Legal

Privacy policy

Last updated: [LAUNCH_DATE]

Short version. Omit runs in your browser. Your bookmarks live on your machine. We do not run analytics, telemetry, or tracking. The only data on our servers is the email address tied to your one-time payment.

1. Who is responsible for your data

The data controller for Omit is [CONTROLLER_NAME], contactable at support@getomit.pro. This address is a legal and privacy contact only — product support is handled inside the extension itself, via the in-app support function.

2. What data Omit handles

Data that stays on your device

The Omit extension stores all of your bookmarks, vault entries, ghost archive, settings, and your AI-provider API key in your browser's local storage (chrome.storage.local). This data does not leave your machine through any system we operate.

We do not run analytics, telemetry, error reporting, or session recording.
We do not assign you an account, user ID, or device identifier.
We do not see what you save, what you read, or what you query.

Data we do receive

We only receive personal data in two narrow cases:

Purchase email. When you buy Omit Pro, our payment processor passes us the email address you used at checkout, so we can issue your license and your invoice. See Payments.
Support email. If you write to support@getomit.pro, we receive whatever you put in that email.

3. AI features and your own LLM key

Pro features (Ask AI, Smart Summaries, Reading Archetype, link summaries) call a large-language-model provider directly from your browser using an API key that you provide. Omit supports the following providers:

Google Gemini
OpenAI
Anthropic
DeepSeek
OpenRouter

When you trigger an AI action, the request goes from your browser to the provider you configured. It does not pass through any server we operate. Whatever the provider does with the request is governed by their privacy policy, not this one. You are responsible for choosing a provider whose terms you are comfortable with.

Some Pro features fetch the readable text of a page through the Jina Reader service (r.jina.ai) before sending it to your AI provider. The page URL and content are passed through Jina; the request originates from your browser.

4. Payments

One-time Pro payments are processed by Stripe. [CONTROLLER_NAME] is the merchant of record. Stripe collects the data needed to take a payment (card details, billing country, email, and — where applicable for EU VAT — your tax status). We never see your full card details.

What we receive from Stripe and store on our payment infrastructure (omit-pay.aydinfer.workers.dev):

The email address you used at checkout
The Stripe payment / customer reference
The amount, currency, and country, for VAT and bookkeeping purposes
The license token issued to your installation

The legal basis for this processing is the contract between you and us (Art. 6(1)(b) GDPR) and our legal obligation to keep tax records (Art. 6(1)(c) GDPR).

5. Cookies and storage

The marketing site at getomit.pro sets no cookies, runs no analytics, and embeds no third-party tracking. The Google Fonts stylesheet is loaded from Google's CDN; no font cookies are set in this configuration. [REVIEW: confirm with Dutch counsel] whether Google Fonts loaded via CDN requires explicit cookie-banner consent under your interpretation of the latest AP / EDPB guidance, or whether it can be served self-hosted to remove the question entirely.

The Omit extension uses your browser's local storage to keep your bookmarks. That is not a cookie under the ePrivacy Directive but it is functionally equivalent storage on your device. Its use is strictly necessary to provide the service you installed, so no separate consent prompt is shown.

6. Your rights under GDPR / AVG

If you are in the EU/EEA, you have the following rights:

Access — ask us what personal data we hold about you
Rectification — ask us to correct it
Erasure — ask us to delete it
Portability — ask for a machine-readable copy
Restriction — ask us to pause processing
Objection — object to processing based on legitimate interest
Complaint — lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the regulator in your country of residence.

To exercise any of these, write to support@getomit.pro from the email address tied to your purchase. We aim to respond within 30 days.

Note: most of your data is on your own device and is fully under your control. To delete it, uninstall the extension; to export it, use the export function inside the side panel.

7. How long we keep data

Payment and invoice records: seven years, as required by Dutch tax law (Art. 52 Algemene wet inzake rijksbelastingen).
Support emails: kept for as long as needed to handle the case, then deleted within 12 months unless they form part of a payment record.
Local data inside the extension: kept until you delete it or uninstall the extension. We have no copy.

8. International transfers

Stripe processes EU payments through Stripe Payments Europe Ltd. (Ireland). Some of the AI providers listed in section 3 are based in the United States; if you choose to use them, your queries are sent to the US under the standard contractual clauses they publish. [REVIEW: confirm with Dutch counsel] the precise transfer-mechanism wording you want here, especially for providers that do not yet self-certify under the EU–US Data Privacy Framework.

9. Changes to this policy

If we change this policy in a way that affects how we handle your data, we update the date at the top and note the change in the changelog. We do not silently revise it.

10. Contact

Privacy questions, GDPR requests, and complaints: support@getomit.pro.