Privacy Policy
The last update of this Privacy Policy was made on 01 June 2025.
This Privacy Policy describes the privacy practices for the website https://omna.me/ (hereinafter the “Website”) and OMNA mobile application (hereinafter the “App”) operated by Lumorial Inc., a corporation established under the laws of the state of Delaware, having its registered office at 3524 Silverside Road Suite 35B, Wilmington, County of New Castle, 19810-4929, Delaware (hereinafter “we”, “us”, “our”, “Company”). It also describes your choices regarding our use of your personal data and how you can access, update and delete this data.
The processing of personal data is in line with the General Data Protection Regulation (GDPR) and under the country-specific data protection regulations applicable to the Company.
By means of this Privacy Policy, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process.
This Privacy Policy is an integral part of the Terms of Use. Any definitions or terms contained in this Privacy Policy shall have the meanings assigned to them in our Terms of Use.
DEFINITIONS
Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject/user”). An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Controller means a person who determines the purposes and means of processing. For the purpose of this Privacy Policy, the Company is the controller of personal data. As the controller, we have implemented numerous technical and organizational measures to ensure the complete protection of personal data processed through the Service.
Processing is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject/user refers to you as an identified or identifiable natural person whose personal data is processed by the controller responsible for the processing; a user of OMNA.
Consent of the data subject/user is any freely given, specific, informed and unambiguous indication of the data subject/user`s wishes by which they, by a statement or by an explicit affirmative action, signify agreement to the processing of personal data relating to them.
WHY WE PROCESS YOUR PERSONAL DATA
The Company collects and processes your personal data for the following purposes (the “Purpose”):
- To provide you with access to and enable your use of the Services;
- To perform our contractual obligations under a contract to which you are a party, pursuant to Article 6(1)(b) of the General Data Protection Regulation (GDPR), including for the purpose of identifying you and processing payments;
- To deliver customer support and assistance;
- To analyze your interaction with the Services in order to better understand user behavior, improve the quality and functionality of the Services, enhance the overall user experience, and support user engagement and retention.
We may use your personal data:
- To improve your browsing experience by personalizing and improving the Services;
- To send information to you by email regarding Account registration status, password, and payment confirmation;
- To send you communications relating to your use of the Services; and
- To provide our partners with statistical information about our users by secured channels under data processing agreements (DPA);
- To send you marketing and promotional materials and messages.
WHEN WE COLLECT PERSONAL DATA
We collect certain personal data when you:
- Access the Website or the App;
- Register your Account;
- Use the Services;
- Make purchases;
- Contact and interact with our support.
SCOPE AND CATEGORIES OF PERSONAL DATA, LAWFUL BASIS FOR PERSONAL DATA PROCESSING AND DATA SUBJECT CATEGORIES
We follow data minimization principles, and we process your personal data as follows:
| NO. | SCOPE AND CATEGORIES OF PERSONAL DATA | DATA SUBJECT CATEGORIES | PROCESSING PURPOSE | LAWFUL BASIS FOR PERSONAL DATA PROCESSING |
|---|---|---|---|---|
| 1 | Name | Omna users | To provide Omna Service | Performance of a contract |
| 2 | Omna users | To provide the Services; To send marketing communications | Performance of a contract; Consent / Legitimate interest | |
| 3 | Mental health-related data | Omna users | To personalize the experience and provide the Services | Performance of a contract / Consent |
| 4 | Photos | Omna users | To personalize the experience and provide the Services | Consent |
| 5 | Automatically collected data (cookies and similar technologies, device and connection data) | Omna users, non-registered Omna visitors | To provide the features of the Services | Performance of a contract / Consent |
| 6 | Mobile App interactions; In-app search history; Crash logs | App users | To analyze and improve the Services | Legitimate interest / Consent |
| 7 | Device or other IDs | Omna users | To analyze and improve the Services | Legitimate interest |
| 8 | Payment information | Omna users | To provide the Services | Performance of a contract / Legitimate interest |
| 9 | Voluntarily provided personal data, including, but not limited to, personal documents, request description, email, etc. | Omna users, non-registered Omna visitors | To provide support | Performance of a contract / Legitimate interest |
WE USE TRACKING TECHNOLOGIES AND COOKIES
We also collect and store information that is generated automatically as you navigate through our Services to enhance your experience by using tracking technologies.
To understand how we use cookies and similar tracking technologies when you access or interact with our Services, including the types of data collected and the purposes for which such technologies are used, please refer to our Cookie Policy.
MARKETING OFFERINGS AND UPDATES
Based on your separate consent, we may send you the following marketing emails:
- Updates (information about new version releases, new features, or about some issues, or requests to help us make our Services better by taking the survey);
- Tips and tricks (getting started emails, how to get the most out of the Services, educational content);
- Exclusive deals (promo, discounts, upsells and cross-sells);
- Newsletters (announcements and news);
- Digests (we may send emails containing information about the Company, popular blog posts, customer reviews, etc.);
- Activation reminders (welcome emails).
You may always opt-out (unsubscribe) from any marketing communication in your Account (if available), email or via our support at any time, as instructed at the end of this Privacy Policy.
HOW WE SHARE YOUR PERSONAL DATA
We do not authorize the use of your personal data by any third party (only under the conditions described below).
The personal data is not transferred to third parties, except in cases when:
- It is necessary to provide the Services;
- It is necessary to fulfil our legitimate interests;
- It is necessary to comply with our lawful obligation;
- We have received your consent.
As we use third-party services to provide the Services, we may transfer your personal data internationally under DPA in accordance with GDPR and other applicable data protection laws.
We operate and maintain a variety of online security measures to safeguard and keep your personal data private and secure while it is stored and transferred.
The third parties we share personal data with include, in particular:
| Categories | Purpose | Name | Privacy Policy |
|---|---|---|---|
| Data servers | To store and process personal data | AWS | https://aws.amazon.com/privacy/ |
| Analytics | To receive statistics and analytics related to your use of the Services | Amplitude | https://amplitude.com/privacy |
| Analytics | To receive statistics and analytics related to your use of the Services | Google Analytics | https://policies.google.com/privacy |
| Support | To provide support and assistance | Zendesk | https://www.zendesk.com/company/agreements-and-terms/privacy-notice/ |
| Marketing | For marketing-related purposes, including advertising | Meta | https://www.meta.com/help/quest/604840747866880/?srsltid=AfmBOookR8uLJ6J5USmUZie0pTc4tDcZCHjiex-UwqJ0TTnyRUNz8lz1 |
| Billing | To effectively process and manage payments and subscriptions | Stripe | https://stripe.com/privacy |
WHERE YOUR PERSONAL DATA IS STORED
Your personal data is stored on AWS servers, subject to the AWS Privacy Policy. Please consult their Privacy Policy for detailed information: https://aws.amazon.com/privacy/.
ENCRYPTED DATA
We have put in place security hardware, software and network scanning procedures designed to safeguard and secure the information (including personal data) under our control and follow generally accepted industry standards. We work with third-party service providers and vendors that use encryption and authentication to maintain the confidentiality of your personal data. If stored, we house personal information on systems behind firewalls that are accessible only to limited personnel under DPA.
DATA BREACH SITUATIONS
We shall notify the respective data protection authority within 72 hours after we become aware of the data breach and report the following information:
- The nature of the data breach.
- The name and contact details of our responsible person from whom more information can be obtained.
- The possible consequences of the data breach.
- The measures taken or proposed by us to address the data breach.
If the data breach may lead to a violation of your rights and freedoms or has a high risk of this, we shall immediately inform you of the fact of the data breach and report the following information:
- The nature of the data breach in clear and simple language.
- The name and contact details of the responsible person from whom more information can be obtained.
- The possible consequences of breaching the security of personal data.
- The measures taken or proposed by us to address the data breach.
- Useful tips and know-how that can help you in reducing the risks of the data breach.
We do not have to send the notification to you if any of the following conditions are met:
- We have implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the data breach, in particular, those that leave the personal data inaccessible to any person who is not authorized to access it, such as encryption;
- We have taken subsequent measures that ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize; or
- It would involve a disproportionate effort to communicate with every data subject concerned. In such a case, there shall instead be public communication or similar measures whereby the data subjects are informed equally effectively.
If we apply one of the exemptions, we document the circumstances, reason for not informing, and actions taken to meet one of the exemptions.
YOUR RIGHTS
Depending on your personal jurisdiction, you may have the following rights:
- The right to access. You have the right to request an explanation of the personal data we process about you. Also, you can request a copy of your personal data undergoing processing.
- The right to data portability. You have the right to receive the personal data which you have provided to us. You can request to transmit this data directly to another data controller in a structured, commonly used and machine-readable format. We will transmit your data directly to another controller in cases where it is technically feasible.
- The right to restrict processing. You have the right to request that we temporarily or permanently stop processing all or some of your personal data.
- The right to rectify. You have the right to request to rectify/correct any inaccurate data about you.
- The right to erase. You have the right to be forgotten which means that we will delete all personal data that you have provided to us. We may retain certain information as required by law and for legitimate business purposes permitted by law.
- The right to object processing. You can, at any time, object to the processing of your personal data on grounds relating to your particular situation. You have the right to object to your personal data being processed for direct marketing purposes.
- The right to lodge complaints. You have the right to lodge complaints in relation to the data processing activities we carry out with the competent data protection authorities.
- The right not to be subject to automated decision-making. You have the right not to be subject to a decision based solely on automated decision-making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
- The right of confirmation. Each data subject shall have the right to obtain confirmation from the controller on whether personal data is being processed.
- The right to withdraw data protection consent. Each data subject shall have the right to withdraw consent to the processing of personal data at any time.
If one of the abovementioned rights applies, you may contact us at any time, as instructed at the end of this Privacy Policy.
We will comply with your request within 1 (one) calendar month. If we need additional time to comply with your request or if we cannot comply with the request, we will inform you of this within the 1 (one) calendar month period.
CALIFORNIA PRIVACY RIGHTS
This section applies only to residents of California, United States.
Subject to certain conditions and limitations, the California Consumer Privacy Act (“CCPA”) provides California consumers with the right to know the categories and specific pieces of personal information we collect, the right to request deletion of personal information, the right to be free from discrimination, the right to opt-out of selling personal information.
The categories of personal data we collect, the sources we use to collect it, the purposes of personal information collection and the categories of third parties with whom we may share personal information are indicated above in this Privacy Policy.
You can direct us not to “sell” your personal information by clicking/tapping on the link “Do Not Sell My Personal Information” and following the instructions or contacting us via email [email protected]. We will verify your request and inform you accordingly. You may also designate an authorized agent to exercise these rights on your behalf.
CHILDREN’S PRIVACY
The Services are not aimed at children and are not intended for use by children.
The Company is acting in compliance with COPPA. We do not knowingly collect information from children and minors. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide information on our Services without their permission.
Our Services are not directed to, nor do we knowingly collect personal data from children under the age of 13. If we obtain actual knowledge that we have collected personal data from a child, we will comply with industry guidelines and applicable laws and will promptly delete it unless we are legally obligated to retain such data.
DATA STORAGE AND DATA REMOVAL
We process and store personal data only for the period necessary to achieve the purposes of this Privacy Policy, our Terms of Use and as long as this is granted by the applicable laws.
The criteria used to determine the period of storage of personal data is the respective statutory retention period for the purposes of this Privacy Policy and our Terms of Use. After that statutory retention period expires, and when we no longer need personal data, we routinely and securely delete or destroy it.
However, in case of conflict situations in progress, we may store personal data for 180 calendar days or more if the processing is necessary for the establishment, exercise or defense of legal claims and for compliance with a legal obligation which requires processing by applicable laws.
MISCELLANEOUS
We may modify this Privacy Policy at any time and post any changes to the Privacy Policy on the Website and/or Mobile App, so please review it frequently. We indicate the date of the current version of this Privacy Policy above, so you know when it was last updated.
Changes to this Privacy Policy may not affect the personal data we have previously collected from you or after such changes.
If you object to the changes or if you have any questions or propositions, please get in touch with us via email: [email protected].