Omvera LLC ("Omvera," "we," "us," or "our") is a Wyoming limited liability company providing operations intelligence, data automation, and analytics services to businesses. We operate the website omvera.io and related dashboard and data services.

This Privacy Policy describes how we collect, use, store, and protect information across all touchpoints: our marketing website, client dashboards, data integrations, and any Shopify or third-party platform applications we operate.

We take compliance seriously. This policy is designed to meet the requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), Shopify's Partner Program requirements, and other applicable data protection laws.

Information you provide directly. When you contact us, sign up for services, or communicate with us, we may collect your name, email address, business name, phone number, and details you share about your business needs.

Automatically collected website information. Our hosting provider (Netlify) may collect standard server logs including IP addresses, browser type, and pages visited. We use Google Analytics to understand aggregate traffic patterns. We do not operate third-party advertising pixels or behavioral retargeting.

Account and billing information. If you become a client, we collect information to provide and bill for our services. Payment information is processed through our payment processor — we do not store card numbers directly.

Integration credentials. When you authorize Omvera to connect to your business platforms (such as Shopify), we receive and securely store API access tokens that allow us to retrieve your business data on your behalf.

When you are an Omvera client, we access your business data from connected platforms solely to provide our analytics and operations intelligence services. This includes:

• Order history, revenue, and transaction records
• Inventory levels, product catalogs, and SKU data
• Fulfillment and shipping records
• Advertising performance data
• Store configuration and location data

This data is never sold, shared with third parties for marketing, or used for any purpose beyond delivering your dashboard and operational insights.

In the course of providing analytics services, we may access data about your customers ("end customers") — including names, email addresses, purchase history, and location data — that resides in your connected platforms.

We access end customer data strictly to generate analytics and operational intelligence for you. We do not:

• Contact your customers directly
• Sell or share your customer data with any third party
• Use your customer data for any purpose other than providing your Omvera services
• Combine your customer data with data from other Omvera clients
• Retain end customer data beyond what is necessary for service delivery

As the merchant, you are the data controller for your customers' data. Omvera acts as a data processor on your behalf.

We use the information we collect to:

• Respond to inquiries and onboard new clients
• Provide, maintain, and improve our analytics and operations services
• Generate dashboards, reports, and operational recommendations
• Communicate with you about your account, service updates, and support
• Fulfill automated operational workflows you have authorized
• Comply with legal obligations and protect the security of our platform

We do not sell, rent, or trade your personal information or your customers' information to any third party for any commercial purpose.

Netlify. Our website and backend functions are hosted on Netlify, governed by Netlify's Privacy Policy.

Supabase. Client and operational data is stored in Supabase, a PostgreSQL database platform hosted on AWS in the United States. Supabase is SOC 2 compliant. Data is encrypted at rest and in transit.

Formspree. Contact form submissions are processed by Formspree and delivered to our inbox.

Shopify. For clients using our Shopify integration, data is retrieved via Shopify's Admin API under authorization granted by you.

Make.com. We use Make.com to automate data synchronization workflows.

Google Analytics. We use Google Analytics to understand aggregate website traffic. We do not use Google Analytics Advertising Features.

We do not share personal data with any third party beyond what is necessary to operate the services listed above.

When Omvera accesses data from your business platforms on your behalf, we act as a data processor under applicable data protection law. You, as our client, are the data controller.

As a data processor, we process data only on your documented instructions, ensure personnel are bound by confidentiality obligations, implement appropriate security measures, assist you in fulfilling obligations to data subjects, and delete or return all personal data upon termination of services.

Clients requiring a formal Data Processing Agreement (DPA) may request one by contacting us at the address below.

Website inquiries. Retained for the duration of the business relationship and up to 3 years thereafter.

Client operational data. Retained for the duration of your active service agreement plus 90 days following termination, after which it is permanently deleted.

End customer data. Retained only as long as necessary to maintain your analytics history.

Access tokens. Retained for the duration of the service agreement and revoked and deleted upon termination.

We implement technical and organizational security measures including:

• Encryption of all data in transit (TLS 1.2+) and at rest
• Row-level security controls on our database
• API keys and secrets stored as environment variables, never in source code
• Principle of least privilege for all system access

In the event of a data breach that creates material risk, we will notify you and applicable regulators as required by law.

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise any of these rights, contact us at the address in the Contact section. We will respond within 30 days.

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have rights under the GDPR or equivalent laws. We process personal data under the following legal bases: performance of a contract, legitimate interests, compliance with legal obligations, and consent where explicitly obtained.

When we transfer personal data from the EEA or UK to the US, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. If you are in the EEA, you have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you have rights under CCPA/CPRA including the right to know, delete, correct, opt-out of sale, and non-discrimination. We do not sell personal information and have not done so in the preceding 12 months.

With your authorization, we access order data, customer data, product and inventory data, fulfillment data, analytics data, and store configuration via Shopify's Admin API. All Shopify data is accessed solely to generate your operations intelligence dashboard. We do not use Shopify data for any other purpose, and do not share it with any third party except as necessary to operate our infrastructure.

You may revoke access at any time by uninstalling the app from your Shopify admin. Upon uninstallation, we will delete your access token and purge synced data within 90 days.

Our services are directed to businesses and business professionals. We do not knowingly collect information from individuals under 18. If we learn we have collected such information, we will delete it promptly.

We may update this policy from time to time. We will post changes on this page with an updated effective date. For material changes, we will notify active clients directly.

For questions about this policy, to exercise your rights, or to request a Data Processing Agreement:

Omvera LLC
Privacy & Compliance
contact@omvera.io
Registered in Wyoming, United States

We will respond to all privacy-related inquiries within 30 days.