Privacy Policy

Last updated on December 3, 2025

Data Controller: Oomol Studio Limited Registered Address: China Resources Building, 26 Harbour Road, Wan Chai, Hong Kong

At Oomol, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, store, and protect your data when you use our AI workflow automation platform.

By using Oomol, you consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please refrain from using Oomol.

1. Information We Collect

1.1. Information You Provide Directly

Account Information: When you create an account, we collect:

Name and username
Email address
Password (encrypted storage)
Profile photo (optional)
Company/organization name (optional)

Payment Information: When you subscribe to paid services, our payment processor (such as Stripe) collects:

Credit or debit card information
Billing address
Note: Oomol does not directly store your complete payment card information

User Content: Content you create or upload while using Oomol, including:

Workflows and AI tool configurations
Code and scripts
Uploaded files and data
Project descriptions and documentation
Comments and feedback

Communication Information: When you contact us:

Support requests and conversation records
Survey feedback
Community forum posts

1.2. Automatically Collected Information

Usage Data: We automatically collect information about how you use Oomol:

Features and pages accessed
Workflows executed
AI services used and API call counts
Session duration and frequency
Error logs and crash reports

Device and Technical Information:

IP address and approximate location (based on IP)
Device type, operating system, and browser
Device identifiers
Screen resolution and language preferences

Cookies and Tracking Technologies: We use the following technologies:

Essential Cookies: For authentication and basic functionality
Analytics Cookies: To understand usage patterns (e.g., Google Analytics)
Functional Cookies: To remember your preferences
Third-Party Cookies: From our service providers

You can manage Cookie preferences through your browser settings. For details, see our Cookie Policy.

2. How We Use Your Information

We use the collected information for the following purposes:

2.1. Providing and Improving Services

Create and manage your account
Provide features and services you request
Process transactions and send related notifications
Provide customer support
Monitor and improve platform performance
Fix errors and technical issues
Develop new features and services

2.2. Communication

Send service-related notifications (e.g., system maintenance, security alerts)
Respond to your inquiries and requests
Send product updates and new feature announcements
Solicit feedback and conduct surveys
Send marketing information (you can opt out)

2.3. Analytics and Research

Analyze usage trends and user behavior patterns
Generate aggregated statistics and analytical reports
Conduct A/B testing and product experiments
Improve our AI algorithms and recommendation systems

2.4. Security and Compliance

Detect, prevent, and respond to fraud, abuse, and security threats
Verify user identity and prevent unauthorized access
Comply with legal obligations and enforce our Terms of Service
Protect the rights and safety of Oomol, our users, and the public

2.5. AI Model Training (Limited)

We do not use your private User Content to train AI models
We may use the following data to improve services:
- Publicly shared content (according to your license settings)
- Aggregated and anonymized usage data
- Error reports and crash logs
You can opt out of certain data uses in account settings

We value your privacy. We do not sell your personal information. We only share your information in the following limited circumstances:

3.1. Service Providers

We share information with trusted third-party service providers who help us operate and improve Oomol, including:

Cloud Hosting Services: Such as AWS, Google Cloud (for data storage and computing)
AI Service Providers: Such as OpenAI, Anthropic (when you use related features)
Payment Processors: Such as Stripe (for processing payments)
Analytics Services: Such as Google Analytics (for usage analysis)
Customer Support Tools: Such as Zendesk (for support requests)
Email Services: Such as SendGrid (for sending notifications)

All service providers are bound by confidentiality obligations and may only use your information for the purpose of providing services.

When you publicly share workflows or AI tools, other users can view and use that content
Your public profile information (such as username, avatar) may be visible to other users
Content you post in community forums or comments is public

3.3. Legal Requirements

We may disclose your information if:

Required to comply with laws, regulations, court orders, or government requests
Necessary to enforce our Terms of Service and other agreements
Necessary to protect the rights, property, or safety of Oomol, our users, or the public
Necessary to detect, prevent, or respond to fraud, security, or technical issues

3.4. Business Transfers

If Oomol is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of the transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

Outside of the above circumstances, we will share your personal information only after obtaining your explicit consent.

4. Data Security

We take data security very seriously and implement multiple layers of security measures to protect your information.

4.1. Technical Security Measures

Encryption: Data in transit uses TLS/SSL encryption; data at rest uses AES-256 encryption
Access Control: Strict permission management and multi-factor authentication (MFA)
Network Security: Firewalls, intrusion detection systems, and DDoS protection
Security Audits: Regular security assessments and penetration testing
Data Isolation: Logical data isolation in multi-tenant environments

4.2. Organizational Security Measures

Employees can only access customer data on a need-to-know basis
All employees sign confidentiality agreements and receive security training
Data access logging and monitoring systems are implemented
Security incident response plan is established

4.3. Security Limitations

While we take reasonable precautions, no method of transmitting data over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4.4. Your Responsibility

You also have a responsibility to protect your account:

Use strong passwords and change them regularly
Do not share your password with others
Enable multi-factor authentication
Report any suspicious activity promptly

4.5. Data Breach Notification

If a data breach occurs that may affect your personal information, we will:

Notify affected users within 72 hours of discovery
Explain the nature and impact of the breach
Provide remedial measures and protection recommendations
Report to relevant regulatory authorities (if applicable)

5. Data Retention and Deletion

5.1. Data Retention Periods

We retain your personal information only for as long as necessary:

Account Data: While your account is active
Usage Data: Typically retained for 24 months for analysis
Payment Records: Retained for 7 years per tax and accounting requirements
Support Records: Retained for 3 years for quality assurance
Legal Obligation Data: Retained as required by law

5.2. Account Deletion

When you delete your account:

Your profile and account information will be deleted within 30 days
Your private User Content will be permanently deleted
Publicly shared content may still be visible (if copied by other users)
Some data may be retained due to legal requirements

5.3. Data Export

Before deleting your account, you can:

Export your workflow and project data
Download files you uploaded
Request a copy of your personal data

6. Your Privacy Rights

Depending on applicable laws (such as GDPR, CCPA), you have the following rights regarding your personal information:

6.1. Right to Access

You have the right to know what personal information we have collected about you and to receive a copy of that information.

6.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information.

6.3. Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information, except in the following cases:

Necessary to complete a transaction or provide services
Required to comply with legal obligations
For the exercise of freedom of expression or research purposes
For internal lawful purposes

6.4. Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller.

6.5. Right to Object

You have the right to object to:

Processing of your personal information for marketing purposes
Data processing based on legitimate interests
Automated decision-making and profiling

6.6. Right to Restrict Processing

In certain circumstances, you have the right to restrict how we use your personal information.

If we process data based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.8. Exercising Your Rights

To exercise these rights, please contact us at privacy@oomol.com. We will respond to your request within 30 days.

Identity Verification: To protect your privacy, we may need to verify your identity before processing requests.

Non-Discrimination: You will not be subjected to discriminatory treatment for exercising your privacy rights.

7. International Data Transfers

7.1. Data Storage Location

Our servers are primarily located in the United States. If you access Oomol from outside the United States, your information will be transferred to, processed, and stored in the United States.

7.2. Cross-Border Transfer Safeguards

For EU/EEA users, we ensure secure data transfers through:

Use of European Commission-approved Standard Contractual Clauses (SCCs)
Ensuring data processors provide adequate data protection
Compliance with GDPR cross-border data transfer requirements

7.3. EU Representative

As required by GDPR, if applicable, we will appoint a data protection representative in the EU. Related information will be updated when necessary.

8. Third-Party Links and Services

8.1. Third-Party Websites

Oomol may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices or content of these third parties.

8.2. Third-Party Integrations

When you use third-party integrations (such as AI services, storage services):

Your data may be shared with these third parties
These services have their own privacy policies
We recommend reviewing these policies

Our services may include social media features (such as share buttons). These features may collect your IP address and pages visited, and may set cookies.

9.1. What are Cookies

Cookies are small text files stored on your device that help websites remember your preferences and activities.

9.2. Types of Cookies We Use

Essential Cookies (Always Enabled)

Purpose: Authentication, security, basic functionality
Examples: Session IDs, CSRF tokens
These cookies are essential for service operation and cannot be disabled

Functional Cookies

Purpose: Remember your preferences
Examples: Language selection, theme preferences, layout settings
You can disable these cookies, but it may affect some features

Analytics Cookies

Purpose: Understand how users use our services
Services Used: Google Analytics, Mixpanel
Data Collected: Page visits, session duration, bounce rate
You can opt out through account settings

Marketing Cookies

Purpose: Provide personalized ads and content
Services Used: Google Ads, Facebook Pixel
You can disable through account settings or browser settings

9.3. Managing Cookies

You can manage cookies through:

Browser Settings:

Most browsers allow you to view, delete, and block cookies
Check your browser's help documentation for specific instructions

Our Cookie Consent Tool:

On first visit, we display a cookie banner
You can change your preferences in account settings at any time

Opt Out of Analytics Tracking:

Google Analytics Opt-out Add-on: https://tools.google.com/dlpage/gaoptout

9.4. Third-Party Cookies

Our service providers may set their own cookies. We do not control these third-party cookies.

10. Children's Privacy

10.1. Age Restrictions

Oomol is primarily intended for users 18 years and older. Users aged 13-17 may use with parental or guardian consent.

10.2. Children Under 13

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and discover that your child has provided us with personal information without your consent, please contact us at privacy@oomol.com.

10.3. Parental Rights

Parents and guardians have the right to:

Review their child's personal information
Request deletion of the information
Refuse further collection or use of the information

11. Privacy Policy Changes

11.1. Update Notifications

We may update this Privacy Policy from time to time to reflect:

Changes to our services
Changes in legal or regulatory requirements
Improvements to our privacy practices

11.2. How We Notify You

For significant changes, we will:

Notify you by email (at least 30 days in advance)
Display prominent notices on the platform
Update the "Last updated" date at the top of this page

11.3. Effective Date

Updated policies take effect immediately upon posting unless otherwise stated. Continued use of our services indicates acceptance of the updated policy.

12. California Residents' Special Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

12.1. Right to Know

You have the right to know, for the past 12 months:

What categories of personal information we collected
The categories of sources of personal information
The business purpose for collecting or selling personal information
The categories of third parties with whom we share personal information

12.2. We Do Not Sell

We do not sell your personal information.

12.3. Right to Non-Discrimination

You will not be subjected to discriminatory treatment for exercising your CCPA rights, including:

Denial of services
Charging different prices or rates
Providing different levels or quality of services

12.4. Authorized Agents

You may designate an authorized agent to make requests on your behalf.

If you are an EU/EEA resident, you have additional rights under the General Data Protection Regulation (GDPR):

13.1. Lawful Basis for Processing

We process your personal data based on the following lawful bases:

Contract Performance: To provide services you requested
Legitimate Interests: To improve services, security, fraud prevention
Consent: For marketing communications, certain analytics
Legal Obligation: To comply with EU or Member State laws

13.2. Data Protection Officer (DPO)

You can contact our Data Protection Officer at dpo@oomol.com.

13.3. Complaint to Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

14. Contact Us

14.1. Privacy Questions

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@oomol.com Data Protection Officer: dpo@oomol.com General Support: support@oomol.com

14.2. Response Time

We will respond to your privacy requests within 30 days of receipt (GDPR requirement). For complex requests, we may need up to 60 days and will notify you in advance.

Thank you for trusting Oomol. Protecting your privacy is of utmost importance to us, and we are committed to maintaining your trust.