submitting information to us, you understand that your personal data may be transferred to other countries. We will always handle it in accordance with this Privacy Policy. If required by law, we will seek your consent for international transfers or implement other necessary measures.

  9. DATA SECURITY MEASURES

    1. Omnium takes data security very seriously. We implement a variety of technical, administrative, and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. While no system can be 100% secure, we strive to follow best practices and continuously improve our safeguards. Below is an overview of our security measures:
      1. Encryption: All personal data is encrypted in transit and at rest. We use industry-standard encryption protocols. For example, data in transit between your device and our servers is protected using HTTPS/TLS encryption. Data at rest in our databases or storage is encrypted (using AES-256 or similar strong encryption standards). This means that even if someone were to gain unauthorized access to the stored data, it would be unintelligible without the decryption keys.
      2. Access Controls: We limit access to personal data strictly to authorized personnel who need it to operate our service. Within Avrioc/Omnium, employees and contractors operate under the principle of least privilege – they are only granted the minimum access necessary for their role. Access to sensitive systems and data is restricted to a small number of trained administrators, and requires authentication steps such as strong passwords and multi-factor authentication (MFA). We also log and audit accesses to our systems, so any access to user data can be traced and reviewed.
      3. Organizational Policies: We have internal policies and training for our staff regarding data protection and confidentiality. All team members who handle personal data are bound by confidentiality agreements. We conduct privacy and security training and awareness programs. We also have an appointed team or officer responsible for overseeing data protection compliance. Under PDPL and GDPR requirements, where needed, we have a designated Data Protection Officer (DPO) or similar role to ensure ongoing compliance and vigilance.
      4. Network and Application Security: Our platform is built with security in mind. We employ firewalls, intrusion detection/prevention systems, and continuous monitoring of our network to guard against attacks. We regularly update our software and dependencies to patch vulnerabilities. Our development practices include code reviews and security testing (including penetration testing by third-party experts) to identify and fix potential weaknesses. We also isolate customer data logically so that one customer’s data is segregated from another’s.
      5. Data Pseudonymization: In some cases, especially for analytics or testing, we replace personal identifiers with pseudonyms or use anonymized data sets so that individuals are not easily identifiable. This means developers or analysts working to improve the system might use synthetic or masked data rather than real personal data whenever possible.
      6. Backups and Resilience: We regularly back up data to prevent loss. Backups are encrypted and stored securely. We have disaster recovery and business continuity plans in place to ensure that even in case of an incident (like a natural disaster or system failure), data is not lost and service can be restored. We also ensure that if a backup or copy is no longer needed, we securely destroy it.
      7. Third-Party Security: When we engage third-party service providers (like hosting or email services), we vet their security practices. We choose reputable providers who also implement strong security (for example, major cloud providers with robust security certifications). We include in our contracts with them requirements to protect personal data and to notify us in case of any breaches. We also maintain a Data Processing Addendum with our subprocessors to ensure they uphold the same level of security commitment.
      8. Continuous Improvement: Cybersecurity threats evolve, and we continuously assess our security measures. We maintain an incident response plan and an on-call team to address any potential security events swiftly. We also run a bug bounty or responsible disclosure program that encourages security researchers to report any vulnerabilities they find in our platform, so we can fix them promptly.
      9. Despite all these measures, it is important to note that no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security of your data. However, we do everything reasonably possible to protect your information. In the unlikely event of a data breach that affects your personal data, we will notify you and relevant authorities as required by law (for instance, PDPL and GDPR mandate notification of certain breaches within specific timeframes). We appreciate your understanding and also encourage you to take steps on your end to keep your account secure, such as using a strong unique password and keeping your login credentials confidential.
      10. If you have any questions about the security of Omnium or suspect any vulnerability or incident, please contact us immediately at the contact information provided below. Your cooperation in reporting issues helps us keep everyone safe.
  10. YOUR RIGHTS AND CHOICES
    1. We respect your rights to your personal data. Depending on your jurisdiction (for example, under GDPR for EU users, PDPL for UAE users, or CCPA for California residents), you have a number of legal rights regarding the personal information we hold about you. This section describes those rights and how you can exercise them. We will honor your rights to the fullest extent required by applicable law, and in many cases even if not legally required, we strive to give you control over your information.
      1. Right to Access (Right to Know): You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of that data, as well as information about how we use it. This is sometimes called a Data Subject Access Request. For EU/UAE users, this means we will provide you with a copy of your personal data undergoing processing, along with details on the purposes, categories of data, recipients (if any), storage periods, and safeguards for international transfers. For California residents, the Right to Know entitles you to request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it. Upon request, we will provide either a full report of your data or a summary as required by law. In most cases, you can also view and download certain data by logging into your account (e.g., you can see your profile info, settings, and any content you have saved).
      2. Right to Rectification (Correction): You have the right to request that we correct or update any inaccurate or incomplete personal information we hold about you. If any of your information (such as your name or contact info) changes or is incorrect, please either update it directly in your account settings or let us know and we will fix it. For California residents, the CPRA amendment provides a right to correct inaccurate personal information as well. We may need to verify the new data you provide, but we will make the correction as requested, and if we have shared that data with others, we will inform them of the correction where required.
      3. Right to Deletion (Right to Erasure): You have the right to request that we delete your personal data, subject to certain exceptions. See the Data Retention and Deletion section above for details on how we handle deletion. If you ask us to delete your data, we will remove your personal information from our active systems and instruct our processors to do the same, unless retention is required for a specific lawful reason (which we will inform you of, if applicable). California residents have the right to request deletion of personal information we have collected from them (with exceptions such as if the data is needed to complete a transaction or for legal compliance). UAE PDPL and EU GDPR also include the right to erasure (“right to be forgotten”) in many circumstances. We will honor valid deletion requests within the timeframe required by law (typically within 30 days for GDPR/PDPL, and 45 days for CCPA/CPRA, with possible extension if necessary and permitted).
      4. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request that we transmit it to another controller where technically feasible. In other words, you can ask for an electronic copy of the data you have provided to us and that we have processed by automated means, so that you can reuse it or give it to another service. For example, you might want a copy of all your conversation history or uploaded files. We will provide this in a reasonable format (likely JSON, CSV, or similar standard format). Note that this right applies to personal data you provided or that was generated by your use of the service, not to our proprietary analysis or anything that isn’t personal data. We will assist with direct transfers to another service at your request if possible.
      5. Right to Restrict or Object to Processing: In certain situations, you have the right to restrict our processing of your data or to object to specific types of processing. Under GDPR/PDPL, you can request that we restrict processing if you contest the accuracy of the data, if the processing is unlawful and you prefer restriction over deletion, if we no longer need the data but you need it for legal claims, or if you have objected to processing and await verification of overriding grounds. During restriction, we will only store your data and not actively process it (except to the extent allowed, like with your consent or for legal reasons).
        1. You also have the right to object to processing that is based on our legitimate interests or for direct marketing. If you object to direct marketing, we will stop sending you marketing communications immediately. If you object to processing based on legitimate interests, we will evaluate whether our interests in the processing outweigh your privacy rights; if they do not, we will cease the processing in question.
        2. Under PDPL, you specifically have the right to object to processing that is contrary to the purposes you agreed to, or to stop processing altogether in some cases. PDPL even gives a right to stop use of personal data for marketing purposes explicitly, which we fully respect.
        3. California’s CCPA gives a related right to opt-out of the sale or sharing of personal information. While we do not sell data, if you still send an opt-out request, we will document it and ensure no such sale occurs. CPRA also gives a right to limit use of sensitive personal info, but since we do not collect sensitive info, this is not applicable except to confirm we already limit such data by not collecting it.
      6. Right to Opt-Out of Sale or Sharing (CCPA/CPRA specific): As mentioned, California consumers can direct a business that sells or shares personal info to stop doing so. Omnium does not sell or share personal data for cross-context behavioral advertising, so there is no ongoing sale or sharing to opt out of. If in the future we were to engage in any practice deemed a “sale” or “sharing” under CCPA (e.g., providing data to an ad network), we would implement a “Do Not Sell or Share” mechanism on our site. In any case, we honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing for California residents, as required by law.
      7. Right to Non-Discrimination: If you exercise any of your privacy rights, we will not discriminate against you for doing so. This means we won’t deny you our services, charge you different prices, or provide a lesser quality of service just because you made a privacy request. (However, note that deleting certain data or opting out of some processing might affect our ability to provide the same service – for example, if you refuse all cookies, the site might not remember your preferences; this is considered a consequence of the choice you made, not discrimination.)
      8. Right to Withdraw Consent: If we rely on consent to process your data, you have the right to withdraw that consent at any time. For example, if you consented to receive newsletters, you can unsubscribe (withdraw consent) at any time by clicking the unsubscribe link or contacting us. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. It simply means we will stop the processing going forward. If you withdraw consent for something essential (though we typically don’t rely on consent for essentials), we will inform you if we can no longer provide the service without that consent.
    2. Additional Rights (EU/UK/UAE):
      1. Right to Complain: You always have the right to lodge a complaint with a supervisory authority if you believe we have infringed your privacy rights. For EU users, this would be your local Data Protection Authority (DPA) or the lead DPA in the country of our EU representative. For UK users, the authority is the ICO. For UAE users, the UAE Data Office is the regulatory authority under the PDPL. We encourage you to contact us first so we can address your concerns directly, but you have the right to go to the authorities at any time.
      2. Automated Decision-Making: Omnium’s AI features may involve automated processing, but we do not make legally significant decisions about individuals solely by automated means without human involvement. Under GDPR/PDPL, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects. We ensure any AI-driven results that could significantly affect someone would be reviewable by a human. If you believe a decision or outcome from our platform has significant effects on you, you can request human review.
      3. Right to Object to Direct Marketing: We already covered this under objections, but to emphasize – if we ever were to do direct marketing, you can opt out at any time and we will cease.
      4. Exercising Your Rights: To exercise any of your rights, please contact us using the information in the Contact Information section. Typically, you will need to provide enough information for us to verify your identity (to protect your data from unauthorized access). For example, we may ask you to send the request from the email address associated with your account or to provide certain account-identifying information. For some requests, especially under CCPA, we may use a verification process that matches information we have on file (or use a third-party verification service). If you have an authorized agent making a request on your behalf (California concept), we will require proof of authorization and still take steps to verify identity.
      5. We will respond to your request within the timeframe required by law – generally within one month for GDPR/PDPL (with a possibility to extend by two further months if necessary, in which case we’ll inform you of the delay), and within 45 days for CCPA (with a possible 45-day extension). There is usually no fee for making a request, though excessive or unfounded requests may allow us to charge a reasonable fee or refuse, as permitted by law. We are committed to honoring your rights and ensuring you have control over your personal data. If you need any assistance understanding or exercising your rights, please reach out to us.
  11. ENTERPRISE ACCOUNT PROVISIONS
    1. Omnium serves not only individual users but also enterprise customers (organizations that use our platform for their teams or business operations). This section addresses specific considerations for enterprise use of Omnium, including data responsibilities and how we handle personal data in the context of enterprise accounts.
    2. Enterprise as Data Controller: When an organization (e.g., a company, institution, or any employer) provides Omnium to its personnel or uses it to process data about individuals, that organization is typically the data controller with respect to any personal data it inputs into Omnium. Avrioc Technology LLC (Omnium’s provider) in that scenario often acts as a data processor (or “service provider” under CCPA terminology) on behalf of the enterprise. This means we process the data only on the enterprise’s instructions and for the purposes they dictate, as agreed in our contract (often a Data Processing Addendum (DPA) is in place). Enterprise customers are responsible for ensuring that the personal data they collect and submit to Omnium is done in compliance with privacy laws (for example, they should have any necessary consents from their end-users or employees).
    3. Data Ownership in Enterprise Use: For content and data provided by an enterprise client, the enterprise usually retains ownership and control over that data. We will not access or use enterprise-provided data except as necessary to provide the service to that client and in accordance with our agreement. Enterprise administrators can typically add, modify, or delete user accounts within their Omnium workspace and may upload large datasets, which remain under their control.
    4. User Rights in Enterprise Context: If you are an individual using Omnium through an enterprise subscription (for example, your employer gave you access), your personal data in the platform might be subject to your employer’s privacy policy in addition to this one. Typically, if you have requests regarding your personal data (access, correction, deletion) for data that your employer provided or data that is a part of your enterprise account usage, it may be most effective to direct those requests to your enterprise (the data controller). We will cooperate with enterprise clients to fulfill data subject requests per the terms of our contract and the law. For instance, if an enterprise tells us to delete or return all personal data at the end of a contract, we will do so. If an enterprise forwards us a request from one of their users (e.g., an employee asking for deletion of their data), we will assist in fulfilling it. If you contact us directly about data from an enterprise account, we might need to forward your request to the appropriate enterprise administrator, as we cannot override the data controller’s decisions absent their instruction. However, rest assured that we will do our best to facilitate the exercise of rights.
    5. Administrative Access: Enterprise administrators have special privileges within Omnium. They may be able to view user activity within their organization’s workspace, such as login times, usage metrics, or even content that users generate if the system is configured that way. They may also set retention policies for their data on Omnium or connect Omnium with their other systems. We simply act on these configurations. For example, an enterprise might choose to integrate Omnium with their single sign-on (SSO) system for user authentication; in this case, we rely on what the SSO tells us about user login status.
    6. Separate Terms and Agreements: Enterprise customers likely have additional legal agreements with Avrioc (Omnium) beyond this Privacy Policy, such as a Master Service Agreement, Data Processing Agreement, and possibly customized privacy or security commitments. Those agreements will govern in the event of a conflict with this Privacy Policy, to the extent they specifically address an issue. However, typically this Privacy Policy still applies in general to all users. Enterprise contracts often include commitments from us to assist with compliance (e.g., we agree to certain security standards, to audit rights, or to notify of breaches promptly, as required by laws like GDPR/PDPL).
    7. Confidentiality: We treat all client data as confidential. For enterprise data, we often sign non-disclosure agreements. Even beyond personal data, any business-sensitive information that an enterprise processes through Omnium is protected by confidentiality clauses. We do not use enterprise data for any purpose other than providing the service to that enterprise.
    8. Subprocessors: Enterprise clients can request the list of subprocessors (third-party service providers) that we use to process their data. We maintain transparency so that enterprises know which vendors are involved (e.g., cloud hosting providers, email delivery services, etc.), and we contractually ensure each subprocessor meets strict data protection obligations.
    9. End of Contract Data Handling: When an enterprise contract ends, by default we will disable access to the enterprise’s Omnium workspace. The enterprise may request deletion or return of all data. We either securely erase or export the data according to the enterprise’s instructions (and consistent with our general retention policy and legal requirements). We do not keep enterprise data longer than necessary once our services are no longer used by them, aside from backups that will eventually cycle out, or minimal info for record-keeping (like the fact of having had a business relationship).
    10. Employee Monitoring: If you are using Omnium via your employer, be aware that your employer might have the ability to monitor your use of Omnium (as with any company-provided software). We recommend that you follow your employer’s policies regarding use of the service and that you have no expectation of complete privacy vis-à-vis your employer for data you store in a corporate Omnium account. However, vis-à-vis Omnium/Avrioc, we treat your data with strict confidentiality and do not disclose it to anyone outside of your organization per this Policy and our contract.
    11. In summary, for enterprise contexts: Avrioc acts as a responsible custodian (processor) of data on behalf of the enterprise (controller). We abide by data protection laws in this role by processing data only as instructed, implementing strong security, and helping the enterprise meet their compliance needs (for example, by notifying them of any data breaches, allowing audits, etc., as required by GDPR and PDPL for processors). If you have questions about how your data is handled in an enterprise setting, please reach out to your enterprise admin or to us.
  12. UPDATES TO THIS POLICY
    1. We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify users as appropriate to the significance of the changes:
      1. Posting of Revised Policy: We will post the updated Privacy Policy on our website (and within our app, if applicable) with a new “Last Updated” date. Please check this page periodically to stay informed of any changes.
      2. Notification of Material Changes: If we make any material changes that substantially affect your rights or how we use personal data, we will provide a more prominent notice. This may include emailing all registered users or displaying a notice within the service (for example, a banner or pop-up notification) prior to the change becoming effective. We may also ask for your consent to changes if required by law (for instance, if a new law requires new consent or if we plan to use data in a fundamentally different way that requires consent).
      3. Version History: For transparency, we may keep prior versions of this Privacy Policy and archive them. Upon request, we can provide earlier versions for your reference.
      4. Effective Date: Any changes will be effective when posted unless stated otherwise. If you continue to use Omnium after a new Privacy Policy takes effect, it will indicate your acceptance of the updated terms (to the extent permitted by law). If you do not agree with the changes, you should stop using the services and you may request deletion of your data.
    2. We encourage you to review this Privacy Policy whenever you access or use Omnium, to stay informed about our information practices and the choices available to you. Our commitment to your privacy means we will not reduce your rights under this Privacy Policy without obtaining your consent where required. We aim to always be transparent about any modifications.
  13. CONTACT INFORMATION
    1. If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please do not hesitate to contact us. We are here to help and address any issues you may have.
    2. Avrioc Technology LLC (Omnium) – Data Protection Team

    14. We will respond to inquiries as soon as possible, and in any event within any time frames required by law. If you are contacting us to exercise a privacy right, please describe your request with sufficient detail that we can understand and respond. We may need to verify your identity for certain requests, as explained in Your Rights.

    If you feel that we have not addressed your questions or concerns satisfactorily, you also have the right to contact your local data protection authority (for example, the UAE Data Office, or an EU Data Protection Authority, or the California Privacy Protection Agency, depending on your location). However, we sincerely welcome the opportunity to work with you directly first to resolve any issue.