← Back

OMNISC Privacy Policy

Effective Date: 2026-05-01

This Privacy Policy explains how OMNISC LLC ("Omnisc," "we," "us," or "our") collects, uses, stores, shares, and protects personal data when you visit omnisc.tech, create or access an account, purchase a subscription, or otherwise use our website, applications, and subscription-based financial intelligence services (collectively, the "Service").

If you do not agree with this Privacy Policy, please do not use the Service.

1. Who We Are

Omnisc is operated by:

OMNISC LLC 30 N Gould St, Ste N Sheridan, WY 82801 United States

Support: support@omnisc.tech

Privacy / Legal: david.izmailovsky@omnisc.tech

2. Scope of This Policy

This Privacy Policy applies to personal data we collect through:

  • our website and application;
  • waitlist registration;
  • checkout and subscription flows;
  • account setup, login, password reset, and authentication flows;
  • support and service communications;
  • your use of the Service, including watchlists and account features.

This Privacy Policy does not apply to third-party websites, payment pages, or services that we do not control, even if they are linked from our Service.

3. Types of Data We Collect

Depending on how you use the Service, we may collect the following categories of personal data:

A. Identity and Contact Data

  • email address, including email provided through waitlist registration;
  • name, if you choose to provide it.

B. Account and Authentication Data

If you create or activate an account, we may process:

  • securely hashed password credentials;
  • setup-password tokens;
  • password reset tokens;
  • refresh tokens;
  • failed login attempt counters;
  • temporary account lock information;
  • account status and account-related timestamps, such as account creation, updates, and last login.

C. Subscription and Billing Data

We may process limited subscription and billing-related information, such as:

  • subscription plan;
  • subscription status;
  • payment provider;
  • billing cadence;
  • subscription identifiers and customer identifiers assigned by the payment provider;
  • current billing period information;
  • cancellation status;
  • country or country code for routing, tax, and payment-provider selection.

Important: We do not store full payment card numbers or full payment credentials. Payments are processed by third-party payment providers.

D. Usage and Product Data

We may process information about how you use the Service, such as:

  • watchlist data;
  • account preferences;
  • feature usage;
  • service interaction logs;
  • API request metadata, including endpoints accessed, timestamps, and associated account identifiers, for operational monitoring, security, and usage enforcement;
  • device/browser or request metadata needed to operate and secure the Service.

E. Region and Routing Data

We may temporarily process your IP address and country selection at checkout or onboarding in order to:

  • route you to the appropriate payment provider;
  • support fraud prevention and abuse prevention;
  • apply region-specific legal or billing rules.

We do not use IP-based routing data for behavioral advertising.

F. Communications Data

If you contact us or receive service emails, we may process:

  • email content;
  • support requests;
  • account emails such as welcome emails, password setup emails, password reset emails, billing emails, and service notices.

G. Cookies and Similar Technologies

We use:

  • strictly necessary localStorage for authentication, session management, and consent preference storage — required for the Service to operate;
  • opt-in analytics cookies (Google Analytics 4) for pseudonymous web and product analytics — used only after your explicit consent.

If you consent to Analytics, Google Analytics 4 may process page views, feature interaction events, approximate geography, device/browser information, GA4 cookie identifiers (`_ga`, `_ga_*`), and, when you are signed in, an Omnisc-generated pseudonymous User-ID. We do not send your name, email address, payment details, watchlist contents, or personal financial circumstances to GA4.

We do not use marketing or advertising cookies, tracking pixels, fingerprinting, cross-site tracking, or remarketing technologies.

For full details — including cookie names, retention periods, and how to withdraw consent — see our Cookie & Technology Policy.

4. How We Collect Data

We collect personal data:

  • directly from you, when you enter information into forms, checkout, login, support, or account pages;
  • automatically, when you interact with the Service and our infrastructure logs certain technical events;
  • from payment providers, when a subscription purchase, renewal, cancellation, or billing event occurs;
  • from authentication and email systems involved in account setup and account recovery.

5. How We Use Personal Data

We use personal data for the following purposes:

A. To Provide and Operate the Service

  • create and maintain user accounts;
  • authenticate users and protect account access;
  • provide subscription-based access to the Service;
  • display watchlists, account data, and related user features.

B. To Process Purchases and Manage Subscriptions

  • create and manage subscription records;
  • route users to the appropriate payment provider based on country or region;
  • receive and process payment-related events from Stripe or Lemon Squeezy;
  • provide billing and subscription management.

C. To Send Service Communications

  • send account activation and password setup emails;
  • send password reset emails;
  • send billing, subscription, and service-related notices;
  • respond to support or legal/privacy requests.

D. To Secure the Service

  • detect unauthorized account sharing, suspicious access, abuse, fraud, or misuse;
  • enforce account lockout or other security protections where appropriate;
  • investigate incidents and maintain platform security.

E. To Comply With Legal Obligations

  • maintain records required for legal, tax, accounting, security, or dispute-resolution purposes;
  • comply with applicable laws, sanctions, payment obligations, and regulatory requirements.

F. To Improve and Maintain the Service

  • debug operational problems;
  • maintain reliability and performance;
  • where you have consented to Analytics, understand page, feature, and logged-in product usage through Google Analytics 4 so that we can improve the Service;
  • review service usage trends at an operational level.

We do not sell personal data to advertisers.

6. Legal Bases for Processing

Where applicable data protection laws require a legal basis, we rely on one or more of the following:

  • Contract: processing necessary to provide the Service, subscriptions, account access, and support;
  • Legitimate interests: service security, fraud prevention, operational monitoring, service improvement, and basic business administration;
  • Legal obligation: where we must retain or disclose data to comply with law, tax, payment, sanctions, or regulatory requirements;
  • Consent (Article 6(1)(a) GDPR / UK GDPR and Article 5(3) ePrivacy Directive / applicable UK PECR rules): where consent is required, including for analytics cookies (Google Analytics 4) and any other non-essential client-side storage technologies. You may withdraw your consent at any time through the Cookie preferences link in the footer of any page.

Where we rely on legitimate interests, we assess that those interests do not override your fundamental rights and freedoms.

Required and Optional Data

Account, authentication, subscription, billing, and security data are required to create and maintain an account, provide paid access, process payments, secure the Service, and comply with applicable legal obligations. If you do not provide required data, we may not be able to provide the Service or relevant account, payment, or security features.

Watchlists, optional account preferences, and optional communications are voluntary, but related features may not work without them.

Analytics consent is optional. Refusing or withdrawing Analytics consent does not affect your account access, subscription status, or ability to use the paid Service.

7. Payment Providers

Depending on your region, subscription payments are processed through different payment providers.

Stripe

For users in the United States, purchases are processed through Stripe.

Lemon Squeezy

For users in the EU/EEA/UK, purchases are processed through Lemon Squeezy. For purchases processed through Lemon Squeezy, Lemon Squeezy acts as merchant of record for billing, tax/VAT collection, and certain payment-related processes.

We receive only the information reasonably necessary to confirm, manage, or update subscription status and account access.

8. Service Providers and Sub-Processors

We engage trusted service providers (sub-processors) to help us operate the Service. We maintain contractual arrangements with each sub-processor requiring appropriate data protection measures, including Data Processing Agreements (DPAs) or equivalent contracts where required by applicable data protection law.

  • Google Cloud Platform (GCP) — sub-processor providing hosting infrastructure, including Cloud Run, Cloud SQL, Secret Manager, and related operational services;
  • Google LLC / Google Ireland Limited (Google Analytics 4) — service provider/processor for opt-in web and product analytics on `www.omnisc.tech` and `app.omnisc.tech`. Processes pseudonymous event-level and user-level analytics data, including GA4 cookie identifiers and, where you consent and are signed in, an Omnisc-generated pseudonymous User-ID. Omnisc uses GA4 for product analytics reports only, not advertising, remarketing, sale/share, or individual investment profiling. EU-US transfers are covered by Google's certification under the EU-US Data Privacy Framework and by Standard Contractual Clauses where applicable. See the Cookie & Technology Policy for details;
  • Stripe, Inc. — sub-processor for payment processing for applicable users (U.S. and certain other regions);
  • Lemon Squeezy LLC (222 South Main Street Suite 500, Salt Lake City, UT 84101, United States) — sub-processor and Merchant of Record for EU/EEA/UK transactions, responsible for payment processing, invoicing, VAT/tax collection, and merchant-of-record obligations for EU/EEA/UK users;
  • Resend — sub-processor for transactional email delivery;
  • OpenAI — sub-processor used solely for market-data-related analytical processing (see Section 9);
  • authentication, security, logging, hosting, or support vendors used to operate the Service, each engaged under applicable contractual safeguards.

These sub-processors process personal data on our behalf as processors, or as independent controllers where applicable, and only to the extent reasonably necessary for their services.

OpenAI processes market-data inputs as part of our analytical workflow, and OpenAI's processing is governed by OpenAI's applicable usage policies and data processing terms.

9. OpenAI and Market Analytics

We use OpenAI services only in connection with market-data-related analytical workflows.

We do not send your personal investment profile, personal financial circumstances, or user-generated personal prompts to OpenAI as part of the Service's analytical workflow. OpenAI usage is limited to market-data-related analysis as part of the Service's analytical operations.

10. International Data Transfers

Because Omnisc is operated from the United States and uses cloud and software providers that may process data in multiple countries, your personal data may be transferred to, stored in, or processed in jurisdictions outside your country of residence.

EEA / UK / Switzerland Transfers

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (including the UK International Data Transfer Addendum where applicable) as the primary legal transfer mechanism.

Where required by applicable law, we supplement SCCs with additional technical and organizational measures intended to protect transferred data. Our sub-processors that may process EEA/UK personal data (including Google Cloud Platform, Google Analytics, Stripe, Resend, Lemon Squeezy, and OpenAI) have executed SCCs or equivalent transfer safeguards as part of our contractual arrangements with them. Google additionally maintains certification under the EU-US Data Privacy Framework for transfers from the EEA to the United States.

For users in the EU/EEA/UK, you may contact us at david.izmailovsky@omnisc.tech to request further information about our transfer safeguards.

11. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy.

General Retention

Our general retention period for non-billing personal data (such as account profile, watchlist, preferences, and service interaction logs) is up to 2 years, unless:

  • a longer retention period is required by law;
  • retention is necessary for billing, tax, accounting, fraud prevention, security, legal claims, or dispute resolution; or
  • continued retention is otherwise permitted or required under applicable law.

Billing and Transaction Records

Billing, subscription, invoicing, VAT/tax, and transaction records are retained for up to 7 years to comply with applicable tax, accounting, merchant-of-record, and legal retention obligations. This includes records related to purchases processed through Lemon Squeezy as Merchant of Record for EU/EEA/UK transactions, and records required to comply with U.S. and EU tax, accounting, anti-fraud, and anti-money-laundering requirements.

Analytics Data

Pseudonymous user-level and event-level analytics data collected through Google Analytics 4 is retained for 14 months, according to our GA4 retention settings, after which applicable user-level and event-level records are automatically deleted by Google. Standard aggregated GA4 reports may remain available after user-level/event-level retention expires in accordance with Google Analytics retention behavior. Analytics data is collected only with your explicit consent and is not used for advertising, sale/share, or individual profiling.

IP Routing Data

Routing-related IP data is used only at the time of routing or checkout logic and is not retained as a standalone long-term profile for analytics or advertising.

Upon Account Deletion

Upon account deletion, your account profile, watchlist, preferences, and similar account-level data will be deleted within 30 days, except where retention is legally required.

Billing, subscription, and transaction records may be retained for up to 7 years where required for legal, tax, accounting, fraud prevention, security, or dispute-resolution purposes.

12. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • request access to personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data;
  • object to certain processing;
  • request restriction of processing;
  • request portability of certain data, where applicable;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with a competent data protection or supervisory authority, where applicable.

You may exercise privacy requests by contacting david.izmailovsky@omnisc.tech.

We may need to verify your identity before fulfilling a request.

13. Global Rights Approach

Omnisc applies a consistent global approach to privacy and may honor privacy requests from users regardless of jurisdiction, to the extent practical and except where limited by law, technical feasibility, fraud prevention, security needs, or overriding legal obligations.

Specific legal rights may still vary by country or region.

14. Account Deletion

If you request account deletion:

  • we will review and process the request;
  • we will complete deletion of account-level data (profile, watchlist, preferences, service interaction logs) within 30 days, except where retention is legally required;
  • limited billing, subscription, transaction, invoicing, VAT/tax, legal, fraud-prevention, security, audit, or dispute-resolution records may be retained for up to 7 years — or longer where required by law (including tax, accounting, and merchant-of-record compliance obligations).

Deleting your account does not automatically cancel an active subscription. Subscription cancellation must be completed separately through the relevant billing portal or payment provider.

15. Security

We use reasonable administrative, technical, and organizational measures intended to protect personal data, including authentication controls, securely hashed password credentials, token-based account security, controlled cloud infrastructure, and secret management. Data stored in our cloud infrastructure is encrypted at rest and in transit using industry-standard encryption.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a data breach that we believe may pose a risk to your rights or freedoms, we will take reasonable steps to notify affected users and, where required, applicable supervisory authorities, in accordance with applicable law.

16. Children

The Service is not intended for individuals under 18 years old.

We do not knowingly provide the Service to minors. If we become aware that a person under 18 has created an account or provided personal data, we may suspend or delete the account and delete associated data, subject to applicable legal requirements.

17. Automated Processing

The Service uses automated analytical systems to generate market-related outputs.

These outputs do not constitute automated decision-making with legal or similarly significant effects on you within the meaning of applicable data protection law. You are not required to act on any analytical output.

18. EU/EEA/UK Contact

If you are located in the EU/EEA/UK and have questions about our data practices, you may contact us at david.izmailovsky@omnisc.tech. We will assess whether an EU/UK representative is required under applicable GDPR / UK GDPR rules as our EU/UK user base and processing activities develop. If a representative is required, we will publish the representative's identity and contact details in this section.

19. Third-Party Sites and Services

The Service may link to or interact with third-party services, including payment pages or email links. We are not responsible for the privacy practices of third parties that we do not control.

We encourage you to review their privacy policies separately.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice that is reasonable in the circumstances, normally at least 30 days before the changes take effect, through the Service, by email, or by other reasonable means.

A shorter notice period may apply where required by law, where the change is operationally urgent, or where the change does not materially reduce user privacy rights or activate any new consent-based processing unless and until the user is presented with the updated choice and provides consent. Where practicable, existing account holders will also be notified by email or in-Service notice.

The updated version will become effective on the date stated at the top of this Privacy Policy.

21. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact:

Support: support@omnisc.tech Privacy / Legal: david.izmailovsky@omnisc.tech