Privacy Policy

Last updated: 2026-05-18

This is the privacy policy for Omnifill ("we", "us", "our"), available at omnifill.net and dashboard.omnifill.net. We'll try to write this in plain language. If something is unclear, email us and we'll explain it.

1. Who We Are

Omnifill is a SaaS tool that helps small businesses and creators aggregate and manage orders from multiple sales sources. The service is operated by Glare Studios, LLC, a single-member Delaware limited liability company.

Business address:

131 Continental Dr
Newark, DE, US

Business phone: +1 302 610 0190

Official contact email: [email protected]

Our EU data protection representative and privacy contact is:

Jakov Jandrić from Zagreb, Croatia
[email protected]

For data protection matters, you can reach us at: [email protected]

2. What Data We Collect

Your account data

When you sign up, we collect account details such as your name, username, email address, password authentication data, verification status, and account settings. Passwords are never stored in plain text. If you use Google OAuth, authentication is handled by Google and we do not store your Google password.

Subscription and billing data

When you subscribe, your payment is processed by Stripe. We store a Stripe customer ID and subscription status on our end. Your full card details are held by Stripe and never touch our servers.

Connected source credentials

To pull in your orders, you connect your sales platforms (Stripe, PayPal, BackerKit, etc.). Depending on the platform, we may store OAuth tokens, API keys, or similar credentials. Sensitive integration credentials are encrypted at rest and used only to fetch your order data on your behalf. For PayPal, this may include access and refresh tokens that allow Omnifill to sync transaction records for the PayPal account you choose to connect.

PayPal profile and transaction data

If you connect PayPal, PayPal may share basic profile information you approve during OAuth, such as your name and email address. When you sync PayPal orders, Omnifill may receive transaction IDs, dates, payer/customer details, shipping details, product or transaction notes, amounts, currencies, and transaction statuses. We use this data only to create and update order records in your Omnifill account.

Order data from your connected sources

When Omnifill syncs your orders, it stores order records in your account. These records contain your customers' data: names, email addresses, shipping addresses, and purchase amounts. This is third-party personal data - it belongs to you and your customers, not to us.

Usage data

We collect basic server logs (IP addresses, timestamps, which pages were accessed) to keep the service running and debug problems. We also keep a first-party, cookieless aggregate page-view count with the site host, page path, page title, referrer host, and timestamp. We do not store an analytics user ID for this counter, and we do not send this first-party counter to Google. With your permission, we also use third-party analytics and ad measurement tools to understand aggregate website usage, signup conversion, and campaign performance.

3. How We Use Your Data

To provide and operate the Omnifill service
To process your subscription via Stripe
To authenticate you via Google OAuth
To connect PayPal accounts you authorize and sync PayPal transaction/order data
To sync and display your order data across connected sources
To contact you about your account (e.g. subscription changes, important service updates)
To diagnose technical problems
To measure website and campaign performance where you have allowed optional analytics and ad measurement

We do not use your connected order data, integration credentials, or your customers' data for advertising, profiling, or any purpose beyond operating the service for you.

Legal bases for controller processing

When Omnifill acts as a data controller, we rely on these legal bases where GDPR applies:

Contract: to create your account, authenticate you, provide the dashboard, sync orders you ask us to sync, process subscriptions, and provide support
Legitimate interests: to secure the service, prevent abuse, maintain logs, improve reliability, and understand aggregate usage
Consent: where we ask for optional permissions, such as connecting a third-party account through OAuth or using non-essential analytics where required
Legal obligation: where we must keep records or respond to lawful requests

4. Your Customers' Data

Omnifill acts as a data processor when it handles your customers' personal information for your order management workflow. You are the data controller for that data.

This means:

Your customers' data belongs to you and them
We only process it because you've instructed us to (by connecting a sales source)
We use it only to provide the service to you, including syncing, normalizing, displaying, managing, routing, and exporting orders
If a customer contacts us directly about their data, we'll direct them to you as the appropriate controller

If you are subject to GDPR or similar regulations, you are responsible for ensuring you have the legal basis to process your customers' data and to connect their order information to third-party tools like Omnifill.

For business customers and partners that need GDPR Article 28 terms, our Data Processing Agreement forms part of the agreement once accepted.

5. Data Storage and Retention

Your application data is stored on servers in the EU. Some third-party services we use may process limited data outside the EU/EEA, as described below.

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data - your account details, connected source credentials, and all stored order records - within 30 days.

You can request account deletion by emailing [email protected].

6. Third-Party Services

We use a small number of third-party services to operate Omnifill:

Stripe - subscription billing. Stripe processes your payment details under their own privacy policy.
PayPal - connected account OAuth and transaction/order syncing when you choose to connect PayPal. PayPal processes your data under their own privacy policy.
Google OAuth - sign-in. Google handles authentication under their own privacy policy.
Google Analytics - website and product usage analytics. Google processes analytics data under their own privacy policy.
Microsoft Clarity - website and product usage analytics. Microsoft processes analytics data under their own privacy policy.
Meta Pixel - optional website ad measurement and conversion reporting. Meta processes this data under their own privacy policy.

We don't sell your data to any third party, ever.

We require service providers that process personal data for Omnifill to use appropriate confidentiality, security, and data protection commitments. If personal data is transferred outside the EU/EEA, we rely on an appropriate transfer mechanism, such as an adequacy decision, the European Commission Standard Contractual Clauses, or another lawful transfer mechanism.

A current sub-processor summary is available on request at [email protected].

7. Cookies

We use required cookies and similar browser storage for what's strictly necessary:

A session cookie to keep you logged in
A CSRF token to protect your account from cross-site request forgery attacks
A local consent record so we can remember your cookie choice

Before you make a cookie choice, Google Analytics may run in consent mode with analytics storage denied so we can receive cookieless aggregate page-view signals. With your permission, we use Google Analytics, Microsoft Clarity, and Meta Pixel cookies or similar technologies to understand aggregate website and product usage, signup conversion, and campaign performance. If you choose only required cookies, Google Analytics is disabled on future pages, Microsoft Clarity is told that analytics storage is denied, and Meta Pixel is not loaded.

8. Your Rights (Including GDPR Rights for EU/EEA Users)

Wherever you're based, you can:

Access the data we hold about you
Correct inaccurate data
Delete your account and all associated data
Export your data in a portable format
Object to processing in certain circumstances
Withdraw consent where processing is based on consent

EU/EEA users have these rights under the GDPR. To exercise any of them, email [email protected]. We'll respond within 30 days.

If you believe we've mishandled your data, you have the right to lodge a complaint with your national data protection authority. If you're in Croatia, that's the Croatian Personal Data Protection Agency, AZOP.

9. Security

We take reasonable technical and organisational measures to protect your data: encrypted connections (HTTPS), encrypted sensitive integration credentials, no plain-text password storage, and restricted access to production systems. No system is perfectly secure, but we take this seriously.

Omnifill is designed to support GDPR-aware order processing by limiting use of customer order data to the service you request, keeping application data in the EU, supporting deletion requests, and maintaining a named EU privacy contact. We do not currently claim an independent GDPR certification or official GDPR seal.

10. Changes to This Policy

If we make material changes to this policy, we'll notify you by email and update the "Last updated" date at the top of this page. Continuing to use Omnifill after that date means you accept the updated policy.

11. Contact

For any privacy-related questions or data requests:

[email protected]

Glare Studios, LLC
131 Continental Dr
Newark, DE, US
+1 302 610 0190

We aim to respond within 5 business days.