Legal

Privacy Policy

Last updated: 23 June 2026

Note: This document is a template provided in good faith and is not legal advice. Please have it reviewed by a qualified lawyer or DPO, and complete the fields in [brackets], before relying on it in production.

This Privacy Policy explains how Ohmia.AI ("Ohmia", "we", "us") collects, uses, and protects personal data when you visit ohmia.ai or use our application at app.ohmia.it (the "Service"), in accordance with the EU General Data Protection Regulation (GDPR) 2016/679.

1. Data Controller

The data controller is [Legal entity name], [registered address], VAT/Tax ID [VAT number]. For any privacy request you can contact us at privacy@ohmia.ai.

2. What we collect

Account data — name, email, role, organization, and authentication data (including two-factor settings).
Call data — when you use the live copilot or AI training, audio is processed in real time and transcripts, summaries, and call analytics are generated and stored in your workspace.
Usage data — feature usage, minutes used, and product interactions.
Billing data — plan and payment status. Card details are handled directly by our payment processor and are not stored by us.
Contact & support data — information you send via forms or email.
Technical data — IP address, device/browser information, and cookies (see our Cookie Policy).

3. Why we use it & legal bases

Purpose	Legal basis (GDPR Art. 6)
Provide and operate the Service	Performance of a contract (Art. 6(1)(b))
Security, fraud and abuse prevention, backups	Legitimate interest (Art. 6(1)(f))
Billing and accounting	Contract / legal obligation (Art. 6(1)(b),(c))
Analytics and marketing cookies	Consent (Art. 6(1)(a))
Responding to requests	Legitimate interest / consent

4. Processors & international transfers

We rely on trusted providers ("processors") to deliver the Service. Where data is transferred outside the EU/EEA, transfers are covered by appropriate safeguards such as Standard Contractual Clauses.

Provider	Purpose
Google Cloud / Firebase	Hosting, database, authentication
Stripe	Payment processing
Deepgram	Speech-to-text (real-time transcription)
ElevenLabs	Voice synthesis (AI training)
Google (Gemini)	AI generation of suggestions and summaries

5. Retention

We keep personal data only as long as necessary for the purposes above, for the life of your account, and as required by law (e.g., accounting). Consent records are kept as proof of consent for the period required by applicable rules. You can request deletion at any time.

6. Your rights

You have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent at any time without affecting prior processing. You may also lodge a complaint with your supervisory authority (in Italy, the Garante per la protezione dei dati personali). To exercise your rights, write to privacy@ohmia.ai.

7. Security

We protect data with encryption in transit, application-level protections, rate limiting and a web application firewall, two-factor authentication, and daily backups, hosted on Google Cloud.

8. Changes

We may update this policy. The "last updated" date reflects the latest version, and material changes will be communicated in the Service.