How we protect customer data, use AI providers, log sensitive activity, and support privacy rights. This page is public by design, so it explains the controls without exposing internal security details.
1. What We Protect
Omniops is built for ecommerce teams, so the service may process data from stores, support channels, payment workflows, and connected business tools. We treat the following as protected data:
- Customer conversations, support history, attachments, and contact details
- Order, shipping, return, refund, and ecommerce platform data
- Merchant business data, including store metrics, product data, and integration settings
- Integration credentials such as API keys, OAuth tokens, and webhook secrets
- Security, privacy, and admin audit records needed to operate the service
Our Data Processing Agreement describes the personal-data categories, subprocessors, transfer safeguards, and customer obligations in more detail. View our DPA. Individual privacy rights are documented on the GDPR rights page.
2. Data Security
Security principle
Secrets and credentials must stay server-side, encrypted where stored, and unavailable to browser code or AI tools unless a narrow, reviewed workflow requires it.
Security measures applied across the platform include:
- Tenant isolation at the application and database layers so one organisation cannot access another organisation's data
- Encrypted storage for integration credentials and other configured sensitive fields
- HTTPS/TLS for data in transit between users, the app, and subprocessors
- Server-only handling for privileged database keys, payment secrets, and integration credentials
- Least-privilege access controls for admin functions and high-risk automation
- Backup, monitoring, and incident-response processes for operational resilience
3. Your Data & AI
We do not use customer data for voluntary model training
Customer conversations and business data are processed to provide the service. We do not opt that data into provider model training or use raw customer data to train a general Omniops model.
How AI processing works:
- Customer and merchant data is sent to commercial AI API providers only when needed for the requested task
- We minimise prompts and tool results before model calls, including using temporary customer or order references where possible
- We avoid persistent assistant/thread storage for sensitive support prompts unless a feature specifically requires documented retention
- Provider retention depends on the endpoint, provider terms, and account controls described in our DPA/subprocessor records
- Global prompt and tool improvement uses aggregate, redacted, synthetic, or explicit opt-in data rather than raw customer transcripts by default
- Human review is available for AI-generated responses and high-impact actions use non-model permission checks
4. Logging and Audit Trail
What we log
We keep security and privacy audit records so we can investigate issues, prove that requests were handled, and monitor high-risk operations.
Audit logging covers:
- Sign-in, admin, privacy export, privacy deletion, and security-relevant events
- High-risk automation and tool actions, including actor, time, tenant, route, and outcome metadata
- Model/tool operation metadata needed for debugging and security review
- Bounded previews and cryptographic hashes for sensitive agent activity instead of raw unbounded command or prompt logs
- Redaction or omission of secrets, payment details, service-role keys, OAuth refresh tokens, and similar credentials
5. Regulatory and Privacy Rights
Omniops is a UK-registered company. The platform is designed to support UK GDPR, EU GDPR, CCPA-style rights, and AI transparency obligations where they apply. You can exercise these rights:
- Right to access: request a full export of all data we hold about you
- Right to erasure: request deletion of your account and associated data
- Right to portability: receive your data in machine-readable JSON format
- Right to rectification: correct inaccurate data we hold
- Right to know how AI is used: customer-facing AI interactions should be clear and not presented as human-only service
- Breach notification support: we notify affected business customers without undue delay when legally required
Self-service export and deletion is available in Dashboard Privacy Settings. Rights and limitations are documented on our GDPR rights page.
6. Infrastructure and Subprocessors
Core application and database infrastructure is hosted in the UK/EU. Some subprocessors, including AI and edge providers, may process data outside the UK/EU under contractual safeguards such as Standard Contractual Clauses and the UK IDTA where required.
- Application hosting: Hetzner Cloud, Germany (EU)
- Database: Supabase, EU region (Frankfurt)
- CDN and DDoS protection: Cloudflare
- AI subprocessors: commercial API providers listed in the DPA
- Payments, email, monitoring, and optional integrations: listed in the DPA subprocessor table
- Optional ecommerce and messaging integrations are active only when the customer connects them
The current subprocessor list, locations, purposes, and transfer mechanisms are maintained in our Data Processing Agreement.
7. Questions?
If you have questions about security, data handling, vulnerability reporting, or compliance, contact us directly:
Privacy and security
For data requests, DPAs, security questions, and vulnerability reports.
[email protected]