← Back to home

Privacy Policy

MindOrbit UK Limited
Company No. 16526873
Effective: 5 September 2025
Last Updated: 5 September 2025

Executive Summary

We're committed to protecting your privacy. This policy explains in clear terms how MindOrbit UK Limited collects, uses, and protects your personal data when you use OmniPA. We collect only the data necessary to provide our AI-powered personal assistant services, never sell your information, and give you full control over your data through our granular consent system. You have the right to access, correct, delete, or export your data at any time.

  • What we collect: Account info, usage data, AI interactions (with your consent)
  • Why: To provide and improve our AI assistant services with privacy-first design
  • Your rights: Granular consent controls, access, correct, delete, export your data anytime
  • AI Privacy: Data anonymized before AI processing, consent required for each AI feature

1.0 Data Controller Information

1.1 Company Details

This privacy policy applies to the OmniPA application operated by:

  • MindOrbit UK Limited
  • Company Registration Number: 16526873
  • Contact Email: founder@omnipa.ai

1.2 Data Protection Officer

For data protection matters, you can contact our designated privacy team at founder@omnipa.ai.

2.0 Information We Collect

2.1 Account Information

  • Email address and display name
  • Profile information you choose to provide
  • Authentication data (encrypted passwords or OAuth tokens)
  • Account preferences and settings

2.2 Usage Data

  • Device information (device type, operating system, browser)
  • IP address and approximate location
  • App usage patterns and feature interactions
  • Performance and error logs

2.3 AI Interaction Data (with Consent)

Only collected and processed when you provide explicit consent for specific AI features:

  • AI Chat Data: Chat messages and AI conversations (requires ai_chat consent)
  • Goal Analysis Data: Goals, tasks, and progress information (requires goal_analysis consent)
  • Mood Insights Data: Mood logs and emotional patterns (requires mood_insights consent)
  • Travel Planning Data: Travel preferences and itineraries (requires travel_planning consent)
  • Calendar and scheduling data when connected
  • Shopping lists and preferences
  • Photos and files you upload for AI processing

2.4 Data Processing Audit Logs

  • Consent decisions and changes (with timestamps)
  • Data access and processing events
  • AI service interactions (anonymized)
  • Data subject rights requests and responses

3.0 How We Use Your Information

3.1 Service Provision

  • Provide AI-powered personal assistant services (with your consent)
  • Personalize your experience and recommendations
  • Sync data across your devices
  • Process your goals, tasks, and scheduling requests

3.2 AI Processing with Privacy Protections

  • Data Anonymization: Personal identifiers are removed before AI processing
  • Pseudonymization: Sensitive data is replaced with placeholders for AI services
  • Consent-Based Processing: AI features only process data you've specifically consented to
  • Rehydration Controls: Original data is restored only for your viewing, never stored by AI services

3.3 Service Improvement

  • Analyze usage patterns to improve features (with anonymized data)
  • Debug technical issues and improve performance
  • Develop new features based on user needs
  • Maintain audit trails for transparency and compliance

3.4 Legal Basis for Processing

We process your data based on:

  • Contract: To provide the services you've requested
  • Legitimate Interest: To improve our services and ensure security
  • Consent: For AI features, marketing communications, and optional data processing
  • Legal Obligation: To comply with applicable laws and maintain audit records

4.0 Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share data with trusted service providers who help us operate our service:

  • Cloud hosting providers (for data storage and processing)
  • AI service providers (OpenAI): Only anonymized data, only with your explicit consent
  • Analytics and performance monitoring services
  • Customer support and communication platforms

All third parties are contractually bound to protect your data and use it only for specified purposes.

4.2 AI Service Data Sharing Safeguards

  • Data is anonymized before sharing with AI services
  • Consent required for each type of AI processing
  • No raw personal data ever sent to AI services
  • AI service providers delete data immediately after processing
  • Full audit trail of all AI service interactions

4.3 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our terms of service

4.4 What We Don't Do

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We never share raw personal data with AI services - only anonymized, consent-based data.

5.0 Data Security and Retention

5.1 Security Measures

  • End-to-end encryption for sensitive data
  • Secure anonymization before AI processing
  • Regular security audits and vulnerability assessments
  • Access controls and employee training
  • Secure cloud infrastructure with industry-standard protections
  • Encrypted audit logs and consent records

5.2 Data Retention Policies

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Usage Data: Anonymized and retained for up to 2 years for analytics
  • AI Conversations: Retained according to your consent preferences, anonymized after processing
  • Consent Records: Retained for 7 years for legal compliance
  • Audit Logs: Retained for 3 years for security and compliance purposes
  • Legal Data: Retained as required by applicable laws

5.3 AI Data Processing Retention

  • Anonymized data sent to AI services is not retained by those services
  • AI interaction logs retained locally with encryption
  • Anonymization mappings securely stored and regularly purged
  • Consent history maintained for transparency and legal compliance

5.4 Data Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, not later than 72 hours after having become aware of it. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the breach to affected users without undue delay, per UK GDPR requirements.

6.0 Your Rights and Privacy Controls

6.1 Data Subject Rights

Under UK GDPR and applicable privacy laws, you have the right to:

  • Access: Request a copy of your personal data and AI processing records
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your personal data and AI interaction history
  • Export: Receive your data in a portable format
  • Restrict: Limit how we process your data
  • Object: Opt out of certain processing activities
  • Consent Management: Grant or revoke consent for AI features at any time

6.2 AI Privacy Controls

You have specific rights regarding AI data processing:

  • Granular Consent: Control each AI feature independently
  • Processing Transparency: View all AI interactions and data sent/received
  • Anonymization Levels: Choose your preferred data anonymization level
  • AI Opt-out: Disable all AI processing while keeping other features
  • Data Rehydration Control: Control when original data is restored from anonymized versions

6.3 How to Exercise Your Rights

  • In-App Privacy Settings: Access comprehensive privacy controls in your account settings
  • Email Requests: founder@omnipa.ai
  • Data Subject Requests: founder@omnipa.ai
  • Response Time: We respond to all requests within 30 days with detailed status updates

6.4 Consent Management

Your consent preferences are:

  • Version-controlled (current: v1.0.0) with full change history
  • Immediately effective when changed
  • Audited and logged for transparency
  • Accessible through your privacy dashboard
  • Granular per AI feature and data type

6.5 Authorized Agent Submissions

You may designate an authorized agent to submit requests on your behalf. We honor authorized agent submissions consistent with applicable requirements, including:

  • Verification of the agent's authority to act on your behalf
  • Confirmation of your identity and the validity of the request
  • Compliance with applicable state and federal laws governing agent submissions
  • Appropriate documentation demonstrating the agent-consumer relationship

7.0 International Transfers and Regional Compliance

7.1 International Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions where available
  • Additional safeguards for sensitive data
  • Enhanced anonymization for cross-border AI processing

7.2 Regional Privacy Laws

We comply with applicable privacy laws including:

  • UK GDPR: For UK residents
  • CCPA/CPRA: For California residents
  • Other U.S. State Laws: As applicable to your location

8.0 Children's Privacy

8.1 Age Requirements

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information, please contact us immediately.

8.2 Teen Users (13-17)

Users between 13-17 years old should have parental consent before using our service. We may require additional verification for teen accounts and enhanced privacy protections for AI features.

9.0 AI Data Processing and Privacy Protection

9.1 Consent Management System

We implement a granular consent management system that gives you complete control over AI data processing:

  • AI Chat Consent (ai_chat): Controls processing of your chat conversations for AI assistance
  • Goal Analysis Consent (goal_analysis): Controls AI analysis of your goals and tasks
  • Mood Insights Consent (mood_insights): Controls AI processing of your mood data
  • Travel Planning Consent (travel_planning): Controls AI assistance with travel planning

Your Control: Each AI feature requires separate consent. You can grant or revoke consent at any time through your privacy settings. Consent is version-controlled (current: v1.0.0) and all changes are logged for transparency.

9.2 Data Anonymization and AI Gateway

Before any data reaches AI services like OpenAI, we implement comprehensive privacy protections:

  • PII Redaction: Email addresses, phone numbers, and personal identifiers are automatically removed
  • Pseudonymization: Names, addresses, and sensitive information are replaced with placeholders
  • Configurable Redaction Levels: Minimal, standard, or aggressive anonymization based on data sensitivity
  • Anonymization Mapping: Secure storage of placeholder-to-original mappings for data rehydration

9.3 Third-Party AI Services

When you consent to AI features, we may use third-party AI services with strict privacy controls:

  • OpenAI Integration: Used for chat, goal analysis, and content generation (with anonymized data)
  • Data Processing Agreements: All AI service providers are contractually bound to protect your data
  • No Training Data Use: Your data is not used to train third-party AI models
  • Automatic Data Deletion: AI service providers delete your data after processing

9.4 Audit Trail and Transparency

  • Complete audit logs of all consent decisions and changes
  • Detailed records of AI processing events and data anonymization
  • Transparent logging of data sent to and received from AI services
  • User-accessible privacy dashboard showing all AI interactions

9.5 Automated Decision-Making Rights

You have the right to:

  • Request human intervention in AI-generated recommendations
  • Express your point of view regarding AI processing
  • Contest AI-generated decisions or suggestions
  • Opt out of specific AI processing features while maintaining others
  • Access detailed explanations of AI processing logic

9.6 Expected Consequences and Significance

Purpose: AI processing enhances your productivity through personalized insights, smart recommendations, and intelligent assistance.

Expected Benefits: More relevant suggestions, automated task organization, mood pattern insights, and travel planning assistance.

Privacy Impact: All AI processing uses anonymized data, with full audit trails and user control over consent preferences.

10.0 Cookies and Similar Technologies

10.1 What Cookies Are

Cookies are small text files stored on your device to help websites function properly, understand user behavior, and analyze usage patterns.

10.2 Types of Cookies Used

We use the following categories of cookies:

  • Essential/Functional Cookies: Required for core application functions such as authentication, security, and maintaining user sessions.
  • Analytics Cookies: Used to understand how users interact with our service to help us improve performance and feature sets.

10.3 Purposes and Retention

Essential cookies are retained only as long as necessary for your active session or login duration. Analytics cookies are retained for up to 2 years to track aggregate usage trends across the platform.

10.4 Managing Preferences

You can manage your cookie preferences through your web browser settings or through our in-app cookie management tool available in your account settings.

11.0 Direct Marketing

11.1 Electronic Marketing

Electronic direct marketing communications are sent only in compliance with applicable consent rules and soft opt-in conditions:

  • Explicit consent for new customers and non-customers
  • Soft opt-in for existing customers for similar products/services
  • Clear identification of the sender in all communications
  • Legitimate business contact information provided

11.2 Unsubscribe Mechanisms

Every marketing message includes:

  • Clear and prominent unsubscribe links or reply mechanisms
  • Simple, one-click unsubscribe process
  • Immediate processing of unsubscribe requests
  • Confirmation of successful unsubscription

11.3 Suppression Lists

We maintain comprehensive suppression lists to respect your communication preferences and ensure that opt-out requests are honored across all our marketing channels and campaigns.

12.0 Changes to This Policy

12.1 Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, technologies, or applicable laws. Updates will include:

  • Revised effective dates for all policy changes
  • Clear indication of material changes affecting your rights
  • Transparent communication about why changes were made
  • Reasonable notice period before significant changes take effect
  • Updated consent version numbers when AI processing terms change

12.2 Notification Methods

We'll notify you of significant changes through:

  • Email notifications to registered users
  • In-app notifications and banners
  • Consent dialog updates for AI processing changes
  • Website updates with change summaries
  • Version history of policy changes available on request

13.0 Contact and Complaints

13.1 Data Controller Contact

  • Company: MindOrbit UK Limited
  • Registration: Company No. 16526873 (England and Wales)
  • Privacy Email: founder@omnipa.ai
  • Data Subject Requests: founder@omnipa.ai
  • General Support: founder@omnipa.ai

13.2 UK Complaints

If your privacy concerns are not resolved to your satisfaction, you can contact the UK's supervisory authority:

  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Live Chat: Available on ICO website