1. What data we collect
To provide the platform's functionality, we process the following categories of data:
- Profile data provided by the User: display name, avatar (profile picture), hashed password.
- Content and communication data: text messages, files (images, videos, documents) sent in chats and video rooms; metadata (sending time, conversation participants).
- Technical and service data:
- Identifiers: unique user ID in the system, unique video conference room hash, IP address.
- Device data: browser/OS type and version, connection information, logs to ensure stable operation and diagnose problems.
- Activity data: login/logout time, interface actions for performance analysis.
Important security information
Video and audio streams are transmitted directly between participants in encrypted form (peer-to-peer).
About data storage: Text chat messages are stored on secure servers in encrypted form for:
- Processing complaints and violations
- Content moderation
- Ensuring user security
Full video conference recording is not performed without explicit consent of all participants.
2. How we use your data
Data processing is carried out strictly to achieve the following purposes:
- Ensuring Service operation: creating and maintaining your account, organizing text and video communication, managing rooms.
- Security and moderation: preventing fraud, abuse, spam and violations of the user agreement; investigating incidents.
- Technical support and development: diagnosing malfunctions, analyzing performance to improve stability and convenience of the Service (on anonymized data).
- Communication with the User: sending important notifications related to account and Service operation.
3. Legal bases for data processing
We process your data on the following legal bases:
- Contract performance: processing is necessary to provide you with platform functionality in accordance with the User Agreement.
- Legitimate interest: ensuring network security, preventing abuse, technical support and improvement of the Service, provided that this does not violate your rights and freedoms.
- Consent: in cases expressly provided by law (for example, for some types of mailings).
4. Data transfer to third parties
We do not sell your personal data. Transfer may be carried out in limited cases:
- Service providers: third-party companies that provide us with services necessary for operation (e.g., hosting, WebRTC signaling platforms). These providers are required to protect data and use it only to perform our tasks.
- As required by law: to law enforcement, judicial or government agencies of any country, if such disclosure is provided for and complies with the current laws of the jurisdiction that has the authority to require this information. Such disclosure is possible only if there is a proper legal basis (e.g., a court decision) and to the minimum extent necessary to comply with this requirement.
- To protect rights: if necessary to investigate violations of our terms or to protect the rights, property or safety of "Omnory", our users or the public.
5. Data security
We take reasonable technical and organizational measures to protect your information from unauthorized access, alteration, disclosure or destruction. This includes, among other things, the use of encryption of transmitted data (TLS), access control to systems and regular security audits.
6. Your rights
In accordance with applicable legislation that regulates the processing of your data depending on your country of residence or location, you may have the following rights:
- Access and correction: request information about your data that we process and correct inaccuracies.
- Deletion: request deletion of your account and related personal data if there are no compelling legal grounds for their further storage.
- Restriction of processing: require temporary or permanent restriction of processing of your data in certain situations provided by law.
- Objection to processing: object to the processing of your data on grounds related to your specific situation, especially for direct marketing purposes or on the basis of legitimate interests.
- Data portability: receive the data you provided in a structured, commonly used and machine-readable format for transfer to another operator.
- Withdrawal of consent: withdraw your previously given consent to processing at any time if data processing was initially based solely on it.
- Filing a complaint: file a complaint with the data protection supervisory authority in your country.
Procedure for application: To exercise any of these rights, as well as to obtain clarification, please send a corresponding request to the contact email specified at the end of this Policy. We will consider your request in accordance with the requirements of the legislation applicable to you.
7. Data storage
We store your personal data only as long as it is necessary for the purposes set out in this Policy or to comply with legal requirements. For example:
- Profile data: stored while your account is active. After account deletion, data is deleted or anonymized within a reasonable time.
- Technical activity logs: stored for a limited period necessary for security and system stability analysis.
- Message content: may be stored for the duration of the chat or room. Room administrators can control content storage policies within the conversations they create.
8. Use of cookies and similar technologies
The Service may use cookies and browser local storage to provide basic functionality, such as maintaining login sessions, remembering interface settings, and analyzing anonymized performance data.
9. Changes to the Privacy Policy
We reserve the right to update this Policy. We will notify you of significant changes through the Service interface or by email. The new version of the Policy comes into force from the moment of its publication on this page. Continued use of the Service after changes are made means your agreement with the new version.