Privacy Policy
Last Updated: 23 October 2025
1. Introduction
Protecting your privacy is our priority. This Privacy Policy applies to omni1.ai and its affiliated services (collectively, "Omni One," "we," "us," or "our") operated by Midaz Group Sp. z o.o., a company registered in Poland.
This policy describes how we collect, use, process, store, and disclose your information, including personal information, in connection with your access to and use of the Omni One platform and services.
By using Omni One, you consent to the data practices described in this Privacy Policy. We encourage you to read this policy carefully. If you have any questions, please contact us at hello@omni1.ai.
1.1 GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) and Polish data protection laws. As a data controller, we are committed to protecting your personal data and respecting your privacy rights.
2. Information We Collect
We collect information to provide, improve, and personalize our services. The types of information we collect include:
2.1 Information You Provide Directly
We collect personal information only when you voluntarily provide it to us, including:
Account Information:
Full name
Email address
Password (encrypted)
Country/region
Billing Information:
Credit card details (processed by Stripe, not stored by us)
Billing address
VAT number (if applicable)
Workspace Information:
Workspace name
Team member email addresses (when inviting users)
Workspace settings and preferences
Content You Create:
Chat messages and conversations
AI prompts and inputs
Projects and project descriptions
Uploaded files and media
Custom personas
System prompts
You provide this information when you:
Register for an account
Create or join a workspace
Subscribe to a paid plan
Use our AI chat services
Upload files or media
Invite team members
Contact our support team
2.2 Automatically Collected Information
When you use our services, we automatically collect certain information about your device and usage:
Device and Browser Information:
IP address
Browser type and version
Operating system
Device type and model
Screen resolution
Language preferences
Usage Information:
Pages visited within Omni One
Features used
Time spent on pages
Chat and project activity
Token consumption and usage patterns
Clicks and navigation paths
Error logs and performance data
Location Information:
Approximate location based on IP address
Time zone
This information helps us:
Operate and maintain the service
Improve service quality and performance
Analyze usage patterns
Detect and prevent fraud
Provide customer support
Comply with legal obligations
2.3 Cookies and Similar Technologies
We use cookies and similar tracking technologies to personalize your experience and analyze service usage.
Types of Cookies We Use:
Essential Cookies:
Authentication tokens
Session management
Security features
These cookies are necessary for the service to function and cannot be disabled.
Functional Cookies:
User preferences
Language settings
UI customizations
Analytics Cookies:
Usage statistics
Performance monitoring
Feature popularity tracking
Cookie Management:
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of Omni One.
Most browsers accept cookies by default. You can usually modify your browser settings to:
Block all cookies
Accept only first-party cookies
Receive notifications when cookies are set
Delete cookies after each session
3. How We Use Your Personal Information
We use your personal information for the following purposes:
3.1 Service Provision
Create and manage your account
Process your subscription and payments
Provide access to AI models and features
Enable workspace collaboration
Store and sync your conversations and projects
Process your AI requests through third-party providers
Deliver customer support
3.2 Service Improvement
Analyze usage patterns to improve features
Develop new features and services
Optimize AI model selection and performance
Enhance user interface and experience
Conduct research and analysis
Monitor and improve service reliability
3.3 Communication
Send transactional emails (account, billing, security)
Provide customer support responses
Send service updates and announcements
Notify you of important changes to Terms or Privacy Policy
Respond to your inquiries
3.4 Marketing (With Your Consent)
Send promotional emails about new features
Share product updates and tips
Offer special promotions or discounts
You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at hello@omni1.ai.
3.5 Security and Fraud Prevention
Detect and prevent fraudulent activities
Monitor for security threats
Enforce our Terms of Service
Protect our rights and property
Comply with legal obligations
3.6 Legal Compliance
Comply with applicable laws and regulations
Respond to legal requests and court orders
Protect against legal liability
Enforce our agreements
4. How We Share Your Information
We are committed to protecting your privacy. We do not sell, rent, or lease your personal information to third parties.
4.1 Third-Party Service Providers
We share information with trusted third-party service providers who help us operate our platform:
AI Model Providers (OpenRouter):
Your prompts and inputs are sent to AI model providers to generate responses
These providers are contractually prohibited from retaining your data (see Section 5)
No data is used for model training or improvement
Payment Processing (Stripe):
Payment information is processed by Stripe
We do not store complete credit card information
Subject to Stripe's Privacy Policy
Email Services (Plunk):
Email addresses for transactional and marketing emails
Subject to Plunk's Privacy Policy
Real-Time Communication (Ably):
WebSocket connections for real-time updates
Workspace synchronization data
Subject to Ably's Privacy Policy
Hosting and Infrastructure:
Cloud hosting providers for data storage
Content delivery networks (CDN)
Database services
All third-party service providers are required to:
Use your information only to provide services to us
Maintain confidentiality of your information
Comply with applicable data protection laws
Implement appropriate security measures
4.2 Workspace Team Members
When you use Omni One in a team workspace:
Your conversations, projects, and content are visible to other workspace members
Workspace Admins can view usage statistics and token consumption
Team members can collaborate on shared projects
4.3 Legal Requirements
We may disclose your personal information without notice if required to:
Comply with law, legal process, or court orders
Respond to lawful requests from public authorities
Enforce our Terms of Service
Protect our rights, property, or safety
Protect the rights, property, or safety of our users or the public
Investigate fraud or security issues
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. You will be notified via email and/or prominent notice on our website of any such change in ownership.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
5. AI Model Data Privacy Commitment
Omni One integrates with third-party AI model providers through OpenRouter. We are deeply committed to protecting the privacy and security of your data processed through AI models.
5.1 Data Non-Retention Policy
Strict Non-Retention: All AI model providers integrated with Omni One are contractually prohibited from retaining your data processed through their models, except as legally required for minimal operational purposes (typically 30 days or less).
No Training on Your Data: AI model providers cannot use your prompts, inputs, outputs, or any content for training, improving, or developing AI models.
Enterprise-Grade Privacy: We only work with AI providers who offer enterprise-level data privacy protections and agree to our data handling requirements.
5.2 What This Means for You
Your data processed through Omni One's AI features is protected:
Prompts you write are not used to train AI models
AI responses generated are not retained by model providers
Files you upload are processed securely and not stored by AI providers
Conversations remain private and are not shared with AI vendors beyond processing
5.3 Data Flow
You submit a prompt →
Encrypted transmission to our servers →
Forwarded to OpenRouter/AI provider →
AI response generated →
Response delivered to you →
Provider deletes request data per non-retention agreement
6. Data Retention
6.1 Account Data
We retain your account information and content for as long as your account is active or as needed to provide services.
6.2 Deleted Data
When you delete:
Individual conversations: Permanently deleted from our servers within 30 days
Projects: All associated data is permanently deleted within 30 days
Account: All data is permanently deleted within 90 days, except as required by law
6.3 Legal and Operational Requirements
We may retain certain information:
To comply with legal obligations (tax records: 5 years in Poland)
To resolve disputes
To enforce our agreements
For backup and disaster recovery (30 days)
6.4 Anonymized Data
We may retain anonymized, aggregated data indefinitely for analytics and research purposes. This data cannot be used to identify you.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
7.1 Technical Measures
Encryption: All data transmitted via HTTPS/TLS
Encryption at Rest: Database and file storage encrypted
Access Controls: Role-based access to systems and data
Authentication: Secure password hashing (bcrypt)
Security Monitoring: Continuous monitoring for threats
Regular Updates: Software and security patches applied promptly
7.2 Organizational Measures
Employee Training: Staff trained on data protection
Limited Access: Access to personal data on need-to-know basis
Confidentiality Agreements: All employees sign NDAs
Incident Response: Procedures for data breach response
Regular Audits: Security and compliance reviews
7.3 Important Security Notice
While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You acknowledge that:
Internet transmission has inherent security limitations
Security, integrity, and privacy of data exchanged cannot be guaranteed
You use the service at your own risk
Protect Your Account:
Use a strong, unique password
Do not share your credentials
Log out after using shared computers
Enable two-factor authentication (when available)
Report suspicious activity immediately
8. Your Privacy Rights (GDPR/RODO)
Under GDPR and Polish data protection law, you have the following rights:
8.1 Right of Access
You can request a copy of your personal data we hold.
8.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances:
Data no longer necessary for original purpose
You withdraw consent
You object to processing
Data processed unlawfully
8.4 Right to Restriction of Processing
You can request we limit processing of your personal data.
8.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
8.6 Right to Object
You can object to processing of your personal data for:
Direct marketing (at any time)
Legitimate interests (with valid grounds)
8.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
8.8 Right to Lodge a Complaint
You can file a complaint with the Polish data protection authority (UODO - Urząd Ochrony Danych Osobowych).
8.9 How to Exercise Your Rights
To exercise any of these rights, contact us:
Email: hello@omni1.ai
Subject Line: "GDPR Data Request"
Include: Your name, email, and specific request
We will respond within 30 days. We may request additional information to verify your identity.
9. International Data Transfers
9.1 Data Location
Your data may be processed in:
European Union (primary storage)
United States (third-party services like Stripe, OpenRouter)
Other countries where our service providers operate
9.2 Transfer Mechanisms
When transferring data outside the EU/EEA, we use:
Standard Contractual Clauses (SCCs) approved by the EU Commission
Adequacy decisions by the EU Commission
Other legally recognized transfer mechanisms
9.3 Data Protection
All international transfers comply with GDPR requirements. Third-party providers must provide adequate data protection.
10. Children's Privacy
Omni One is not intended for children under 18 years of age.
We do not knowingly collect personal information from individuals under 18. If you are under 18, do not:
Use or register for Omni One
Provide any personal information
Submit any content to the service
If we learn we have collected information from a child under 18, we will delete it immediately. If you believe we have information about a child under 18, please contact us at hello@omni1.ai.
11. Email Communications
11.1 Transactional Emails
We will send you transactional emails related to:
Account creation and verification
Password resets
Subscription and billing
Security alerts
Service updates
Support responses
You cannot opt out of transactional emails as they are necessary for account management.
11.2 Marketing Emails
With your consent, we may send:
Product updates and new features
Tips and best practices
Promotional offers
Surveys and feedback requests
11.3 Opt-Out
To stop receiving marketing emails:
Click "Unsubscribe" in any marketing email
Adjust preferences in your account settings
Email us at hello@omni1.ai
11.4 Email Tracking
We may track:
Email open rates
Link clicks
Device and location of opens
This helps us improve our communications. You can disable email tracking in your email client.
12. Third-Party Links and Services
Omni One may contain links to third-party websites, applications, or services not operated by us.
We are not responsible for:
Privacy practices of third-party sites
Content of external websites
Data collection by third parties
We encourage you to review the privacy policies of any third-party sites you visit.
Third-Party AI Model Providers:
While we require our AI partners to maintain strict privacy standards, they have their own privacy policies governing data processed through their services.
13. Data Processing Basis (GDPR)
We process your personal data under the following legal bases:
13.1 Contractual Necessity
Processing necessary to:
Provide services you've requested
Fulfill our contractual obligations
Manage your account and subscription
13.2 Consent
Processing based on your explicit consent for:
Marketing communications
Optional features
Non-essential cookies
You can withdraw consent at any time.
13.3 Legitimate Interests
Processing necessary for:
Service improvement and development
Fraud prevention and security
Customer support
Business analytics
We balance our legitimate interests against your privacy rights.
13.4 Legal Obligations
Processing required to:
Comply with laws and regulations
Respond to legal requests
Maintain tax and financial records
14. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
AI Model Usage: While our service utilizes AI models, the AI responses are tools you use, not automated decisions about you. You maintain control over how to use AI outputs.
15. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. When we make changes:
Notification Methods:
Email to your registered email address (for significant changes)
Prominent notice on omni1.ai
Updated "Last Updated" date at the top of this policy
Your Continued Use:
Continued use of Omni One after changes constitutes:
Acknowledgment of the modified Privacy Policy
Agreement to be bound by the updated policy
Significant Changes:
For material changes that reduce your rights, we will provide at least 30 days' notice and may require your explicit consent.
16. Data Controller Information
The data controller responsible for your personal information is:
Midaz Group Sp. z o.o.
ul. Polna 10
59-160 Radwanice
Poland
Email: hello@omni1.ai
Website: https://omni1.ai
Data Protection Contact:
For privacy-related inquiries or to exercise your GDPR rights:
Email: hello@omni1.ai
Subject: "Privacy Inquiry" or "GDPR Request"
17. Supervisory Authority
If you have concerns about how we handle your personal data, you can lodge a complaint with:
Urząd Ochrony Danych Osobowych (UODO)
Polish Data Protection Authority
ul. Stawki 2
00-193 Warsaw
Poland
Website: https://uodo.gov.pl
Email: kancelaria@uodo.gov.pl
You also have the right to lodge a complaint with the data protection authority in your country of residence or where an alleged infringement occurred.
18. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
18.1 Right to Know
Request information about personal data collected, used, shared, or sold in the past 12 months.
18.2 Right to Delete
Request deletion of your personal data (subject to exceptions).
18.3 Right to Opt-Out
We do not sell personal information. If this changes, you will have the right to opt out.
18.4 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
To Exercise CCPA Rights:
Email hello@omni1.ai with subject "CCPA Request"
19. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:
Midaz Group Sp. z o.o.
ul. Polna 10
59-160 Radwanice
Poland
Email: hello@omni1.ai
Website: https://omni1.ai
Response Time: We will respond to privacy inquiries within 30 days (GDPR requirement).
By using Omni One, you acknowledge that you have read, understood, and agree to this Privacy Policy.
Last Updated: 23 October 2025