Plain-language summary: OmniDesk collects only the data needed to operate your account. Your data is stored exclusively on Canadian servers. We do not sell your data. Ever. You can export or delete your data at any time. This full policy explains the details.
01 Who We Are
OmniDesk is operated by [COMPANY LEGAL NAME], a corporation incorporated under the laws of [PROVINCE], Canada (hereinafter "OmniDesk", "we", "us", or "our").
Registered address: [FULL ADDRESS, CITY, PROVINCE, POSTAL CODE]
Privacy contact: [PRIVACY@OMNIDESK.CLOUD]
02 Scope of This Policy
This Privacy Policy applies to all personal information collected through:
- The OmniDesk website at omnidesk.cloud and all subdomains
- The OmniDesk web application at app.omnidesk.cloud
- OmniDesk mobile applications (iOS and Android)
- OmniDesk AI interactions via WhatsApp, Telegram, and in-app chat
- Any communication you send to us directly
03 Information We Collect
3.1 Information you provide directly
- Account data: name, email address, business name, province, preferred language
- Business data: clients, invoices, products, inventory, expenses, and other records you enter into OmniDesk
- Payment data: billing address and payment method details (processed by Stripe — we do not store full card numbers)
- Communications: messages you send to our support team or via OmniDesk AI
3.2 Information collected automatically
- Usage data: features used, pages visited, session duration, error logs
- Device data: browser type, operating system, screen resolution, IP address
- Cookies and local storage: session tokens, language preference, UI preferences (see Section 9)
3.3 Information from third parties
- Plaid: if you connect your bank account, Plaid provides transaction data and balance information with your explicit consent
- Stripe: payment confirmation and billing status
04 How We Use Your Information
We use your personal information only for the following purposes:
- To create and manage your OmniDesk account
- To deliver the OmniDesk platform and all its features
- To process payments and send billing notifications
- To power OmniDesk AI responses based on your business data
- To send transactional emails (invoice notifications, password resets, account alerts)
- To send product updates and waitlist communications — only with your explicit consent
- To investigate and resolve technical issues and support requests
- To comply with Canadian legal obligations including PIPEDA, CRA requirements, and applicable provincial laws
- To improve and develop OmniDesk features using aggregated, anonymized analytics
We do not use your data for advertising, profiling for third-party purposes, or sale to any third party.
05 Legal Basis for Processing
Under PIPEDA, we collect, use, and disclose personal information based on:
- Your consent: provided at account creation and for optional communications
- Contractual necessity: to perform the services you subscribed to
- Legitimate interests: for security monitoring, fraud prevention, and platform improvement
- Legal obligation: when required by Canadian law or regulatory authority
You may withdraw consent at any time (see Section 8 — Your Rights).
06 Data Storage and Location
Your data is stored exclusively on servers located in Canada. OmniDesk does not transfer personal information outside of Canada. This is a contractual commitment, not just a policy statement — it is reflected in our Terms of Service and in our agreements with all infrastructure providers.
Our infrastructure providers are:
- [PRIMARY HOSTING PROVIDER] — [DATACENTER LOCATION, CANADA]
- Stripe: payment processing — Stripe processes card data on its own infrastructure under PCI-DSS compliance; billing metadata is stored in Canada
- Plaid: bank connection data — subject to Plaid's own privacy policy; connection tokens stored in Canada
07 Data Retention
- Active accounts: data retained for the duration of your subscription plus 90 days after cancellation to allow re-activation or export
- After 90 days post-cancellation: all personal data is permanently deleted from production systems within 30 days, and from backups within 90 days
- Financial records: invoice data may be retained for up to 7 years to comply with CRA record-keeping requirements — retained in anonymized form after account deletion where possible
- Support communications: retained for 2 years from the date of last contact
- Waitlist data: retained until the waitlist closes or you request removal
08 Your Rights Under PIPEDA
As a Canadian resident, you have the following rights regarding your personal information:
- Right to access: request a copy of the personal information we hold about you
- Right to correction: request correction of inaccurate or incomplete information
- Right to withdrawal of consent: withdraw consent to certain processing; note this may affect your ability to use OmniDesk
- Right to deletion: request deletion of your account and personal data (subject to retention obligations in Section 7)
- Right to data portability: export your business data in CSV and PDF formats at any time from within the app
- Right to complain: file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
To exercise any of these rights, contact us at [PRIVACY@OMNIDESK.CLOUD]. We will respond within 30 days.
09 Cookies and Tracking
OmniDesk uses the following cookies and local storage mechanisms:
- Session cookie: required to keep you logged in — expires when you close your browser or after 30 days of inactivity
- Language preference: stores your selected interface language — persistent, stored in local storage
- UI preferences: stores display settings like sidebar state — persistent, stored in local storage
- Analytics: [ANALYTICS PROVIDER, e.g. Plausible / Umami — privacy-respecting, no cross-site tracking]
We do not use advertising cookies, third-party tracking pixels, or Facebook/Google remarketing pixels.
10 OmniDesk AI and Your Business Data
OmniDesk AI has access to your business data (clients, invoices, revenue figures, etc.) for the sole purpose of answering your questions and providing proactive insights. This data is:
- Used only within your account context — not shared across accounts
- Not used to train AI models shared with other users or third parties
- Processed through [AI MODEL PROVIDER] under a data processing agreement that prohibits use of your data for model training
- Transmitted over encrypted connections (TLS 1.2+) at all times
11 Children's Privacy
OmniDesk is a business software platform intended for use by adults aged 18 and over. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us with personal information, contact us immediately at [PRIVACY@OMNIDESK.CLOUD] and we will delete it.
12 Security
We implement industry-standard security measures including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Role-based access controls limiting employee access to production data
- Regular security audits and penetration testing
- Multi-factor authentication available for all accounts
- Automatic session expiry and anomaly detection
In the event of a data breach affecting your personal information, we will notify you and the Office of the Privacy Commissioner of Canada within 72 hours of becoming aware of the breach, as required by PIPEDA's Breach of Security Safeguards Regulations.
13 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to all account holders for material changes
- Require re-consent where legally required
Continued use of OmniDesk after the effective date of an update constitutes acceptance of the revised policy.