Privacy Policy
Last update on 13 May 2025
This Privacy Policy applies to the website omnicreate.ai and all its subdomains (the "Sites"), together with the OmniCreate web applications and services (the "Services"), owned and operated by Florian Woelki (Sole Proprietor Business, collectively, "Florian Woelki", "we", "us", or "our"). This Privacy Policy describes how we collect, use, share, and secure the personal information you provide to us. It also describes your choices regarding use, access, correction, and deletion of your personal information.
1. Definitions
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
The marketing site refers to all public-facing informational pages on our website. This includes content such as homepage, about us, contact information, product descriptions, blog posts, and support resources. Essentially, it's any part of the site accessed from the main omnicreate.ai domain that provides information about our products and services but does not require user login or interaction with the core functionalities of the web application.
The web application consists of all functional pages that require user authentication and are part of the OmniCreate service delivery. This includes, but is not limited to, personal profile settings. The web application is primarily accessed through URLs starting with /auth/, /user/, /plan/. These pages provide the interactive components of OmniCreate where users can manage their accounts.
2. What Data We Collect
We do not save or store your notes or note metadata. You, as the user, are solely responsible for saving, backing up, and managing your notes and any related metadata. If you choose to store your notes locally or use your own hosting solution (such as iCloud or a WebDAV server), your notes remain private and are not accessible to us. We do not collect, process, or transmit the content of your notes or their metadata.
If you use our AI-powered features, note content, user inputs, or metadata that you submit to these features may be sent to our AI provider, Groq, for processing. This information is used solely to provide you with the requested AI functionality (such as summarization or analysis) and is not stored by us after processing. For more information, please review the Groq Privacy Policy.
We collect both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.
We only collect and use your personal information when we have a legitimate reason for doing so. In each instance, we rely on one of the following legal bases as required by the General Data Protection Regulation (GDPR):
- Consent: For example, when you agree to the use of cookies or optional features.
- Contractual necessity: When processing is required to provide our services to you, such as account creation and authentication.
- Legal obligation: When we are required by law to process certain data.
- Legitimate interests: For purposes such as improving our services and ensuring security, provided these interests are not overridden by your rights and interests.
We do not sell your personal information or any data you enter into our Services in any way.
Third-party Services and Sub-processors
We share certain information with companies that may be considered our "sub-processors" under GDPR. This information is limited to the following:
Required for the Marketing Site
The following services are required for the operation of the OmniCreate marketing site:
- Cloudflare: We use Cloudflare as a DNS server, load balancer, and to host our static assets and client-side code. Privacy Policy for Cloudflare.
| Company | Purpose | Information Collected |
|---|---|---|
| Cloudflare | Network infrastructure | IP address |
Required for the Web Application and Desktop Application
The following services, in addition to the services required for the marketing site, are necessary for the OmniCreate web and desktop application:
- Supabase: We use Supabase to store user information, authenticate users, and host edge functions. Privacy Policy for Supabase.
- Polar.sh: We use Polar.sh to handle payments and subscriptions. Privacy Policy for Polar.sh.
- Brevo: We use Brevo to send transactional emails. Privacy Policy for Brevo.
- Groq: We use Groq as our AI provider for natural language processing features. When you use these features, the relevant note content, user inputs, or metadata you provide is sent to Groq for processing. Groq processes this data solely to provide the requested AI functionality and does not use it for other purposes. Privacy Policy for Groq.
| Company | Purpose | Information Collected |
|---|---|---|
| Supabase | Hosting infrastructure | IP address, email |
| Polar.sh | Payment provider | IP address |
| Brevo | Email delivery | IP address, email |
| Groq | AI processing (natural language processing) | Note content, user inputs, or metadata (when using AI features) |
If you do not use the AI-powered features, no note content, user inputs, or metadata is sent to Groq.
Please note that Supabase and Brevo only receive your personal information when and after you create a user account with OmniCreate.
Some of our third-party providers may process or store your data outside of your country of residence, including in the United States and the European Economic Area (EEA). We ensure that appropriate safeguards are in place for any international transfers of your personal data, such as Standard Contractual Clauses or similar mechanisms as required by applicable law.
3. How We Collect Information
We collect the following personal information from you:
Information That You Provide to Us About Yourself
When you sign up for the Services, we request information such as:
- Contact Information: such as name and email address.
- Unique Identifiers: such as username, account number or password.
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with the purpose of providing you with our Service’s core features.
Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.
Information Collected Automatically
When you visit our website, our servers automatically log standard data provided by your web browser. This may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error occurred, and other technical information related to the problem. You may or may not receive notice of such errors, even in the moment they occur, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Information Collected After Opt-In Permission
Upon your consent, we use cookies and similar technologies to collect information about your location and your activities on our website, as well as information about your device and log information. This is described in more detail below. These technologies collect anonymized Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data.
You can control the use of cookies at the individual browser level. If you choose to disable cookies, it may limit your use of certain features or functions on our website or service. We do not use, or allow the use of, cookies or similar technologies in connection with your customers’ data. See our Cookie Policy.
4. Security
The security of your personal information is important to us. We implement adequate measures to protect the personal information submitted to us, both during transmission and once it is received. We take steps to ensure that all source code, files and data remain private and confidential. Due to the sensitive nature of source code we take this very seriously and make it our primary concern for all customers. We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. If you have any questions about the security of your personal information, you can contact us at the contact information below.
We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. The AI-powered features process your data solely to provide the requested functionality and do not result in automated decisions about you.
5. Rights with respect to your information
You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Your rights
- Withdraw your consent at any time. You have the right to withdraw consent where your have previously given your consent to the processing of your Personal Data.
- Object to processing of your Data. You have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent.
- Access your Data. You have the right to learn if Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. You have the right to verify the accuracy of your Data and ask for it to be updated or corrected.
- Restrict the processing of your Data. You have the right, under certain circumstances, to restrict the processing of your Data. In this case, we will not process your Data for any purpose other than storing it.
- Have your Personal Data deleted or otherwise removed. You have the right, to obtain the erasure of your Data from us.
- Receive your Data and have it transferred to another controller. You have the right to receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on your consent, on a contract which you is part of or on pre-contractual obligations thereof.
- Lodge a complaint. You have the right to bring a claim before your competent data protection authority.
How to exercise these rights
To exercise your rights, such as requesting or deleting your data, please contact us through the contact details provided below. Requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.
6. Data Retention
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. In certain circumstances, we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Even if you delete your account, keep in mind that deletion by our third-party providers may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time.
All data you enter into our Service will be deleted from our databases within 30 days of you deleting your account. Additionally, any remaining information will be removed from our backups within 3 months after account deletion. If you wish for your personal data to be completely removed from our customer relationship management platform and other third-party service, please send us an explicit request via email. Include your user details and a brief description of your request to facilitate the prompt processing of your data deletion.
7. Policy regarding children
Our services are not directed at children under the age of 16, and we do not knowingly collect personal information from anyone under 16 years of age in the European Union. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so that we can take appropriate action.
8. Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
9. Changes to this policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
10. Contact
If you have questions or concerns about this privacy policy, please contact us at [email protected].