Privacy Policy
Last updated: January 7, 2026
1. Introduction
Ompify ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WooCommerce product management platform at ompify.com and manage.ompify.com (collectively, the "Service").
This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.
2. Data Controller
The data controller responsible for your personal data is:
Ompify
Vilnius, Lithuania
Email: support@ompify.com
3. Information We Collect
We collect and process the following categories of personal data:
3.1 Account Information
- Name and email address
- Password (stored in hashed format)
- Profile information you choose to provide
- Billing address and payment information
3.2 WooCommerce Store Data
- Store URL and connection credentials (API keys)
- Product information (names, descriptions, prices, inventory)
- Category and attribute data
- Product images and media
3.3 Usage Data
- Log data (IP address, browser type, pages visited)
- Device information
- AI command history and interactions
- Feature usage statistics
3.4 Communication Data
- Support requests and correspondence
- Feedback and survey responses
- Email communication preferences
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance (Art. 6(1)(b)) |
| Processing payments | Contract performance (Art. 6(1)(b)) |
| Customer support | Contract performance (Art. 6(1)(b)) |
| Service improvement | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
5. How We Use Your Information
We use the collected information to:
- Provide and maintain the Service: Sync your WooCommerce products, process AI commands, and enable product management features
- Process transactions: Manage subscriptions, process payments, and send invoices
- Communicate with you: Send service notifications, respond to support requests, and provide updates
- Improve the Service: Analyze usage patterns, fix bugs, and develop new features
- Ensure security: Detect fraud, prevent abuse, and protect user accounts
- Comply with legal obligations: Maintain records required by law and respond to legal requests
6. Data Sharing and Third Parties
We share your personal data with the following categories of recipients:
6.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | AI-powered product features | Product data for processing |
| Stripe | Payment processing | Payment and billing data |
| Postmark | Transactional emails | Email address, name |
| Hetzner | Cloud hosting | All service data (encrypted) |
| Cloudflare | CDN and security | IP address, request data |
6.2 WooCommerce Integration
When you connect your WooCommerce store, we access and sync product data through the WooCommerce REST API. We store your API credentials securely using industry-standard encryption (libsodium). We do not access customer data, order data, or any personal information of your store's customers.
6.3 Legal Disclosures
We may disclose your data if required by law, court order, or governmental request, or to protect our rights, property, or safety.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with adequate protection as determined by the European Commission
- Other legally recognized transfer mechanisms
8. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Product data | Duration of store connection + 30 days |
| Billing records | 7 years (legal requirement) |
| Usage logs | 90 days |
| Support correspondence | 3 years from last interaction |
9. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of your personal data
- Right to Rectification (Art. 16): Request correction of inaccurate data
- Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Right to Restriction (Art. 18): Request limited processing of your data
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at support@ompify.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- API credentials: Encrypted using libsodium cryptographic library
- Access controls: Role-based access with principle of least privilege
- Infrastructure: Hosted in EU data centers with ISO 27001 certification
- Monitoring: Continuous security monitoring and incident response
- Regular audits: Periodic security assessments and penetration testing
11. Cookies and Tracking
We use cookies and similar technologies to provide and improve our Service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
12. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
We encourage you to review this policy periodically.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
General Support: support@ompify.com