Privacy Policy

Omnistra is the data controller for the account and website data you provide to us. For end-user messages you send or receive through your connected channels, Omnistra acts as a data processor on your behalf, and you are the controller responsible for the lawful basis and notices to those end users.

When you connect a WhatsApp Business Account, Omnistra processes data on your behalf according to Meta's WhatsApp Business Solution Terms and Data Processing Terms:

• We receive end-user phone numbers, WhatsApp profile names, and message content sent to your business number.
• We send messages back through the WhatsApp Cloud API on your instruction.
• You confirm you have obtained valid opt-in from each WhatsApp recipient and have provided them with your own privacy notice covering WhatsApp communications.
• You can request deletion of WhatsApp conversation data at any time from the dashboard or by emailing us.
• Meta is an independent controller for data it holds about WhatsApp users; their handling is governed by the WhatsApp Privacy Policy.

When you connect TikTok (Messaging API, TikTok Shop, or Ads), Omnistra processes data on your behalf according to TikTok's Developer Terms and Data Processing Addendum:

• We receive TikTok user identifiers, display names, messages, and (for TikTok Shop) order and product data through TikTok's official APIs.
• We only use TikTok user data to provide the features you have enabled; we do not sell it or use it for unrelated advertising.
• You will obtain any consent required under TikTok's policies before initiating messages and will respect TikTok's reply windows.
• TikTok user data is deleted on user request, on disconnection of the integration, or when no longer needed for the purpose for which it was collected.
• TikTok is an independent controller for data it holds about its users; their handling is governed by the TikTok Privacy Policy.

We rely on: performance of contract (to deliver the service), legitimate interests (to secure and improve the service), consent (for marketing cookies and emails), and legal obligation (tax, fraud, regulatory requests).

We share data with subprocessors that help us run Omnistra (cloud hosting, payments, email delivery, error monitoring, AI model providers, channel partners like Meta and TikTok), all under appropriate contracts. We do not sell personal data. We may disclose data to comply with law or protect rights, property, and safety.

Data may be processed outside your country, including in the United States and the EU. Where required we rely on Standard Contractual Clauses or other approved transfer mechanisms.

We use strictly necessary cookies for login and security, and (with consent where required) analytics cookies to understand usage. You can manage cookies in your browser settings.

Account data is kept while your account is active and for a limited period afterwards for legal and backup purposes. Conversation data is kept according to your retention settings, then deleted.

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. Contact us to exercise these rights. You may also complain to your local data protection authority.

We use encryption in transit and at rest, role-based access controls, audit logs, and regular security testing. No system is 100% secure; please use a strong password and enable 2FA.

Omnistra is not intended for children under 16. We do not knowingly collect their data.

We will update this Policy from time to time. Material changes will be announced in-app or by email.

Privacy questions or requests: privacy@omnistra.ai.