Privacy Policy

At OmmiQ, your privacy is not just a policy-it's our core principle. We don't track you, we don't sell your data, and we don't use analytics. Your tasks and personal information stay completely private.

We only collect the minimal information necessary to provide our service:

• Your email address and name when you create an account
• The tasks and notes you create within the application
• Your preferences (theme, timezone, notification settings)
• Basic technical information required for the app to function (authentication tokens stored in your browser's local storage)
• Purchase and invoice data when you buy a paid extra (invoice number, amount paid, payment provider transaction ID, purchase date)
• Push notification subscriptions (browser-generated endpoint and keys) if you enable push notifications on a device. Deleted when you disable notifications, when the browser revokes the subscription, or when you delete your account.

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

• Contract performance (Article 6(1)(b)) - Processing your account information, tasks, preferences, and purchase data is necessary to provide the OmmiQ service you signed up for and to fulfil orders for paid extras.
• Consent (Article 6(1)(a)) - Product update emails are sent based on your consent, given during sign-up. You can withdraw consent at any time by turning off "Subscribe for updates" in Settings.
• Legal obligation (Article 6(1)(c)) - Invoice and payment records must be retained to comply with German tax and commercial law, in particular §147 of the German Fiscal Code (Abgabenordnung).
• Legitimate interest (Article 6(1)(f)) - We maintain internal audit logs of administrative actions to ensure the security and integrity of our service.

Your information is used solely to:

• Provide and maintain the OmmiQ service
• Authenticate your account and sync your data
• Send product update emails (with your consent)
• Respond to your support requests

We never use your data for advertising, analytics, or any other purpose.

We do not sell, rent, or trade your personal information. Your data is stored in the European Union. The only parties with access to your data are the data processors listed below, each bound by a data processing agreement and each limited to the specific purpose described.

We rely on the following processors to operate OmmiQ.

• Hostinger - hostinger.com/legal/privacy-policy. Hosts our application and database on servers located in the European Union. Processes all account, task, and settings data strictly for the purpose of providing hosting services.
• Mollie B.V. - mollie.com/privacy. Processes payments when you purchase a paid extra. Mollie receives your name, email address, the purchase amount, and the payment method you choose. Mollie is a Dutch-licensed payment institution established in the European Union.
• Push notification delivery - If you purchase and enable push notifications, your browser subscribes with its own push service and we send notifications through that service. For Chromium-based browsers (Chrome, Edge, Vivaldi), this is Google LLC's Firebase Cloud Messaging (United States). For Firefox, it's Mozilla Corporation's autopush service (European Union). For Safari, it's Apple Inc.'s Push Notification Service (United States). These services only act as routing infrastructure: the notification content (task titles, times, categories) is end-to-end encrypted using keys your browser generates, so neither Google, Mozilla, nor Apple can read it - they only see an anonymous endpoint identifier and deliver the encrypted payload to your device. We store the subscription endpoint and the public encryption keys your browser provided; you can revoke this at any time in Settings. The legal basis for this processing is your explicit consent (Art. 6(1)(a) GDPR).

No other third-party services have access to your data.

Your data is encrypted in transit and at rest. We use industry-standard security measures to protect your information and regularly review our security practices. Passwords are cryptographically hashed and never stored in plain text.

OmmiQ does not use cookies or third-party tracking. We store a single authentication token in your browser's local storage to keep you signed in. This token is removed when you sign out. No analytics, advertising, or tracking cookies are used.

We retain your data only as long as necessary:

• Active accounts - Your data is kept for as long as your account is active.
• Account deletion - When you delete your account, it enters a 30-day grace period during which you can sign back in to restore it. After 30 days, all your data (profile, tasks, categories, settings) is permanently and irreversibly removed.
• Invoices and payment records - Invoices, purchase data, and related financial records are retained for 10 years in accordance with §147 of the German Fiscal Code (Abgabenordnung), even after account deletion. These records are stored separately and used only to fulfil our legal tax obligations.
• Audit logs - Administrative access logs are retained for accountability purposes.

Under the GDPR, you have the right to:

• Access - Request a copy of all data we hold about you.
• Rectification - Correct any inaccurate information in your profile or settings.
• Erasure - Delete your account and all associated data.
• Data portability - Export your data in a machine-readable format.
• Withdraw consent - Opt out of product update emails at any time via Settings.
• Lodge a complaint - You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@ommiq.com. We will respond to all data-related requests within 3 business days.