Privacy Policy

Last Updated: 17-4-2026

This Privacy Policy explains how OmniForge VOF ("we", "us", "our") handles personal data across:

our public website and company interactions
OmniForge Desktop, which is designed around local, on-device processing
OmniForge Cloud, which is a hosted service

Because the desktop and cloud products have materially different data flows, this policy is split into separate sections below.

1. Who We Are

OmniForge VOF
Registered in the Netherlands
KvK Number: 98113747
Website: https://omniforge.online
Contact: contact@omniforge.online

2. Quick Guide

If you are...	Read this section...
Downloading, installing, or using OmniForge Desktop for local on-device workflows	Desktop Privacy
Creating an account, using hosted dashboards, billing, automations, or integrations in OmniForge Cloud	Cloud Privacy
Browsing our website, submitting a contact form, subscribing to the newsletter, or reviewing our legal pages	Website & company interactions below

3. Website & Company Interactions

When you interact with our public website or with OmniForge as a company, we may process:

contact details you submit through forms or email
newsletter subscription details, where you opt in
cookie consent choices
website analytics data, where analytics cookies are enabled with consent
billing and invoice details for commercial communications or transactions
support and business correspondence

We use this data to operate the website, respond to requests, send newsletters you asked for, manage consent, process billing, and comply with legal obligations.

4. Website-Related Third Parties

Our website and general company operations may involve the following providers:

Amazon Web Services (AWS) - site and infrastructure hosting. Privacy Policy
Cloudflare - DNS, CDN, website security, and performance services. Privacy Policy
Stripe - payment processing and limited billing/customer data handling. Privacy Policy
Resend - transactional and notification email delivery. Privacy Policy
Google Workspace - business communications and support. Privacy Policy
Google Analytics - website analytics, only after consent where required. Privacy Policy
Cookiebot (Usercentrics A/S) - cookie consent management. Privacy Policy

For more details about hosted-service vendors, see Cloud Privacy and our Sub-Processor Policy.

5. Desktop Privacy

OmniForge Desktop is a local-first desktop application. Its core document, recording, transcription, search, and AI workspace functionality runs on your Mac.

For core local desktop use, we do not upload the contents of your files, recordings, transcripts, prompts, or outputs to OmniForge servers.

5.1 What Stays Local

For core desktop workflows, the following stays on your device:

documents, recordings, transcripts, prompts, outputs, and local indexes
local AI inference used by the desktop app
recordings and transcriptions created in the app

5.2 What Can Leave Your Device

Even though the desktop app is local-first, some limited desktop-related activity can still involve network requests or information reaching our systems or trusted providers:

downloading the installer
checking for or downloading application updates
downloading local AI model files
contacting support or sending us information yourself
processing billing or invoicing if you purchase paid desktop features or related services
sending optional, opt-in anonymized product telemetry, if that feature is enabled in the desktop app
using an optional cloud-connected feature, if you explicitly choose to use one

5.3 Desktop Data We Process

Data Type	Purpose	Typical Legal Basis
Installer/download request data, IP address, and basic device/network metadata	Delivering the installer, preventing abuse, and maintaining service security	Legitimate interest
Update and model-download request data	Delivering desktop updates, local AI model files, and securing distribution infrastructure	Contractual necessity / legitimate interest
Support and contact information (for example email address and message content)	Responding to support, troubleshooting, and customer communications	Contractual necessity / legitimate interest
Optional anonymized desktop telemetry, if enabled by you	Improving the desktop product, diagnosing issues, and understanding product usage at an aggregate level	Consent
Billing and invoice data, if you purchase paid desktop features or related services	Payment processing, invoicing, accounting, fraud prevention, and legal compliance	Contractual necessity / legal obligation

For clarity:

the contents of files, recordings, transcripts, prompts, and outputs used in core desktop workflows stay on your device
if desktop telemetry is enabled, it contains anonymized usage data only and does not include file contents, recording contents, prompts, or outputs
if you intentionally share information with us, such as in a support request or optional cloud-connected feature, that shared data is no longer purely local and will be processed accordingly

5.4 How We Use Desktop-Related Data

To let you download and install the desktop app
To check for and deliver updates and local AI model files
To secure our download and update infrastructure
To provide customer support
To improve the desktop product where you have enabled optional telemetry
To process billing and keep legally required accounting records, where relevant

5.5 Desktop-Related Third Parties

Depending on how you interact with the desktop product, we may use:

Amazon Web Services (AWS) - installer distribution, update and download infrastructure, hosting, storage, and related platform services. Privacy Policy
Cloudflare - DNS, CDN, website security, and performance services. Privacy Policy
Stripe - payment processing and limited billing/customer data handling if you purchase paid desktop features or related services. Privacy Policy
Resend - transactional and support-related email delivery. Privacy Policy
Google Workspace - business communications and customer support. Privacy Policy

Website-only technologies such as Cookiebot and Google Analytics are described in the website sections above and do not form part of the core desktop app processing.

5.6 Your Controls

Depending on the feature, you may be able to:

use the desktop app without using cloud-connected features
disable automatic update checks in the application settings
disable optional telemetry in the application settings, if telemetry is offered in your version of the app
choose whether to share files, screenshots, recordings, or other information with support

5.7 Desktop Retention & Security

We keep desktop-related personal data only for as long as needed for the purposes described in this policy or as required by law.

In particular:

support and contact records are retained only as long as reasonably necessary to respond, troubleshoot, and maintain a record of support interactions
operational logs for download, distribution, and security are retained only as long as needed for reliability, abuse prevention, troubleshooting, and legal compliance
optional telemetry data, where enabled, is retained only as long as needed for product improvement, diagnostics, and security
billing, invoice, VAT, and transaction records are retained for 7 years where required to comply with Dutch tax and accounting obligations and similar EU record-keeping requirements

For the desktop product, privacy protection depends heavily on local device security as well as our own systems. You remain responsible for securing your Mac, local user account, and local storage.

6. Cloud Privacy

Unlike OmniForge Desktop, OmniForge Cloud is a hosted service. That means personal data connected to your account, billing, integrations, operations, and service usage may be processed on OmniForge-controlled infrastructure and by trusted service providers.

6.1 Cloud Data We Collect

Data Type	Purpose	Typical Legal Basis
Account data such as email address and profile details	Account creation, authentication, team access, and service communications	Contractual necessity
IP address, browser, device, and technical metadata	Security, fraud prevention, diagnostics, and service reliability	Legitimate interest
Usage and operational data	Feature delivery, troubleshooting, product improvement, and security monitoring	Legitimate interest
Integration identifiers (for example workspace, repository, channel, or account IDs)	Linking connected services to user or team accounts	Contractual necessity
Integration event metadata	Routing notifications, running automations, and coordinating connected workflows	Legitimate interest
Billing and transaction data such as name, billing address, VAT number, invoice details, payment status, and transaction identifiers	Payment processing, invoicing, accounting, support, and fraud prevention	Contractual necessity / legal obligation
Support and business communication data	Customer support, account assistance, and operational communications	Contractual necessity / legitimate interest

We do not store or retain message content or files from third-party integrations unless a specific hosted feature clearly tells you otherwise.

Payment card details are processed directly by Stripe. We do not receive or store your full card number or CVC, but we do receive limited customer and transaction information needed for billing, invoicing, support, fraud prevention, and accounting.

6.2 How We Use Cloud Data

To provide hosted accounts, dashboards, and automations
To authenticate users and manage teams or workspaces
To connect and operate third-party integrations
To respond to support requests
To process payments, issue invoices, prevent fraud, and keep required tax and accounting records
To secure the service and investigate abuse or technical issues
To improve user experience and service reliability
To comply with legal obligations

6.3 Cloud Third Parties & Integrations

We use the following third-party service providers to operate OmniForge Cloud:

Amazon Web Services (AWS) - hosting, storage, networking, and core platform infrastructure. Privacy Policy
Cloudflare - DNS, CDN, website security, and performance services. Privacy Policy
Stripe - payment processing, limited billing/customer data handling, invoicing support, and fraud prevention. Privacy Policy
OpenAI - AI model inference for product features. Privacy Policy
Anthropic - AI model inference for product features. Privacy Policy
Mistral AI - AI model inference for product features. Privacy Policy
Sentry - error monitoring, diagnostics, and product feedback tooling. Privacy Policy
Resend - transactional and notification email delivery. Privacy Policy
Google Workspace - business communications and customer support. Privacy Policy
Google Analytics - website analytics, activated only after consent where required. Privacy Policy
Cookiebot (Usercentrics A/S) - cookie consent management and compliance. Privacy Policy

If you choose to connect third-party integrations such as Slack, GitHub, GitLab, or Google services, those platforms also process data under their own privacy terms and policies.

6.4 Cloud Hosting, Retention & Security

Additional details about website tracking technologies are available in our Cookie Policy.

Cloud data is hosted within the European Union on AWS eu-north-1 (Stockholm) unless otherwise stated for a specific provider or feature.

If data is transferred outside the EU, for example when using certain model providers or other international service providers, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission where required.

We retain personal data only for as long as necessary for the purposes described in this policy, or as long as required by law.

In particular:

billing, invoice, VAT, and transaction records are retained for 7 years to comply with Dutch tax and accounting obligations and similar EU record-keeping requirements
consent and compliance logs are kept as long as reasonably necessary to demonstrate compliance, resolve disputes, and meet legal obligations
account, support, diagnostics, and operational data is kept only as long as needed to provide the service, protect the platform, resolve disputes, and comply with legal obligations

When you connect external platforms to OmniForge Cloud:

OAuth tokens are stored securely and encrypted
we access only the scopes explicitly granted during installation
event data from integrations is processed in real time and handled entirely in memory unless a specific feature clearly states otherwise

We implement appropriate technical and organizational security measures, including encrypted transport, encryption at rest where applicable, role-based access controls, and monitoring and operational safeguards.

7. Your Rights

We do not sell or share your personal data with third parties for their own marketing or commercial purposes. We only disclose data to trusted processors necessary to operate the service, under GDPR-compliant agreements.

Depending on applicable law, you may have rights of access, correction, deletion, portability, objection, and restriction regarding personal data we process about you.

To exercise your rights or ask a privacy question, email us at contact@omniforge.online. We will respond within 30 days of receiving your request.

8. Minors

Our services are not intended for children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, please contact us and we will investigate and, if appropriate, delete that data.

9. Contact & Complaints

If you have concerns about your data, contact us at contact@omniforge.online.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).