Privacy Policy

Overview

This Privacy Policy describes how OmnyxAI ("Company," "we," "us," or "our") collects, uses, and protects information in connection with our AI-powered digital assistant services ("Services"). This policy applies to all users of our Services.

Information Collection & Account Information

We collect and maintain the following account-related information:

• Full name
• Email address
• Phone number (for voice calling features)
• Organization name (if applicable)
• Payment and billing information
• Profile preferences and settings

User Data

We store and process user data that is uploaded to or created within our Services, including but not limited to:

• Voice call recordings and transcriptions
• Email content and metadata
• Social media posts and scheduling information
• Documents, files, and content uploaded by users
• Data synchronized from connected third-party services
• User-generated content and configurations
• AI-generated responses and suggestions
• Calendar events and scheduling data

Connected Services Data

With explicit user consent, we may access and store data from third-party services that users choose to connect, including:

• Google Workspace (Gmail, Google Calendar, Google Drive)
• Microsoft 365 (Outlook, OneDrive)
• Social media platforms (Twitter/X, Instagram, LinkedIn, Facebook)
• Twilio for voice calling services
• Other productivity and storage services as authorized by the user

Technical Information

We collect technical data necessary for service operation and security, including:

• Authentication logs and session data
• Service access records and usage patterns
• System performance metrics
• API usage logs for connected services
• Device information and browser type
• IP addresses and geographic location data

Use of Information

The information we collect is used for:

• Account creation and management
• Service authentication and access control
• Providing AI-powered voice calling, email management, and social media automation
• Data storage, processing, and retrieval as requested by users
• Integration with third-party services as authorized by users
• Essential service communications and notifications
• System security and operational maintenance
• Service improvement and feature development
• Compliance with legal obligations
• Processing payments and managing subscriptions

Data Processing

User Content and Data

We store and process user data as part of our core service functionality. This includes data uploaded directly by users and data accessed from connected third-party services with proper authorization.

Third-Party Service Integration

Users may authorize connections to external services such as Google Workspace, Microsoft 365, social media platforms, and other productivity tools. Such integrations require:

• Explicit user consent for each service connection
• OAuth 2.0 or equivalent secure authorization
• Developer authorization where applicable
• Adherence to the connected service's terms and data handling requirements

Data accessed through these integrations is processed in accordance with user instructions and this Privacy Policy.

Third-Party AI Processing

When users elect to utilize artificial intelligence features (including voice transcription, email drafting, social media content generation, and memory retrieval), content may be processed by third-party AI service providers, including OpenAI, Google Gemini, Anthropic Claude, and specialized voice AI services. Such processing occurs solely at user direction and for the purpose of delivering requested functionality.

Data Security

Encryption

All data transmissions are protected using industry-standard encryption protocols (TLS/SSL) during transit between user systems and our infrastructure. Sensitive data at rest is encrypted using AES-256 encryption.

Infrastructure Partners

We utilize trusted third-party service providers for infrastructure operations:

• PostgreSQL for database services
• Vercel for application hosting and deployment
• Firebase for authentication services
• Stripe for payment processing
• Twilio for voice calling infrastructure
• Cloudflare for content delivery and security services

These providers are contractually bound to maintain appropriate security standards and data protection measures.

Information Disclosure

We do not sell, rent, or otherwise commercially distribute personal information. Information may be disclosed only in the following circumstances:

• To infrastructure service providers as necessary for service operation
• To third-party AI services when users elect to use AI features
• To connected third-party services as explicitly authorized by users (Google, Microsoft, social media platforms, etc.)
• To payment processors for billing purposes
• When required by applicable law or legal process
• To protect the rights, property, or safety of the Company or others
• In connection with a corporate transaction such as merger or acquisition

All third-party integrations and data sharing occur only with explicit user consent and authorization.

Data Retention and Deletion

Account information and user data are retained for the duration of the service relationship or as necessary to provide requested services. Users maintain control over their data and may delete content through service interfaces.

Data from connected third-party services is retained according to user preferences and service requirements. Users may disconnect third-party services at any time through the dashboard settings, which will stop future data synchronization. Previously synchronized data will be retained unless explicitly deleted by the user.

Users may request complete account and data deletion at any time by contacting us or using account deletion features in the dashboard. Data will be permanently deleted within 30 days, subject to legal retention requirements and technical processing timeframes.

User Rights

Subject to applicable law, users may:

• Request access to their account information and stored data
• Request correction of inaccurate information
• Request deletion of their account and associated data
• Manage connected third-party service integrations
• Revoke authorization for third-party service connections
• Object to certain processing activities
• Request data portability where technically feasible
• Opt-out of marketing communications
• Download their data in common formats (JSON, CSV)

Requests should be submitted through our designated contact channels or dashboard settings.

International Transfers

Information may be transferred to and processed in jurisdictions other than the user's country of residence, including the United States and other countries where our service providers operate. We implement appropriate safeguards to ensure adequate protection during such transfers.

Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated through appropriate channels, including email notification to account holders or prominent notice within our Services. The "Effective Date" at the top of this policy indicates when it was last updated.

Legal Compliance

This policy is designed to comply with applicable privacy and data protection laws, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• Children's Online Privacy Protection Act (COPPA)
• Other applicable federal, state, and international privacy laws

Contact Information

For privacy-related inquiries or to exercise your rights under this policy, contact us at: