Omnirev - Privacy Policy

Last Updated: Nov 25, 2025

DineEasy Holdings Inc. (doing business as Omnirev)

Based in British Columbia, Canada

‍

Omnirev (“Omnirev,” “we,” “us,” or “our”) provides an AI-powered CRM and automation platform designed to help restaurant brands manage and grow their catering sales. This Privacy Policy explains how we collect, use, store, and protect personal information when clients use our services, websites, mobile applications, and integrated systems (collectively, the “Services”).

We are committed to maintaining the privacy and security of all data entrusted to us. By using our Services, you agree to the practices described in this Privacy Policy.

‍

1. Information We Collect

We collect only the information necessary to deliver and improve our Services.

1.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Password (hashed and salted; we never store plaintext passwords)
• Organization name
• Role and permission settings

1.2 Email Metadata & Content (OAuth Integrations)

Omnirev integrates with Gmail and Outlook using OAuth 2.0. We do not store or access user passwords.

With your authorization, we may sync:

• Email metadata (sender, recipient, timestamp, subject)
• Email content
• Attachments where applicable

Only emails exchanged between authenticated users and CRM contacts stored within your Omnirev account are synced and stored. All other emails are automatically ignored and never processed, stored, or logged.

Omnirev personnel do not access or review the content of synchronized emails except when explicitly requested by the client for support or troubleshooting purposes and only with proper authorization.

1.3 Imported Customer Data

Clients may configure Omnirev to import limited customer information from online ordering systems, including:

• Name
• Email address
• Order history and frequency
• Business or organization data

We do not import or access payment card numbers or sensitive financial data.

1.4 Usage Data

To maintain and improve the platform, we collect:

• Log data (IP address, browser type, device information)
• Feature usage patterns
• System events and performance diagnostics
• Interaction data within the dashboard

This information is used strictly for service optimization, reliability, and security monitoring.

2. How We Use Information

We use collected information to:

• Deliver and operate our CRM and automation tools
• Provide customer support and technical assistance
• Improve system performance and develop new features
• Maintain platform security and detect unauthorized activity
• Generate anonymized, aggregated analytics for internal improvements

When enabled by the client, Omnirev may collect email engagement metrics such as open and click rates to provide performance insights within the client’s CRM. This feature is optional, controlled via a feature flag, and all engagement data remains confined to the client’s account.

Omnirev does not use customer data or email content for machine learning model training, behavioral profiling, advertising, or any commercial purpose outside of delivering the contracted Services.

3. Email Integrations, Access Control & Revocation

3.1 OAuth 2.0

Access to Gmail and Outlook is granted exclusively through OAuth 2.0. We do not collect or store your email login credentials.

3.2 Limited Use Compliance

Omnirev complies fully with the Google API Services User Data Policy, including its Limited Use requirements. Synced email data is used solely to provide CRM functionality and is never sold, shared for advertising, or used for any unrelated purpose.

3.3 Revoking Access

Users can revoke email integration access at any time:

• Directly in Google or Microsoft account settings; or
• From within the Omnirev platform via account settings

Once revoked, Omnirev stops syncing emails and deletes cached email access tokens.

4. Data Ownership and Processing Roles

All client data imported into or generated within Omnirev — including emails, contacts, customer information, and CRM activity — belongs exclusively to the client organization.

Omnirev acts solely as a data processor, while client organizations remain the data controllers for all customer data processed through the platform.

5. Data Storage & Security

We implement strict administrative, technical, and physical safeguards to protect your information.

5.1 Encryption

• All data is encrypted in transit using TLS 1.2+
• All data is encrypted at rest on Google Cloud Platform (GCP)

5.2 Secure Hosting

Our infrastructure is hosted on Google Cloud Platform, which maintains industry-leading certifications including ISO 27001, SOC 1/2/3, and related security standards.

5.3 Internal Access Controls

Access to client data is strictly limited to authorized personnel who require it to provide support or maintain the platform. All internal access is logged and monitored.

6. Sharing of Information

Omnirev does not:

• Sell client data
• Share data with advertisers
• Share data with third parties for marketing or profiling
• Use data for purposes unrelated to delivering the Services

We may share information only with:

• Trusted sub-processors such as Google Cloud Platform, used strictly for hosting and infrastructure purposes and bound by confidentiality and data protection requirements
• Government authorities, if required by law or lawful request

7. International Compliance

Omnirev adheres to global data protection standards and complies with:

• PIPEDA (Canada)
• GDPR (European Union)
• CCPA / CPRA (California, USA)
• Google API Services User Data Policy (Limited Use)

Where required, Omnirev enters into Data Processing Agreements (DPAs) and standard contractual clauses for international data transfers.

8. Retention & Deletion

We retain personal data only for as long as necessary to deliver the Services or comply with applicable legal obligations.

8.1 Account Termination

Upon account closure or written request:

• All stored data is deleted within 30 days
• Backups containing client data are purged on the next scheduled cycle (no later than 30 days thereafter)

8.2 Email Token Revocation

OAuth tokens are deleted immediately upon access revocation.

9. Children’s Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your data
• Correct or update your data
• Request deletion
• Object to processing
• Request data portability
• Withdraw consent

Requests can be submitted to: contact@omnirev.ai

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page, and the “Last Updated” date will be revised accordingly.

12. Contact Information

For questions, concerns, or privacy-related requests, contact us at:

Omnirev Inc.

Email: contact@omnirev.ai

British Columbia, Canada

13. Governing Law

This Privacy Policy is governed by the laws of the Province of British Columbia, Canada.

‍