Oomira Holdings Inc. ("Oomira", "we", "our", or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and retain personal information in connection with our platform, which enables users to structure, store, and interact with personal and corporate memory in a secure, traceable, and privacy-conscious manner (the "Service").
Our platform is designed with privacy-by-design principles, emphasizing user control, data minimization, and transparent processing practices that prioritize your agency over your personal information while enabling meaningful functionality and innovation.
This Policy applies to personal information collected through our website and mobile applications, our APIs and developer tools, third-party integrations you authorize, and customer support interactions. Different rules apply to data obtained through specific integrations as detailed in the Special Categories section below, and we maintain separate agreements and protocols for enterprise clients and business partners.
We collect several categories of information to provide and improve our services. Your account information includes your name, email address, account credentials, profile information and preferences, and account security information such as multi-factor authentication settings and login history.
The service data we collect consists of content you create, upload, or import including timelines, events, and notes, structured data objects and memory graphs you generate, and tags, annotations, and metadata you add to enhance your personal memory infrastructure.
When you connect third-party services to your account, we collect integration data that varies depending on the service. For financial services accessed through Plaid, we collect transaction data, account balances, and institution names, though this information is subject to special restrictions detailed below. From professional networks, we may collect profile information, connections, and activity data. Email service integrations may provide message metadata and contacts with your permission. Identity verification through Jumio involves collecting document images and verification results, which we retain only as required for compliance purposes.
We also collect technical information necessary for service operation including device identifiers, IP addresses, browser information, usage analytics and interaction patterns, performance metrics, and error logs. We do not knowingly collect information from individuals under thirteen years of age.
Under Canadian privacy law, specifically the Personal Information Protection and Electronic Documents Act, and applicable international frameworks, we process personal information based on several legal grounds. Most data collection and use requires your express consent, which we obtain through clear and prominent disclosures. We also process information where contractual necessity requires it to provide services you have requested. In certain circumstances, we rely on legitimate interests for service improvement, security, and business operations, though only where legally permitted and balanced against your privacy rights. Finally, we process information to meet legal compliance obligations imposed by applicable regulations.
We use your personal information primarily for core service functions including operating and maintaining your account, processing and structuring your data as you direct, enabling authorized integrations and data synchronization, and providing customer support.
Service improvement activities include analyzing usage patterns to enhance functionality, developing new features and capabilities, and conducting research and development using aggregated, de-identified data that cannot be traced back to individual users.
We communicate with you through account notifications and service updates, security alerts and important notices, and marketing communications where you have provided consent, which you may withdraw at any time by unsubscribing.
Legal and security uses include fraud prevention and security monitoring, compliance with legal obligations, and protecting the rights and safety of users and the general public.
Certain types of data we collect are subject to enhanced protections and specific restrictions that exceed our general privacy practices.
Financial data obtained through our Plaid integration is governed by strict limitations. This information is used only for the specific services you request and we do not sell, rent, or monetize Plaid-sourced financial information under any circumstances. However, if you independently choose to input financial information and designate it as public on our platform, such information may be included in our public data offerings. Retention of Plaid-sourced data is limited to what is necessary for service provision, and we do not share this data except as explicitly authorized by you or required by law. When you disconnect the integration or close your account, this data is deleted according to predetermined schedules.
Identity verification data processed through Jumio is handled with particular care. Document images are processed only for verification purposes, and any biometric data is not retained beyond the verification process. This Jumio-sourced verification data is not commercialized in any form. However, identity-related information that you separately choose to input and make public on our platform may be included in our commercial data offerings. Verification results may be kept for compliance purposes as required by applicable regulations, and Jumio-sourced data is subject to enhanced security controls throughout its lifecycle.
We share your information in limited circumstances and always with appropriate safeguards. With your explicit consent, we may share information when you choose to publish or share content, through features you explicitly enable, or with specific third parties you authorize.
We work with carefully selected service providers for cloud infrastructure and hosting, identity verification services, payment processing, and customer support tools. All such vendors are bound by strict confidentiality and data protection agreements that require them to maintain privacy standards equivalent to our own.
Legal requirements may compel us to disclose information when required by Canadian or applicable foreign law, court orders or legal process, government investigations, or emergency situations involving safety or security concerns.
In connection with business transactions such as mergers, acquisitions, or asset sales, personal information may be transferred to successor entities, though always subject to equivalent privacy protections and user notification requirements.
We want to be clear that we do not sell personal information to third parties for marketing purposes, nor do we engage in the type of data brokerage activities that characterize many technology platforms.
We operate a platform that enables both private memory management and public information sharing, and we may monetize these services in several ways. We may create commercial value from aggregated, anonymized usage statistics that cannot be linked to individual users, non-personal service analytics that help us understand platform performance, and features and functionality that you explicitly opt into with full knowledge of any commercial implications.
We may also provide commercial access to information that users have designated as public or have explicitly made available for commercial use. This includes offering API access to public records, datasets, timelines, and other structured information that users have chosen to publish or share publicly through our platform. When you designate information as public on our platform, you understand and agree that such information may be accessed by third parties, including through paid API services we may offer.
We maintain explicit restrictions on certain commercialization activities. Personal financial data obtained specifically through Plaid integrations is never monetized, but financial information that you independently choose to input and designate as public may be included in our commercial offerings. Identity verification data obtained through Jumio is not commercialized, but identity-related information that you voluntarily make public on our platform may be commercially available. Private information that you have not designated as public is not included in any commercial data offerings. Individual behavioral profiles and private usage patterns derived from your platform usage are not sold to third parties regardless of anonymization.
Oomira operates from Canada but utilizes global service providers to deliver our platform effectively. When personal information is transferred outside Canada, we ensure adequate protection through contractual safeguards, compliance with cross-border transfer requirements, and equivalent privacy standards in destination countries. Primary data processing occurs in Canada and the United States, though we may utilize service providers in other jurisdictions with adequate privacy protections.
We retain personal information only as long as necessary for providing requested services, meeting legal and regulatory requirements, and resolving disputes and enforcing agreements. Account information is retained until account deletion plus thirty days for administrative purposes. Financial data is retained until integration disconnection plus any legal minimums required by financial regulations. Identity verification data is retained as required by applicable regulations, which may vary by jurisdiction. Usage analytics are maintained for up to two years in aggregated form to support service improvement initiatives.
Subject to applicable law, you have comprehensive rights regarding your personal information. You may request access to and portability of your personal information, including copies of all data we maintain about you and the ability to export your data in structured formats. You also have the right to understand how your information is being used and the purposes for which we process it.
You may correct inaccurate information, update your profile and preferences, and modify integration settings at any time through your account dashboard or by contacting us directly.
Deletion and restriction rights include the ability to delete your account and associated data, request deletion of specific categories of information, and restrict certain processing activities where you have concerns about particular uses of your data.
You may object to specific uses of your information, withdraw consent where consent is the legal basis for processing, and opt out of marketing communications while continuing to receive essential service-related notices.
To exercise these rights, contact us at privacy@oomira.com with sufficient information to verify your identity and specify the nature of your request.
We implement comprehensive security measures designed to protect your information against unauthorized access, disclosure, alteration, and destruction. Our technical safeguards include encryption of data in transit and at rest using industry-standard protocols, multi-factor authentication requirements for administrative access, regular security assessments and updates, and secure development practices integrated throughout our software lifecycle.
Organizational controls include role-based access controls that limit employee access to personal information based on job function, employee training and background checks for personnel with access to sensitive systems, comprehensive incident response procedures, and vendor security requirements that extend our privacy commitments to third-party service providers.
In the event of a data breach that poses a risk of significant harm, we will notify affected users and regulators within seventy-two hours as required by applicable law, provide clear information about the nature and scope of the incident, and take immediate steps to contain and remediate any security vulnerabilities.
We use cookies and similar technologies for essential service functionality that enables core platform features, performance monitoring and analytics to understand how users interact with our services, and personalization and user preferences to enhance your experience. You can control cookies through your browser settings, though disabling certain cookies may affect service functionality and your ability to access certain features.
Our platform may integrate with or link to third-party services that have their own privacy policies and practices. While we are not responsible for third-party privacy practices, we select integration partners based on their privacy and security standards and require contractual commitments to data protection where we share user information. We encourage you to review the privacy policies of any third-party services you choose to connect to your Oomira account.
We do not knowingly collect personal information from children under thirteen years of age. If we become aware of such collection, we will delete the information promptly and terminate any associated account. Parents or guardians who believe their child has provided personal information to us should contact us immediately at privacy@oomira.com.
We may update this Privacy Policy to reflect changes in our services or practices, new legal requirements, or enhanced privacy protections. Material changes will be communicated through email notification to registered users, prominent website posting, and in-app notifications where appropriate. Continued use of our services after changes take effect constitutes acceptance of the updated policy, though we will provide reasonable notice and, where required by law, seek renewed consent for materially different uses of your information.
If you have concerns about our privacy practices, we encourage you to contact us directly at privacy@oomira.com so we can address your concerns promptly and effectively. If direct resolution is not possible, you may file a complaint with the Privacy Commissioner of Canada or the relevant privacy authority in your jurisdiction. We are committed to working cooperatively with privacy regulators and will participate in any investigation or mediation process in good faith.
Our Privacy Officer can be reached at Oomira Holdings Inc., 1211 Foreman Road, Port Carling, Ontario P0B 1J0, Canada. For privacy-related inquiries, contact privacy@oomira.com. General inquiries may be directed to app@oomira.com.
This Privacy Policy is governed by Canadian law and is designed to comply with the Personal Information Protection and Electronic Documents Act, the General Data Protection Regulation where applicable, and other relevant privacy regulations that may apply to our users and operations.