Privacy Policy

OMIE collects the following data categories, each only when you provide it or opt in:

• Account info — email, name, company name, role.
• Business context — onboarding answers, ICP, offer, voice model, writing preferences, connected integrations.
• Surface credentials — session cookies for web surfaces you authorize (Gmail, LinkedIn, etc.). Encrypted at rest.
• Usage data — which features you use, execution history, task outcomes.
• Phone numbers — only for users who enable SMS in Settings → Messaging.
• Intelligence signals — market data, competitor moves, content performance drawn from your connected platforms.
• Chat conversations — messages you exchange with Ask OMIE for context-grounded responses.

• Operate the service. Deliver intelligence, generate content, execute tasks on authorized surfaces.
• Improve your recommendations. The intelligence layer uses your data to produce increasingly specific predictions for your company.
• Act on your behalf. Execute confirmed tasks and scheduled routines on surfaces you've connected.
• Send notifications. Email, push, and SMS (SMS only if you've opted in).
• Cross-company universal configs. When multiple companies successfully run the same logical task on the same surface, OMIE distills a reusable step sequence. These configs contain DOM selectors and step order — never business data, credentials, or personal information.

Every company's data is isolated at the database layer using row-level security (RLS). One company cannot read another company's rows even through the same API.

• Per-company RLS policies on every table that holds company data.
• Cross-company intelligence is anonymized before cross-pollination — we surface patterns, not identities.
• Universal surface configs contain only step sequences (click here, fill there). They never include credentials, text values you filled in, or any business context.

We do not sell your data. OMIE uses a small set of third-party services to deliver the product; each processes only what's necessary for its role:

• Anthropic — Claude API for intelligence and content generation.
• OpenAI — embeddings for semantic surface resolution.
• Supabase — managed PostgreSQL + authentication.
• Vercel — hosting and edge delivery.
• Twilio — SMS delivery (only for SMS-opted-in users).
• Resend — transactional email.
• Nango — OAuth connection management for integrations.
• GitHub — auto-publishing of generated blog posts to your repo (only if you enable it).

We disclose data when legally required (valid subpoena, court order) and will notify you first unless prohibited by law.

When you authorize a surface, the omieOS browser extension captures the session cookies the surface requires for authenticated access. These cookies are:

• Captured only from surfaces you explicitly connect.
• Encrypted with AES-256-GCM at rest before storage.
• Used only to execute tasks you or OMIE's autonomous layer initiate on your behalf.
• Never shared between companies.
• Revocable at any time from Settings → Integrations; revoked credentials are removed from active use immediately.

Phone numbers are stored only for users who opt in to SMS messaging. Opt-in is affirmative and recorded with a timestamp. We use your phone number to:

• Send task confirmations, execution results, and intelligence alerts.
• Receive your text commands and replies to OMIE.

We do not share phone numbers with third parties for marketing purposes. Twilio handles the SMS transport and processes your number only to deliver messages. Reply STOPto any OMIE message to unsubscribe; your number is removed from our messaging system within 24 hours.

• Active accounts. Your data is retained while your account is active.
• Deleted accounts. Data is removed within 30 days of account closure.
• Execution history. Retained while active to feed distillation; successfully-distilled rows are archived after 90 days.
• Intelligence signals. Retained long-term to fuel compounding intelligence about your company's patterns.
• SMS logs. Stored for 90 days for abuse and delivery diagnostics, then deleted.

• AES-256-GCM encryption for surface credentials and BYOK API keys.
• Row-level security on all database tables that hold company data.
• HTTPS everywhere. No credentials transmitted over the network in plaintext.
• The omieOS Desktop bridge binds to 127.0.0.1 only — local execution traffic never leaves your machine.
• Supabase authentication with passwordless magic-link fallback.

No system is perfectly secure. If we discover a breach affecting your data, we will notify affected users within 72 hours of discovery.

• Access. Request a copy of your data at any time.
• Correction. Update profile information from Settings, or email us for data stored outside the UI.
• Deletion. Request account and data deletion via Settings → Account or by emailing privacy@askomie.ai.
• Portability. Export your data in standard formats (JSON, CSV) on request.
• Opt-out. Unsubscribe from SMS (reply STOP), email (unsubscribe link), or push (device settings) at any time.
• Restriction and objection. Where applicable under your jurisdiction's privacy laws (GDPR, CCPA, etc.), you may restrict or object to specific processing.

For any privacy request, email privacy@askomie.ai. We respond within 30 days.

OMIE is not directed to children under 18 and we do not knowingly collect personal information from anyone under that age.

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before they take effect.

Privacy questions: privacy@askomie.ai
General support: support@askomie.ai