Privacy Policy
🇩🇪 Deutsche Version (Datenschutzerklärung)
1. Data Controller
The data controller responsible for processing personal data on omnioview.com (the "Service") is:
Gregory Keegan, trading as AgileAI Consulting
Tiefenseer Str. 3, 13439 Berlin, Germany
Email: contact@omnioview.com
General contact: contact@omnioview.com
Phone: +49 171 543 63 95
VAT ID: DE451353850
References to "we", "us", or "our" refer to Gregory Keegan trading as AgileAI Consulting as the operator of omnioview.com. This policy is issued in accordance with GDPR Art. 13 and §5 DDG (Digitale-Dienste-Gesetz).
2. Data Protection Officer
As a sole trader whose processing does not reach the thresholds set out in GDPR Art. 37, we are not required to appoint a Data Protection Officer. For all data protection enquiries, please contact Gregory Keegan directly at contact@omnioview.com.
3. Scope
This Policy describes how we collect, use, store, share, and protect personal data when you:
- Visit the omnioview.com website or marketing pages
- Register for an account, whether individually or as part of a team workspace
- Purchase, trial, or use a subscription to the Service
- Interact with AI-powered features (for example automated backlog suggestions, sprint summaries, standup digests, or risk detection)
- Connect third-party integrations (for example Jira, GitHub, GitLab, Slack, Microsoft Teams, calendar providers)
- Contact support
Where your employer or organisation administers a workspace on your behalf, that organisation is a joint or separate controller for the project content and member data held in that workspace. We act as a processor in respect of that content. This is addressed in Section 12 (Workspace and Team Data).
4. Legal Bases for Processing (GDPR Art. 6)
We only process personal data where we have a valid legal basis. The table below maps each processing activity to its basis under Art. 6(1) GDPR.
| Processing Activity | Categories of Data | Legal Basis |
|---|---|---|
| Account creation, authentication, provision of the Service under a subscription | Name, email, password hash, workspace membership, billing data, product usage | Art. 6(1)(b) — Performance of a contract |
| Processing subscription payments, invoicing, tax documentation | Name, billing address, payment method metadata, invoice data | Art. 6(1)(b) — Contract / Art. 6(1)(c) — Legal obligation (§§257–258 HGB; §147 AO) |
| Responding to enquiries and providing customer support | Name, email, message content, workspace ID, product logs | Art. 6(1)(b) — Contract / pre-contractual steps |
| Sending service notifications (security alerts, billing receipts, maintenance windows) | Name, email, account identifier | Art. 6(1)(b) — Contract |
| Sending marketing communications and product updates | Name, email | Art. 6(1)(a) — Consent (opt-in, withdrawable at any time) |
| AI-powered features processing project content (backlog items, tickets, sprint notes) | Prompt inputs, project text, user-provided attachments, AI-generated outputs | Art. 6(1)(b) — Contract |
| Using aggregated or anonymised usage data to improve the Service | Event logs, feature usage, error telemetry | Art. 6(1)(f) — Legitimate interest (product improvement) |
| Website analytics to understand traffic patterns | IP address (anonymised), device information, referrer, pages viewed | Art. 6(1)(a) — Consent via cookie banner |
| Security monitoring, abuse prevention, rate limiting, fraud detection | IP address, device fingerprint, access and authentication logs, anomaly signals | Art. 6(1)(f) — Legitimate interest (platform and user protection) |
| Complying with legal obligations (tax, accounting, law-enforcement requests) | Name, address, invoice and payment records, as required | Art. 6(1)(c) — Legal obligation (§§257–258 HGB; §147 AO) |
Where we rely on legitimate interest (Art. 6(1)(f)), we have carried out a balancing assessment. You have the right to object at any time (see Section 10).
5. Data We Collect
5.1 Data you provide directly
- Identity and account data: name, email address, password (stored hashed), profile picture, role within your workspace
- Workspace and team data: workspace name, members, roles, billing contact
- Payment data: billing address, VAT ID (if applicable), payment method metadata returned by our payment processor. We do not store full card numbers.
- Project and content data: tasks, tickets, backlog items, sprints, epics, comments, attachments, labels, time tracking, and any other content you enter into the Service
- AI interaction data: prompts and inputs you submit to AI features, plus the resulting outputs
- Integration data: OAuth tokens, webhook payloads, and metadata from connected tools you authorise
- Support communications: messages you send to our support team
5.2 Data we collect automatically
- Technical data: IP address, browser type and version, operating system, device type, language, time zone
- Usage data: pages viewed, features used, click events, session duration, API request metadata
- Security and audit logs: authentication events, password resets, permission changes
- Cookies and similar technologies: see Section 11
5.3 Data we receive from third parties
- Single sign-on providers (Google, Microsoft, GitHub, GitLab, SAML IdPs) where you use SSO
- Integration providers (for example Jira, GitHub, Slack) where you authorise data exchange with your omnioview workspace
- Payment processor (billing status, payment method metadata)
6. How We Use Your Data
We use personal data to:
- Provide, operate, secure, and maintain the Service
- Authenticate users and enforce workspace permissions
- Process payments, send invoices, and meet our accounting obligations
- Deliver AI features requested by you or your workspace administrator
- Respond to enquiries and provide customer support
- Send transactional and security notifications
- Analyse aggregated usage to improve the Service and develop new features
- Prevent abuse, detect anomalies, and protect the platform
- Comply with legal obligations and respond to lawful requests
- Send marketing communications where you have consented, or under the narrow soft opt-in rules for existing customers for similar products (you can opt out at any time) — see §7 Abs. 3 UWG
We do not train our AI models on your project content, prompts, or outputs without your explicit, separately obtained consent. The default configuration disables any use of your content for model training.
7. AI Features, Models, and Transparency
omnioview.com incorporates AI features to help you manage projects — for example generating sprint summaries, suggesting backlog priorities, producing release notes, or surfacing risks from project content.
7.1 How AI is used
- AI outputs are generated in response to inputs you or your workspace administrator submit.
- AI outputs are clearly identified within the interface as AI-generated.
- AI recommendations are advisory. A human retains decision authority for any action taken in the Service.
- We retain AI interaction logs for 90 days for abuse detection and quality improvement, then delete or irreversibly anonymise them. Workspace administrators may configure a shorter retention window.
7.2 Sub-processors for AI
AI features are powered by third-party model providers disclosed in Section 9. Your inputs and outputs are transmitted to those providers under Art. 28 DPAs and, where applicable, Standard Contractual Clauses. We require contractual commitments that your inputs and outputs are not used to train the providers' models.
7.3 No automated decisions with legal effect
AI features in omnioview.com do not produce decisions that have legal effect or similarly significant effect on you within the meaning of GDPR Art. 22. If this changes, we will notify you in advance and obtain any required consent.
7.4 EU AI Act
We act as a deployer (not a provider) of general-purpose AI systems within the meaning of Regulation (EU) 2024/1689. Our obligations fall primarily under Art. 26 (deployer obligations) and Art. 50 (transparency). We do not represent that omnioview.com is certified as "EU AI Act compliant"; no such certification scheme currently exists for deployers.
8. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Active account data | Duration of account | Contract |
| Account data after account closure | 90 days (grace period for reactivation), then deleted or anonymised | Contract; legitimate interest |
| Project and workspace content | Duration of workspace; deleted or exported within 30 days of workspace deletion | Contract |
| AI interaction logs | 90 days (configurable by workspace admin down to 7 days) | Legitimate interest / contract |
| Payment and invoicing records | 10 years from the end of the financial year | Legal obligation (§257 HGB; §147 AO) |
| Marketing consent records | Until consent is withdrawn + 3 years | Legal obligation to evidence consent (§7 UWG) |
| Support correspondence | 3 years from last contact | Legitimate interest; limitation period (§195 BGB) |
| Security and audit logs | 12 months | Legitimate interest (security) |
| Technical server logs | 90 days | Legitimate interest (security monitoring) |
| Website analytics (if enabled) | Up to 14 months | Consent |
Where you request deletion before a retention period expires, we will comply unless retention is required by law.
9. Data Sharing, Sub-processors, and International Transfers
We do not sell, rent, or trade personal data. We engage the following sub-processors, each bound by a GDPR Art. 28-compliant Data Processing Agreement.
| Sub-processor | Purpose | Location | Transfer Safeguard |
|---|---|---|---|
| Render Services, Inc. | Application hosting (web, API, scheduled jobs) and managed PostgreSQL database | USA, with EU region (Frankfurt) selected for omnioview.com | Standard Contractual Clauses (SCCs, EU Commission Decision 2021/914); Render DPA |
| Anthropic PBC | AI model inference for platform AI features (Claude Sonnet 4 family or later, as configured per the omnioview infrastructure). Inputs and outputs are retained for up to 30 days for trust and safety monitoring and are not used to train Anthropic's models. | USA | Standard Contractual Clauses; Anthropic Commercial Terms |
| Twilio Inc. (SendGrid) | Transactional email delivery (account verification, security alerts, billing receipts, password resets) | USA | EU–US Data Privacy Framework (Twilio certified); SCCs as fallback; Twilio DPA |
| Object storage — one of: Amazon Web Services EMEA SARL (AWS S3, eu-central-1 / Frankfurt); Cloudflare, Inc. (R2, EU jurisdiction setting); or self-hosted MinIO under our operational control. | Storage of user-uploaded attachments and generated artefacts (e.g. PDF exports) | EU (default) | AWS: SCCs and EU–US DPF; Cloudflare: SCCs and EU jurisdiction; MinIO: EU/EEA operation only |
| Stripe Payments Europe, Limited (SPEL) / Stripe, Inc. | Subscription billing, payment method handling, invoicing, fraud prevention | Ireland (EU) — SPEL for EU customers; USA — Stripe, Inc. (global) | SPEL is EU-resident — no international transfer for EU customers; Stripe, Inc.: EU–US Data Privacy Framework (Stripe certified); SCCs; Stripe DPA; PCI DSS Level 1 |
We do not currently use third-party product analytics, error monitoring, or customer support tools that process personal data. If we add any, this Policy will be updated and, where required, your consent obtained before those tools are activated.
We may also share data:
- With legal and regulatory authorities where required by law or valid legal process
- With a successor entity in the event of a business transfer or acquisition, under continued privacy protection
- With other parties with your explicit prior consent
You may request a copy of the relevant Standard Contractual Clauses or further information about transfer safeguards at contact@omnioview.com.
10. Your Rights Under GDPR
To exercise any of these rights, contact us at contact@omnioview.com. We respond within one month (extendable by a further two months for complex requests).
Right of Access (Art. 15 GDPR) — Request a copy of personal data we hold about you and information about how it is processed.
Right to Rectification (Art. 16 GDPR) — Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17 GDPR) — Request deletion where data is no longer necessary, consent has been withdrawn, or processing is unlawful. Subject to legal retention obligations.
Right to Restriction (Art. 18 GDPR) — Limit processing in specified circumstances.
Right to Data Portability (Art. 20 GDPR) — Receive your personal data in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means. omnioview.com provides self-service export for workspace content in JSON and CSV formats.
Right to Object (Art. 21 GDPR) — Object at any time to processing based on legitimate interest, including profiling. We cease processing unless we demonstrate compelling legitimate grounds. You may object to direct marketing at any time.
Rights Related to Automated Decision-Making (Art. 22 GDPR) — Not to be subject to a decision based solely on automated processing with legal or similarly significant effect. Our AI features do not produce such decisions.
Right to Withdraw Consent — Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint (Art. 77 GDPR) — Lodge a complaint with the supervisory authority in your EU member state. The supervisory authority for omnioview.com is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
Tel: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: datenschutz-berlin.de
11. Cookies and Similar Technologies
We use cookies and similar technologies. In line with §25 TDDDG, non-essential cookies are only set after you give prior informed consent via our cookie banner.
- Strictly necessary: session, authentication, CSRF protection, load balancing. No consent required.
- Functional / Preferences: language, layout, UI settings. Consent required.
- Analytics: aggregated product usage. Consent required.
- Marketing: not used by default. Consent required if introduced.
You can change your choices at any time via the cookie banner or your browser settings. See our separate Cookies for the full cookie register.
12. Workspace and Team Data
Where you use omnioview.com as a member of a workspace administered by your employer or organisation, that organisation acts as the controller for the project content and member data within its workspace, and we act as a processor on its instructions under a Data Processing Agreement.
Workspace administrators can:
- Add and remove members, change roles, and reset credentials
- Access, export, and delete project content created within the workspace
- Configure retention windows for AI interaction logs (subject to our minimum)
- Disable or enable AI features
If you have questions about how your workspace administrator handles your data, contact them first. Your statutory rights against us as a sub-processor are preserved.
13. Data Security
We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These include:
- End-to-end TLS 1.2 or higher for all data in transit
- AES-256 encryption for personal data at rest
- Role-based access control and least-privilege principles
- Multi-factor authentication for administrative access
- Secrets management and rotation for credentials, tokens, and API keys
- Regular security reviews, dependency scanning, and penetration testing
- Documented incident response; we notify affected users and the supervisory authority of qualifying personal data breaches within 72 hours as required by GDPR Art. 33 and 34
14. Children
omnioview.com is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us at contact@omnioview.com and we will delete it promptly.
15. Links and Third-Party Sites
The Service may link to third-party websites, including agileai.coach. We are not responsible for the privacy practices of those sites. Review their own privacy policies before sharing personal data.
16. Changes to This Policy
This Privacy Policy may be updated to reflect changes in our practices or applicable law. Material changes will be notified by email or a prominent in-product notice at least 30 days before they take effect. We will not reduce your rights without explicit notice and, where required, renewed consent. The "Last updated" date and version number reflect the current revision.
17. Contact
For questions about this Privacy Policy, to exercise your data subject rights, or to raise a concern:
Gregory Keegan, trading as AgileAI Consulting
Tiefenseer Str. 3, 13439 Berlin, Germany
Email: contact@omnioview.com
Phone: +49 171 543 63 95