Privacy policy

1. Who is responsible for your data

The data controller for Omit is laFlow, contactable at [email protected]. This address is reserved for legal and privacy correspondence; for product help, use the support form or the in-extension support function in the Omit side panel.

2. What data Omit handles

Data that stays on your device

The Omit extension stores all of your bookmarks, vault entries, ghost archive, settings, and your AI-provider API key in your browser's local storage (chrome.storage.local). This data does not leave your machine through any system we operate.

• We do not run analytics, telemetry, error reporting, or session recording.
• We do not assign you an account, user ID, or device identifier.
• We do not see what you save, what you read, or what you query.

Data we do receive

We only receive personal data in two narrow cases:

• Purchase email. When you buy Omit Pro, our payment processor passes us the email address you used at checkout, so we can issue your license and your invoice. See Payments.
• Correspondence. If you write to [email protected] or use the support form, we receive whatever you put in your message. Form submissions are routed to our private GitHub issue tracker so we can reply.

3. AI features and your own LLM key

Pro features (Ask AI, Smart Summaries, Reading Identity, link summaries) call Google Gemini directly from your browser using a free API key that you generate at Google AI Studio and paste into Omit's settings. The key lives in your browser's local storage and never reaches any server we operate.

When you trigger an AI action, the request goes from your browser to Google's generativelanguage.googleapis.com endpoint. It does not pass through Omit's infrastructure. What Google does with the request is governed by their Gemini API terms and their privacy policy. On Google's free tier, prompts and responses may be used to improve Google's models — enabling billing in AI Studio opts you out.

Some Pro features fetch the readable text of a page through the Jina Reader service (r.jina.ai) before sending it to Gemini. The page URL and content are passed through Jina; the request originates from your browser. The fetched content is held in an in-memory cache (max 50 entries, 10-minute TTL) so follow-up questions about the same page don't re-fetch.

Limited Use disclosure. Omit's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

4. Payments

One-time Pro payments are processed by Stripe. laFlow is the merchant of record. Stripe collects the data needed to take a payment (card details, billing country, email, and — where applicable for EU VAT — your tax status). We never see your full card details.

What we receive from Stripe and store on our payment infrastructure (omit-pay.aydinfer.workers.dev):

• The email address you used at checkout
• The Stripe payment / customer reference
• The amount, currency, and country, for VAT and bookkeeping purposes
• The license token issued to your installation

The legal basis for this processing is the contract between you and us (Art. 6(1)(b) GDPR) and our legal obligation to keep tax records (Art. 6(1)(c) GDPR).

5. Notion sync (optional, Pro)

If you connect Notion in Settings, you are taken through Notion's standard OAuth 2.0 authorization flow. Notion issues an access token bound to the workspace and pages you select. The token is sent to our infrastructure (omit-pay.aydinfer.workers.dev) and stored server-side in a Cloudflare D1 database, keyed to the email address tied to your Pro license. The extension itself never sees or stores the token.

We store the access token, refresh token, workspace ID, workspace name, bot ID, and the date you connected — nothing else. We use the token only to forward Notion API requests you initiate from the extension (search workspace, create page). We do not poll Notion in the background and we do not read your Notion content for any purpose.

When you export bookmarks to Notion, only the bookmarks you explicitly select in the synthesis sheet are sent to Notion's API. To revoke access, click Disconnect in the extension's Settings panel — this deletes the token from our database — or revoke the integration at notion.so/my-integrations.

The legal basis for this processing is the contract between you and us (Art. 6(1)(b) GDPR). Notion Labs Inc. is an independent controller for what it does with your workspace data once data reaches their platform.

6. Cookies and storage

The marketing site at getomit.pro sets no cookies, runs no analytics, and embeds no third-party tracking scripts or fonts. All assets — including web fonts — are served from our own origin, so no IP address is shared with any third party as a side effect of loading the page. Because no information is read from or written to your device beyond what is strictly necessary to render the site, no consent banner is required under Art. 5(3) of the ePrivacy Directive.

The Omit extension uses your browser's local storage to keep your bookmarks. This is strictly necessary to provide the service you installed and is therefore exempt from a separate consent prompt.

If you submit the support form, the data you enter is sent to a Cloudflare Worker we operate (omit-support.aydinfer.workers.dev) which forwards it to our public-ish issue tracker on GitHub (aydinfer/Omit). Your IP address is processed in transit by Cloudflare for the duration of the request only.

7. Your rights under GDPR / AVG

If you are in the EU/EEA, you have the following rights:

• Access — ask us what personal data we hold about you
• Rectification — ask us to correct it
• Erasure — ask us to delete it
• Portability — ask for a machine-readable copy
• Restriction — ask us to pause processing
• Objection — object to processing based on legitimate interest
• Complaint — lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the regulator in your country of residence.

To exercise any of these, write to [email protected] from the email address tied to your purchase. We respond within 30 days.

Note: most of your data is on your own device and is fully under your control. To delete it, uninstall the extension; to export it, use the export function inside the side panel.

8. How long we keep data

• Payment and invoice records: seven years, as required by Dutch tax law (Art. 52 Algemene wet inzake rijksbelastingen).
• Notion access tokens: until you disconnect Notion in Settings (which deletes the token immediately) or revoke the integration from Notion's side.
• Correspondence and support tickets: kept as long as needed to handle the case, then deleted within 12 months unless they form part of a payment record.
• Local data inside the extension: kept until you delete it or uninstall the extension. We have no copy.

9. International transfers

Stripe processes EU payments through Stripe Payments Europe Ltd. (Ireland); transfers to Stripe entities outside the EEA rely on the European Commission's Standard Contractual Clauses (SCCs).

Google Gemini, used as described in section 3, is operated by Google LLC (United States). Queries and your API key travel from your browser to Google; we do not act as an intermediary. Google relies on SCCs and, where applicable, self-certification under the EU–US Data Privacy Framework.

Notion sync, when enabled, transfers the bookmarks you choose to send to Notion Labs Inc. (United States) under SCCs.

Jina Reader requests (section 3) are processed by Jina AI GmbH (Germany), with infrastructure inside the EEA; transfers do not leave the EEA unless Jina's own routing requires it.

10. Changes to this policy

If we change this policy in a way that affects how we handle your data, we update the date at the top and note the change in the changelog. We do not silently revise it.

11. Contact

Privacy questions, GDPR requests, and complaints: [email protected].