Legal
Privacy Policy
Last updated: 16 March 2026
1. Introduction
Omniday ApS ("Omniday", "we", "us", or "our"), a company incorporated and registered in Denmark (CVR number: 41509775), is the data controller responsible for your personal data.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.omniday.ai and use our services (the "Platform"). It is written in compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 and the Danish Data Protection Act (Databeskyttelsesloven).
2. Data We Collect
We may collect the following categories of personal data:
| Category | Examples | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Identity & Contact | Full name, email, phone number, company name | Art. 6(1)(b) — contractual necessity |
| Account Data | Login credentials, workspace settings | Art. 6(1)(b) — contractual necessity |
| Usage Data | Pages visited, features used, session duration | Art. 6(1)(f) — legitimate interest |
| Technical Data | IP address, browser type, device identifiers | Art. 6(1)(f) — legitimate interest |
| Communication Data | Support tickets, chat transcripts processed by the Platform | Art. 6(1)(b) — contractual necessity |
| Cookie & Tracking | Cookie identifiers, analytics events | Art. 6(1)(a) — consent |
3. How We Use Your Data
- Provide, maintain, and improve the Platform
- Process demo requests and sales inquiries
- Send transactional emails (e.g., account verification, billing)
- Send marketing communications — only with your explicit opt-in consent; you can unsubscribe at any time
- Monitor for fraud, abuse, and security incidents
- Comply with legal obligations under Danish and EU law
- Analyse aggregated, anonymised usage patterns to improve our product
4. Data Sharing & Sub-Processors
We do not sell your personal data. We share data only with trusted sub-processors that are bound by GDPR-compliant Data Processing Agreements (DPAs):
- Microsoft Azure (EU West) — cloud hosting and infrastructure
- Resend — transactional email delivery
- Azure Application Insights — performance monitoring and error tracking
All sub-processors are either EU-based or have executed Standard Contractual Clauses (SCCs) for any data transfers outside the EEA, in accordance with GDPR Articles 44–49.
5. International Data Transfers
Our primary infrastructure is hosted on Microsoft Azure in the West Europe (Amsterdam) region. Where data is processed outside the EEA, we rely on:
- EU Commission adequacy decisions (GDPR Art. 45)
- Standard Contractual Clauses (GDPR Art. 46(2)(c))
- Supplementary technical measures (encryption at rest and in transit)
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law.
- Account data: retained for the duration of your subscription, plus 30 days after account deletion
- Demo request data: retained for up to 12 months from submission
- Analytics data: anonymised or deleted after 26 months
- Invoicing records: retained for 5 years per Danish Bookkeeping Act (Bogforingsloven)
7. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights under GDPR Articles 15–22:
- Right of Access (Art. 15) — obtain a copy of your personal data
- Right to Rectification (Art. 16) — correct inaccurate data
- Right to Erasure (Art. 17) — request deletion of your data ("right to be forgotten")
- Right to Restriction (Art. 18) — restrict processing in certain circumstances
- Right to Data Portability (Art. 20) — receive your data in a machine-readable format
- Right to Object (Art. 21) — object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7(3)) — withdraw consent at any time without affecting lawfulness of prior processing
To exercise any of these rights, contact us at privacy@omniday.ai. We will respond within 30 days as required by GDPR.
8. Cookies
We use cookies in accordance with the Danish Executive Order on Cookies (Cookiebekendtgorelsen) and the ePrivacy Directive. For details, see our on-site Cookie Consent Banner. You can manage or withdraw cookie consent at any time.
- Strictly Necessary: required for the website to function (no consent needed)
- Analytics: help us understand traffic and usage patterns (consent required)
9. Security
We implement industry-standard technical and organisational measures to protect your data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. For more detail, see our Security page.
10. Children's Privacy
Our Platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before they take effect. Your continued use of the Platform after the effective date constitutes acceptance.
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
- Website: datatilsynet.dk
- Email: dt@datatilsynet.dk
- Phone: +45 33 19 32 00
13. Contact
For any questions about this Privacy Policy or your personal data:
- Omniday ApS
- Email: privacy@omniday.ai
- Address: Industrivej 21, 4000 Roskilde, Denmark