Privacy Policy

Welcome to Omnid ("we", "our", "us"), a product of CUPOC, INC (cupoc.io). We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our mobile application, web application, and backend services (collectively, the "Service").

If you do not agree with the terms of this Privacy Policy, please do not access the Service. This policy is accessible at any time at omnid.io/privacy-policy.

We collect information in the following categories:

2.1 Account & Identity Information
When you register or use the Service, we may collect: name, email address, phone number, username, profile photo, and authentication credentials (including passkeys / WebAuthn data).

2.2 Profile & Content Data
Any information you voluntarily add to your Omnid profile, including notes, ideas, connections, social links, and other user-generated content.

2.3 Device & Usage Data
We automatically collect certain technical information when you access the Service: IP address, device type, operating system version, app version, browser type, pages or screens viewed, access timestamps, and crash/error data.

2.4 Payment & Billing Information
If you purchase a subscription or paid feature, billing is processed by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details on our servers. We receive limited billing metadata from Stripe (e.g., last four digits, card brand, billing address, subscription status) for account management purposes.

2.5 AI Interaction Data
When you use AI-powered features (powered by Grok/xAI, Anthropic Claude, or Google Gemini), the content of your prompts and the Service's responses may be processed by those providers. We may log these interactions for safety, quality assurance, and debugging purposes, subject to our retention policies.

2.6 Communications
If you contact us for support or send us feedback, we collect the content of those communications and your contact details.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Authenticate users and maintain account security (including WebAuthn / passkeys).
• Process payments and manage subscriptions via Stripe.
• Send transactional emails (account verification, password resets, billing receipts) via Resend.
• Respond to support requests and provide customer service via Crisp.
• Monitor and improve the performance and reliability of the Service (error tracking via Sentry).
• Deliver AI-powered features using Grok (xAI), Anthropic Claude, and Google Gemini.
• Analyze usage patterns to improve the product.
• Comply with legal obligations and enforce our Terms of Service.
• Detect and prevent fraud, abuse, and security threats.

We process your personal data on the following legal bases (where applicable under GDPR): contract performance (to provide the Service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (marketing communications, where required), and legal obligation.

We do not sell your personal data. We share your information only in the following circumstances:

4.1 Subprocessors
We use the following third-party service providers ("subprocessors") to operate the Service. Each has been evaluated for data protection practices:

CUPOC, INC is headquartered in the United States. Several of our subprocessors are also based in the United States. If you are accessing the Service from outside the United States (including from the European Economic Area, United Kingdom, or Switzerland), your data may be transferred to and processed in the United States and other countries.

For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for cross-border data transfers, as incorporated in the Data Processing Agreements (DPAs) with each subprocessor listed above.

We implement industry-standard administrative, technical, and physical security measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS).
• Encryption of sensitive data at rest.
• Passkey / WebAuthn-based authentication to eliminate password vulnerabilities.
• Access controls and least-privilege principles for internal systems.
• Real-time error and anomaly monitoring via Sentry.
• Cloudflare DDoS protection and Web Application Firewall (WAF).

Payment card data is processed exclusively by Stripe and is never transmitted to or stored on our servers. Stripe is a PCI DSS Level 1 certified service provider.

No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide you the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or fraud-prevention purposes.

Billing records are retained for up to 7 years to comply with tax and accounting obligations. Error logs and security logs may be retained for up to 90 days.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1 For All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request a machine-readable export of your data.

8.2 EEA / UK Users (GDPR)
In addition to the rights above, you have the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority.

8.3 California Residents (CCPA / CPRA)
California residents have the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell your data), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at privacy@omnid.io. We will respond within 30 days (or as required by applicable law).

We use essential cookies and similar tracking technologies to operate the Service (e.g., session tokens, authentication state). We do not currently use third-party advertising or tracking cookies.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

Omnid includes AI-powered features that process your inputs using large language models (LLMs) provided by third-party AI providers (Grok/xAI, Anthropic Claude, and Google Gemini). When you use these features:

• Your prompts and content are sent to the relevant AI provider for processing.
• Each provider's privacy policy and data processing agreement governs how they handle that data.
• We do not use your personal data to train AI models without your explicit consent.
• AI outputs are generated automatically and may not always be accurate. Do not rely on AI responses for legal, medical, or financial advice.

The Service is not directed to anyone under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected data from a child, please contact us at privacy@omnid.io.

We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top of this page and, where required by law, notify you by email or in-app notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

For privacy-related questions, data subject requests, or concerns about this policy, please contact us:

CUPOC, INC
1013 Centre Road, Suite 403-B
Wilmington, DE 19805
United States
Phone: 302-497-7115
Email: privacy@omnid.io
Website: omnid.io