Privacy Policy

Effective date: May 27, 2026

1. Who we are

Omnidine ("Omnidine", "we", "us", "our") provides a unified inbox that lets restaurants manage customer conversations across Gmail, Microsoft Outlook, Instagram, and WhatsApp, with AI-assisted categorization and reply drafting. This Privacy Policy describes what data we collect, why we collect it, who we share it with, how long we keep it, and how you can request deletion.

This policy applies to the Omnidine web application available at app.omnidine.ai and to the channel integrations a restaurant connects to it.

2. Data we collect

We collect and process the following categories of data:

  • Account & profile data. Name, email address, hashed password, and authentication metadata you provide when registering an Omnidine account.
  • Restaurant configuration. Restaurant name, contact details, branding, team membership, and integration settings.
  • Channel content and metadata. When you connect a channel (Gmail, Outlook, Instagram, WhatsApp), we sync the conversations, messages, attachments, sender/recipient identifiers, timestamps, and labels needed to display your inbox and reply to customers.
  • AI-generated content. Classification labels (e.g. reservation, complaint), confidence scores, and draft replies generated from your messages.
  • Service logs. Limited technical logs (request timing, error traces, IP address) needed to operate, secure, and debug the service.

We do not buy or sell personal data, and we do not use your message content to train third-party AI models outside the processing necessary to provide the service to you.

3. How we use data

We use the data above to:

  • Display a unified inbox of conversations across your connected channels.
  • Categorize messages and surface priorities through AI labels.
  • Generate draft replies you can edit and send.
  • Operate, secure, and improve the Omnidine service.
  • Communicate with you about your account, support requests, and material changes to the service.

4. Legal bases for processing

Where applicable law (such as the EU/UK GDPR) requires a legal basis, we rely on: performance of the contract with the restaurant that subscribes to Omnidine; our legitimate interests in operating and securing the service; and, where required, your consent (for example, when you connect a third-party channel and grant the associated permissions).

5. Sub-processors and sharing

We share data with the third-party sub-processors below only to the extent needed to deliver the service. Each is bound by contractual confidentiality and data-protection obligations.

  • Convex — database and backend infrastructure where account data, restaurant configuration, and synced messages are stored.
  • Cloudflare — application hosting, edge networking, and DDoS protection for app.omnidine.ai.
  • Resend — transactional email delivery (account verification, password resets, notifications).
  • Google (Vertex AI & Gmail API) — AI categorization and draft generation, and the Gmail integration when a restaurant connects a Google mailbox.
  • Meta (Instagram & WhatsApp Business APIs) — Instagram and WhatsApp channel integrations when a restaurant connects a Meta-managed account.
  • Microsoft — the Outlook integration when a restaurant connects a Microsoft mailbox.

We may also disclose data to comply with a binding legal request, to enforce our terms, or to protect the rights, safety, and property of Omnidine, our users, or the public.

6. Google API Services User Data Policy (Limited Use)

Omnidine's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Gmail data to provide the user-facing inbox, classification, and reply features the restaurant has connected.
  • We do not transfer Gmail data to third parties except to provide or improve those user-facing features, comply with applicable law, or as part of a merger or acquisition with appropriate user notice.
  • We do not use Gmail data for serving advertisements.
  • We do not allow humans to read Gmail data unless we have explicit consent from the user, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or where the data is aggregated and used for internal operations consistent with the Limited Use requirements.

7. Meta Platform data (Instagram & WhatsApp)

When a restaurant connects an Instagram or WhatsApp Business account, Omnidine receives messages, contact identifiers, and metadata through Meta's Graph APIs solely to provide the unified inbox and reply features. We process this data in accordance with Meta's Platform Terms and Developer Policies, and we delete it on request as described below.

8. Data retention

We retain account and restaurant configuration data for as long as the subscription is active. Synced channel content and AI-generated labels and drafts are retained while the channel remains connected and the restaurant's account is active.

When a restaurant cancels its subscription, we delete or anonymize the associated data within 90 days, except where we are required to retain it to comply with a legal obligation, resolve disputes, or enforce our agreements. Service logs are kept for a short rolling window for security and debugging purposes.

9. How to request deletion

You can request deletion of your data in either of the following ways:

  • Email privacy@omnidine.ai from the address associated with your account and we will process the request manually within 30 days.
  • For Instagram and WhatsApp data, you can also trigger a deletion request through Meta's account settings; Omnidine receives the callback automatically and reports progress at /data-deletion using the confirmation code Meta provides.

You can also disconnect any connected channel from your Omnidine settings at any time, which stops further data sync from that channel.

10. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, email privacy@omnidine.ai. We will respond within the time required by applicable law.

11. Security

We use industry-standard technical and organizational measures to protect data in transit and at rest, including TLS encryption, encrypted storage at our sub-processors, and access controls limiting employee access to data on a need-to-know basis. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

12. International transfers

Our sub-processors operate globally, which means your data may be processed in countries other than the one in which you are located. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for transfers of personal data outside your home jurisdiction.

13. Children

Omnidine is a business product intended for restaurant operators and their staff. It is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at privacy@omnidine.ai and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify account owners by email or through the application.

15. Contact us

Questions, requests, or complaints about this policy or our handling of your data? Email privacy@omnidine.ai. We try to respond within a reasonable time and in any case within the period required by applicable law.