Privacy Policy – KI Resepsjonist
This Privacy Policy explains how KI Resepsjonist (the "Service") collects, uses, stores, and protects personal data when you use our platform. We are committed to handling your personal data transparently and in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this policy carefully alongside our Terms and Conditions.
1. Data Controller
The Service is operated by:
OMNII SYSTEMS ASOrg. no. 918677917
Lørenveien 73A
0585 OSLO
NO
hallo@omnii.no
We act as the data controller for personal data collected from registered users of the platform (account holders, administrators, and billing contacts). Where you use the Service to handle data about your own customers or callers, you act as the data controller for that data and we act as your data processor. A Data Processing Agreement (DPA) is available on request at hallo@omnii.no.
2. Personal Data We Collect
2.1 Account and Registration Data
When you create an account we collect your first name, last name, company name, and e-mail address. If you register via a social provider (Google, Facebook, Microsoft), we receive the profile information you authorise that provider to share.
2.2 Billing and Payment Data
When you subscribe to a paid plan we collect billing name, address, and VAT number where applicable. Full card details are collected and stored exclusively by our payment processor Stripe, Inc. — we only receive a tokenised reference and the last four digits of your card.
2.3 Usage and Platform Data
We collect information about how you use the platform, including pages visited, features used, session duration, settings configured, and actions taken within the dashboard.
2.4 Call and Conversation Data
If you enable telephony features, the Service may store call recordings, transcripts, and associated metadata (caller number, call duration, timestamps) for the purpose of delivering AI-powered features, analytics, and quality assurance. You are responsible for informing callers that calls may be recorded.
2.5 Knowledge Base Content
Any text, documents, or website content you upload to configure your AI receptionist is stored and used solely to generate responses on your behalf.
2.6 Technical and Device Data
We automatically collect IP addresses, browser type and version, operating system, referring URLs, and other standard server log data when you access the Service.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR Article 6) |
|---|---|
| Providing and operating the Service | Art. 6(1)(b) — Performance of a contract |
| Processing payments and managing subscriptions | Art. 6(1)(b) — Performance of a contract |
| Sending transactional e-mails (confirmations, invoices, alerts) | Art. 6(1)(b) — Performance of a contract |
| Detecting and preventing fraud or security incidents | Art. 6(1)(f) — Legitimate interests |
| Improving and developing the Service | Art. 6(1)(f) — Legitimate interests |
| Complying with legal obligations (tax records, audit trails) | Art. 6(1)(c) — Legal obligation |
| Sending marketing communications (where opted in) | Art. 6(1)(a) — Consent |
4. Third-Party Processors
We share personal data only with trusted third-party processors who are contractually bound to process it on our behalf and in accordance with GDPR requirements.
4.1 OpenAI
Conversation text, knowledge-base content, and user queries are sent to OpenAI, L.L.C. to generate AI responses. OpenAI processes this data as a sub-processor under our API agreement, which includes terms that prevent your data from being used to train OpenAI's models. See OpenAI's Privacy Policy.
4.2 Telnyx
Call audio, SIP signalling data, and telephony metadata are processed by Telnyx LLC to deliver call handling and voice AI features. See Telnyx's Privacy Policy.
4.3 Stripe
Payment card data and billing information are processed by Stripe, Inc. Stripe is certified to PCI DSS Level 1 — the highest standard for card-data security. See Stripe's Privacy Policy.
4.4 Google Analytics
Anonymised usage data (page views, session data, browser/device information) is sent to Google LLC via Google Analytics to help us understand platform usage. IP addresses are anonymised before being stored. See Google's Privacy Policy. You can opt out using the Google Analytics Opt-out Browser Add-on.
4.5 Google Fonts
The Service loads fonts from Google Fonts, which may result in your IP address being sent to Google's servers. We use font-display preloading to minimise this where possible.
4.6 Identity Providers (Social Login)
If you choose to sign in with Google, Facebook, or Microsoft, the relevant identity provider will share your authenticated profile data with us under the permissions you grant during authorisation.
5. International Data Transfers
Some of our third-party processors (including OpenAI and Stripe) are based in the United States. Data transfers to the US are safeguarded by the EU–US Data Privacy Framework, Standard Contractual Clauses, or equivalent transfer mechanisms approved by the European Commission, ensuring your data receives a level of protection equivalent to that within the EEA.
6. Data Retention
We retain your personal data for as long as your account is active, or as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:
- Account data: Retained for the duration of your account and deleted within 90 days of account closure upon request.
- Call recordings and transcripts: Retained for up to 12 months by default; configurable per your account settings.
- Billing records: Retained for 7 years to comply with tax and accounting obligations.
- Server logs: Retained for up to 90 days.
7. Your Rights Under GDPR
If you are located in the EEA, UK, or another jurisdiction with equivalent data protection laws, you have the following rights regarding your personal data:
- Right of access — obtain a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to restriction of processing — request that we limit how we use your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hallo@omnii.no. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.
8. Cookies
The Service uses cookies and similar tracking technologies. A summary of the cookies we use:
| Cookie | Purpose | Duration |
|---|---|---|
.AspNetCore.Session |
Maintains your login session | Session |
.AspNetCore.Identity.Application |
Authentication cookie | 14 days |
__stripe_* |
Fraud prevention (Stripe) | Up to 1 year |
_ga, _gid, _gat |
Usage analytics (Google Analytics) | Up to 2 years |
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include TLS encryption in transit, encrypted storage at rest, role-based access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure and we cannot guarantee absolute security.
10. Children's Privacy
The Service is intended for business use and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hallo@omnii.no and we will promptly delete it.
11. Links to Other Websites
The Service may contain links to third-party websites. This Privacy Policy does not apply to those sites, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party site you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by e-mail or by posting a prominent notice on the Service at least 14 days before the changes take effect. The date at the top of this page indicates when the policy was last updated.
13. Contact and Data Protection Enquiries
For any questions about this Privacy Policy, to exercise your data protection rights, or to request a Data Processing Agreement, please contact us:
OMNII SYSTEMS ASOrg. no. 918677917
Lørenveien 73A
0585 OSLO
NO
hallo@omnii.no