Privacy Policy
Last updated: May 5, 2026
Your privacy is important to us. This privacy policy explains how Omi of Seattle Inc. (“Omi,” “we,” “us,” or “our”) collects, uses, and discloses personal data. This policy applies to our AI-powered sales assistant services delivered through conversational chat interfaces on Shopify-powered storefronts (“the Service”), our website at youromi.com, and any related products and services that display or reference this policy.
Omi services are provided to merchants and their online stores. In some cases, we process personal data of shoppers and end-users at the direction of our merchant customers. When we do so, we act as a service provider or “data processor” to those merchants. This policy does not apply to personal data we process solely on behalf of our merchant customers in that capacity. If you are a shopper on a merchant’s store, you should also read that merchant’s privacy policy.
Personal Data We Collect
The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We collect information from different sources and in various ways.
Information you provide directly
- Name and contact information — We collect your name, email address, and other contact details when you create an account, contact support, or submit inquiries through our website
- Payment information — If you subscribe to Omi as a merchant, we collect billing details necessary to process your subscription. Payment processing is handled by Stripe; we do not store full credit card numbers on our servers
- Content and communications — We collect the messages you send us via email, our website contact form, or other communication channels
- Brand and product information — Merchants provide brand guidelines, tone preferences, and supplementary product knowledge to train Omi for their store
Information collected automatically
- Chat conversations — When shoppers interact with the Omi chat widget on a merchant’s storefront, we collect the messages exchanged, product preferences expressed, and items recommended during the conversation
- Session identifiers — We use session identifiers passed via URL parameters within Shopify’s app proxy environment to maintain conversation context
- Device and browser information — We automatically collect browser type, device type, operating system, and similar technical information
- Usage data — We log pages visited, links clicked, time spent on pages, products browsed, items added to cart, and other interaction data
- IP address — We collect IP addresses, from which we may infer general geographic location (city, state, country)
Information from Shopify
When a merchant installs Omi, we access the following data from their Shopify account via the Shopify Admin API (read-only access):
- Products — Product titles, descriptions, images, pricing, variants, and inventory status
- Product listings — Published product availability and collection assignments
- Store content — Pages, blog posts, and other content to understand brand context
- Customer data — Customer profiles and browsing behavior to personalize recommendations
- Order information — Order details to measure conversion performance and attribution
Omi does not modify your products, orders, or store settings. All Shopify API access is read-only.
Information we create or generate
We infer new information from data we collect, including using automated means to generate product recommendations, style suggestions, and insights about shopper preferences.
Cookies and Similar Technologies
We use session identifiers and analytics tools to operate our services and collect data. Specifically:
- Session identifiers — Passed via URL parameters within the Shopify app proxy to maintain conversation context during a shopping session
- Analytics cookies — We use PostHog for product analytics, which may set cookies to track session engagement, feature usage, and conversion events
- Log files — Our servers automatically log requests, including IP addresses, browser types, timestamps, and referring URLs
We do not use advertising cookies or tracking pixels, and we do not engage in cross-site behavioral advertising.
How We Use Your Personal Data
We use the personal data we collect for the purposes described below:
| Purpose | Categories of Data Used |
|---|---|
| Service delivery. To provide, operate, and maintain the Omi chat assistant, including generating product recommendations, answering shopper questions, and powering conversational commerce | Chat conversations, product preferences, session identifiers, Shopify catalog and customer data, device information, usage data |
| Analytics and reporting. To generate merchant-facing insights including conversation volume, engagement metrics, product demand signals, and conversion attribution | Chat conversations, usage data, session identifiers, order information, device information |
| Product improvement. To develop new features, improve recommendation accuracy, and enhance the overall service | Chat conversations, usage data, device information, session identifiers |
| Business operations. To manage billing, accounting, security, fraud detection, and legal compliance | Contact information, payment information, IP addresses, device information |
| Communications. To send service-related notices, invoices, technical updates, security alerts, and support responses | Contact information, account information |
| Customer support. To respond to inquiries and provide technical assistance | Contact information, chat conversations, usage data, device information |
We do not use personal data for targeted advertising or marketing to shoppers. We do not sell personal data.
Our Disclosure of Personal Data
We disclose personal data with your consent or as necessary to provide the Service. We share data with the following categories of third parties:
- Cloud infrastructure providers. Amazon Web Services (AWS) provides our cloud infrastructure, including compute (Lambda), API management (API Gateway), database (DynamoDB), and storage (S3) services. Personal data is processed and stored on AWS servers in the United States
- AI model providers. Google Gemini powers Omi’s conversational responses and product recommendations. Chat messages and product catalog data are sent to Google’s API to generate responses
- Vector database providers. Pinecone provides semantic search and vector database services that power product matching and recommendation accuracy
- Analytics providers. PostHog provides product analytics for session tracking, engagement metrics, and conversion attribution
- Payment processors. Stripe processes merchant subscription payments. We share billing information necessary to complete transactions
- Hosting providers. Netlify provides frontend hosting and deployment for our website and merchant-facing interfaces
- Platform providers. Shopify provides the platform integration through which we access merchant catalog, customer, and order data via the Admin API
- Customer support platforms. Gorgias and Zendesk integrations are optionally available for routing customer support conversations from the Omi chat to a merchant’s existing support workflows
We share information with these providers strictly as necessary to deliver and improve the Service. We do not sell personal data to any third party.
We may also disclose personal data in the following circumstances:
- Legal compliance — To comply with applicable laws, regulations, subpoenas, search warrants, or other lawful requests for information
- Security and safety — To protect the rights, property, or safety of Omi, our merchants, their customers, or the public
- Corporate transactions — In connection with a merger, acquisition, financing, bankruptcy, or sale of all or a portion of our business or assets
Choice and Control
Access, correction, and deletion
You may request access to, correction of, or deletion of personal data we hold about you. Merchants can request deletion of their store data at any time. To make a request, contact us at accounts@youromi.com.
Communications preferences
You can opt out of promotional emails by following the unsubscribe instructions in any promotional message or by contacting us. This does not apply to transactional or service-related communications.
Cookie controls
Most web browsers allow you to manage cookie preferences through browser settings. You can delete or reject cookies, though this may affect certain features of our services.
Global Privacy Control
We respect the Global Privacy Control (GPC) signal. When we detect a GPC signal from your browser, we will make reasonable efforts to honor your opt-out preferences as specified by applicable law.
Do Not Track
There is no common standard for interpreting Do Not Track (DNT) browser signals, so our services do not currently respond to DNT signals. You can use the other controls described in this section to manage data collection.
European Data Protection Rights
If the processing of your personal data is subject to European Union, United Kingdom, or Swiss data protection law, you have certain rights with respect to that data:
- You can request access to, and rectification or erasure of, your personal data
- If processing is based on your consent or a contract, you have a right to receive a copy of your personal data in a usable and portable format
- If processing is based on your consent, you can withdraw consent for future processing at any time
- You can object to, or obtain a restriction of, processing under certain circumstances
- For residents of France, you can send us specific instructions regarding the use of your data after your death
To exercise these rights, please contact us using the information at the bottom of this policy. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to contact us first with any questions or concerns.
We rely on the following lawful bases for processing personal data: performance of a contract (to provide services to merchants), legitimate interests (to improve and secure our services), and consent (where required by applicable law).
European data transfers
We transfer personal data from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to the United States. When we do so, we use appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission, to help ensure your rights and protections travel with your data.
California Privacy Rights
If you are a California resident and the processing of your personal information is subject to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), you have certain rights with respect to that information.
Notice at collection
At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information collected, the purposes for which it is collected or used, whether it is sold or shared, and how long it is retained. You can find those details throughout this policy.
Your rights
- Right to know — You can request that we disclose the personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it
- Right to correct — You can request correction of inaccurate personal information
- Right to delete — You can request deletion of personal information we have collected, subject to certain exceptions
- Right to opt-out — You have a right to opt out of the “sale” or “sharing” of personal information as defined by the CCPA
We do not “sell” or “share” personal information as defined by the CCPA and have not done so in the past 12 months. We do not use sensitive personal information for any purposes beyond what is necessary to provide the Service.
We do not knowingly sell or share the personal information of minors under 16 years of age.
To submit a request, contact us at accounts@youromi.com. You may designate an authorized agent to make requests on your behalf. We will verify your identity before fulfilling any request, typically by asking you to submit the request from the email address associated with your account.
You have a right not to be discriminated against for exercising any of these rights.
Shine the Light
Under California Civil Code section 1798.83, California residents may request information about whether we have disclosed personal information to third parties for their direct marketing purposes. We do not disclose personal information to any third parties for their direct marketing purposes.
Data Retention
We retain personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specific retention practices include:
- Chat conversation data — Retained for the duration of the merchant’s subscription and for a reasonable period after to support analytics, unless earlier deletion is requested
- Merchant account information — Retained for the duration of the business relationship and for the period required by applicable tax and accounting obligations
- Analytics data — Aggregated and anonymized analytics may be retained indefinitely. Identifiable session data is retained in accordance with our analytics provider’s retention policies
- Support communications — Retained for the period necessary to resolve inquiries and for a reasonable period after for quality and training purposes
Merchants may request deletion of their store data at any time by contacting us.
Location of Personal Data
The personal data we collect is stored and processed in the United States on infrastructure provided by Amazon Web Services (AWS). If you are located outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country of residence.
Security
We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. Our security measures include encryption of data in transit (TLS) and at rest, access controls, regular security reviews, and infrastructure monitoring through AWS security services.
While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
Children’s Privacy
Our services are not directed to children under the age of 13 (or other applicable age of consent). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
Changes to This Policy
We will update this privacy policy when necessary to reflect changes in our services, how we use personal data, or applicable law. When we post changes, we will revise the “Last updated” date at the top of this policy. If we make material changes, we will provide notice as required by law, such as by email or prominent notice on our website.
Contact Us
If you have a privacy concern, complaint, or question, please contact us:
Email: accounts@youromi.com
Address:
Omi of Seattle Inc.
1928 Pike Pl Suite 301
Seattle, WA 98101
United States