This is the privacy policy for Omnifill ("we", "us", "our"), available at omnifill.net and dashboard.omnifill.net. We'll try to write this in plain language. If something is unclear, email us and we'll explain it.
Omnifill is a SaaS tool that helps small businesses and creators aggregate and manage orders from multiple sales sources. The service is operated by Glare Studios, LLC, a single-member Delaware limited liability company.
Business address:
131 Continental Dr
Newark, DE, US
Business phone: +1 302 610 0190
Official contact email: [email protected]
Our EU data protection representative and privacy contact is:
Jakov Jandrić from Zagreb, Croatia
[email protected]
For data protection matters, you can reach us at: [email protected]
When you sign up, we collect account details such as your name, username, email address, password authentication data, verification status, and account settings. Passwords are never stored in plain text. If you use Google OAuth, authentication is handled by Google and we do not store your Google password.
When you subscribe, your payment is processed by Stripe. We store a Stripe customer ID and subscription status on our end. Your full card details are held by Stripe and never touch our servers.
To pull in your orders, you connect your sales platforms (Stripe, PayPal, BackerKit, etc.). Depending on the platform, we may store OAuth tokens, API keys, or similar credentials. Sensitive integration credentials are encrypted at rest and used only to fetch your order data on your behalf. For PayPal, this may include access and refresh tokens that allow Omnifill to sync transaction records for the PayPal account you choose to connect.
If you connect PayPal, PayPal may share basic profile information you approve during OAuth, such as your name and email address. When you sync PayPal orders, Omnifill may receive transaction IDs, dates, payer/customer details, shipping details, product or transaction notes, amounts, currencies, and transaction statuses. We use this data only to create and update order records in your Omnifill account.
When Omnifill syncs your orders, it stores order records in your account. These records contain your customers' data: names, email addresses, shipping addresses, and purchase amounts. This is third-party personal data - it belongs to you and your customers, not to us.
We collect basic server logs (IP addresses, timestamps, which pages were accessed) to keep the service running and debug problems. We don't use this for advertising or profiling.
We do not use your data - or your customers' data - for advertising, profiling, or any purpose beyond operating the service for you.
When Omnifill acts as a data controller, we rely on these legal bases where GDPR applies:
Omnifill acts as a data processor when it handles your customers' personal information for your order management workflow. You are the data controller for that data.
This means:
If you are subject to GDPR or similar regulations, you are responsible for ensuring you have the legal basis to process your customers' data and to connect their order information to third-party tools like Omnifill.
For business customers that need GDPR Article 28 terms, our Data Processing Addendum is available on request at [email protected] and forms part of the agreement once accepted by both parties.
Your application data is stored on servers in the EU. Some third-party services we use may process limited data outside the EU/EEA, as described below.
We retain your data for as long as your account is active. If you delete your account, we will delete all associated data - your account details, connected source credentials, and all stored order records - within 30 days.
You can request account deletion by emailing [email protected].
We use a small number of third-party services to operate Omnifill:
We don't sell your data to any third party, ever.
We require service providers that process personal data for Omnifill to use appropriate confidentiality, security, and data protection commitments. If personal data is transferred outside the EU/EEA, we rely on an appropriate transfer mechanism, such as an adequacy decision, the European Commission Standard Contractual Clauses, or another lawful transfer mechanism.
A current sub-processor summary is available on request at [email protected].
We use cookies only for what's strictly necessary:
We use Google Analytics cookies to understand aggregate website and product usage. We don't use advertising cookies or tracking pixels.
Wherever you're based, you can:
EU/EEA users have these rights under the GDPR. To exercise any of them, email [email protected]. We'll respond within 30 days.
If you believe we've mishandled your data, you have the right to lodge a complaint with your national data protection authority. If you're in Croatia, that's the Croatian Personal Data Protection Agency, AZOP.
We take reasonable technical and organisational measures to protect your data: encrypted connections (HTTPS), encrypted sensitive integration credentials, no plain-text password storage, and restricted access to production systems. No system is perfectly secure, but we take this seriously.
Omnifill is designed to support GDPR-aware order processing by limiting use of customer order data to the service you request, keeping application data in the EU, supporting deletion requests, and maintaining a named EU privacy contact. We do not currently claim an independent GDPR certification or official GDPR seal.
If we make material changes to this policy, we'll notify you by email and update the "Last updated" date at the top of this page. Continuing to use Omnifill after that date means you accept the updated policy.
For any privacy-related questions or data requests:
Glare Studios, LLC
131 Continental Dr
Newark, DE, US
+1 302 610 0190
We aim to respond within 5 business days.