Privacy Policy
Last updated: February 20, 2026
Omniveil AI LLC ("Omniveil", "we", "us", "our")
1. Introduction
This Privacy Policy describes how Omniveil AI LLC ("Omniveil") collects, uses, stores, and protects your personal information when you use the Omniveil platform and related services at omniveil.ai. By accessing or using our services, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our services.
2. Information We Collect
Account Information
When you create an account or sign in via Google OAuth, we collect your name, email address, profile picture, and authentication tokens necessary to maintain your session.
User Content
We store content you create and submit through the platform, including but not limited to:
- Messages and chat conversations
- Files and documents you upload
- Tasks, notes, and project data
- Voice recordings and generated media
Usage Data
We automatically collect certain technical information when you use our services, including your browser type and version, IP address, device information, pages visited, feature usage patterns, and server access logs. This data helps us maintain, improve, and secure the platform.
3. AI Processing
Omniveil uses artificial intelligence to provide its core functionality. When you interact with AI features on the platform, your messages are sent to the Anthropic Claude API for processing.
To provide accurate and context-aware responses, relevant context data — such as conversation history, task details, or referenced documents — may be included in API requests.
Anthropic does not use data submitted via its API to train its models. For more information, please refer to Anthropic's Privacy Policy.
4. Payment Processing
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. When you subscribe or make a purchase:
- Your credit card number, CVC, and full card details are collected and stored exclusively by Stripe.
- Omniveil never receives, processes, or stores your full card numbers.
- We retain only a Stripe customer ID, subscription status, and the last four digits of your card for reference.
- All payment transactions are encrypted and processed in compliance with PCI-DSS Level 1 standards.
5. Data Storage and Security
We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:
- Infrastructure: Data is hosted on secure VPS infrastructure with restricted access controls.
- Encryption at rest: Stored data is encrypted using industry-standard encryption algorithms.
- Encryption in transit: All data transmitted between your device and our servers is protected with TLS (Transport Layer Security).
- Access controls: Access to production systems is restricted to authorized personnel only, using key-based authentication.
- Backups: Regular automated backups are maintained to ensure data integrity and disaster recovery.
- Monitoring: Systems are continuously monitored for unauthorized access, anomalies, and security events.
6. Data Sharing
We do not sell your personal information to third parties. We share data only in the following limited circumstances:
- Anthropic — AI message processing via the Claude API, as described in Section 3.
- Stripe — Payment processing and subscription management.
- Google — OAuth authentication for account sign-in.
- Legal requirements — We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
7. Data Retention
- Active accounts: Your data is retained for as long as your account remains active and you continue to use our services.
- After cancellation: If you cancel your account, your data is retained for 30 days to allow for reactivation or data export requests.
- Permanent deletion: After the 30-day retention period, all personal data and user content are permanently deleted from our systems, including backups, within a reasonable timeframe.
8. Your Rights
You have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Export — Receive your data in a portable, machine-readable format.
- Correction — Request correction of inaccurate or incomplete personal data.
- Deletion — Request deletion of your personal data, subject to legal retention requirements.
- Restriction — Request that we restrict the processing of your data under certain circumstances.
- Objection — Object to the processing of your personal data for specific purposes.
- Portability — Request transfer of your data to another service provider where technically feasible.
To exercise any of these rights, please contact us at [email protected]. We will respond to all requests within 30 days.
9. European Users (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
Legal Bases for Processing
We process your personal data based on the following legal grounds:
- Contract performance — Processing necessary to provide you with the services you requested.
- Legitimate interests — Processing for our legitimate business interests, such as fraud prevention, security, and service improvement.
- Consent — Where you have given explicit consent for specific processing activities.
- Legal obligation — Processing required to comply with applicable laws and regulations.
International Data Transfers
Your data may be transferred to and processed in the United States. We implement appropriate safeguards for international transfers, including standard contractual clauses approved by the European Commission, to ensure your data receives an adequate level of protection.
Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed in violation of applicable data protection laws.
10. Cookies and Tracking
We use essential session cookies only. These cookies are strictly necessary for the operation of the platform and enable core functionality such as user authentication and session management.
We do not use advertising cookies, tracking pixels, or third-party analytics tools. We do not engage in cross-site tracking or behavioral advertising.
11. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to promptly delete that information. If you believe a child has provided us with personal data, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will provide at least 30 days' notice before the changes take effect, via email notification or a prominent notice on the platform. Your continued use of the services after the effective date of any changes constitutes your acceptance of the updated policy.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: