Vector

1. Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

(a) Business Contacts & Service Users
Name, job title, company, work location, and contact details.Communications (email, chat, video calls).Service-related data (support tickets, project details, service history).

(b) Platform Users (SaaS Application)
Login details (username, email, password [hashed]).IP address, browser agent.Log data and activity in our platform.User IDs from identity providers (if using SSO).

(c) Ad Account Connections
Ad Account IDs, Advertiser IDs.Access tokens and user identification data from Online Advertising Platforms.Campaign logs, metrics, and event data.

(d) External Users Invited by Customers
Name, email, comments, action logs, notifications.

(e) Google & YouTube Integrations
Google User IDs and OAuth tokens (for account authentication).YouTube channel IDs and titles.Campaign and performance data (aggregated, non-identifying).

(f) Training, Learning & Certifications
Registration details, login, course progress, certifications.Feedback and communications.

(g) Community Users (if applicable)
Profile information (job title, bio, photo, country).Comments, posts, and log data.

(h) Website Visitors & Marketing
Contact details from web forms and demo requests.Cookies (essential, analytics, personalization, marketing).Newsletter subscriptions, downloads, event sign-ups.

(i) Event Participants
Registration information (name, contact, company).Participation details, feedback.Sensitive data (dietary or accessibility needs) only with consent.

(j) Contracting & Invoicing
Business representative details.Communications, invoicing, and payment records.

2. Purposes of Processing

We process personal data to:
-Provide and deliver our SaaS platform and managed services.
-Authenticate and authorize users.
-Connect and manage ad accounts across online advertising platforms.
-Provide customer support and maintain service records.
-Conduct audits, ensure security, and investigate incidents.
-Improve our services, features, and performance.
-Manage relationships with customers, suppliers, and partners.
-Conduct marketing, lead generation, and send newsletters (with opt-out rights).
-Organize training, certifications, and community activities.
-Arrange events, webinars, and seminars.
-Perform contracting, invoicing, and comply with accounting/legal obligations.

3. Legal Basis for Processing

We process data on the following bases:
Contract necessity: to deliver services requested.
Legitimate interests: service improvement, marketing to business contacts, event management, security.
Consent: cookies, newsletters, sensitive event data.
Legal obligations: accounting, reporting, regulatory compliance.

4. Data Retention

Default retention: 3 years after last contact, unless earlier anonymized or deleted.
Specific rules:
-Ad platform tokens/data: deleted after revocation or contract termination.
-Logs: deleted according to system lifecycle (e.g., 90 days for backups).
-Training data: deleted when outdated or 1 year after deactivation.
-Community logs: deleted 12 months post-account deletion; posts anonymized.
-Event data: deleted once no longer required, unless legally required to retain.

5. Data Sharing & Transfers

We may share personal data with:
-Online Advertising Platforms (Meta, Google, TikTok, Snapchat, etc.).
-Our service providers (cloud hosting, analytics, CRM, support tools).
-Other users within the Customer’s organization.
-Affiliates and subcontractors assisting in service delivery.

International Transfers:
Data may be transferred outside KSA/UAE/Qatar/EU/UK (e.g., US, Singapore). Transfers are safeguarded by:
-Standard Contractual Clauses (SCCs),
-Adequacy decisions, or
-Other lawful transfer mechanisms.

6. Data Security

We implement appropriate technical and organizational measures to protect data from unauthorized access, disclosure, or alteration. Measures include encryption, access controls, logging, and regular audits.

7. Data Subject Rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA), you have rights to:
-Access your personal data.
-Request rectification or erasure.
-Restrict or object to processing.
-Data portability (receive and transfer your data).
-Withdraw consent at any time.
-File a complaint with a supervisory authority.

CCPA Rights: You also have the right to opt out of sale/sharing of personal data (Onmo.ai does not sell data), and will not face discrimination for exercising your rights.

8. Cookies & Marketing

We use essential cookies (necessary for site functionality) and, with consent, analytics, personalization, and marketing cookies.

You may opt out of marketing communications at any time by clicking “unsubscribe” or contacting us.

We may use business contact data (job title, company, role) for targeted B2B marketing.

9. Events

If you register for events, we process your details to organize participation. Sensitive data (dietary needs, disability info) is processed only with consent.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice (via website, email, or platform). If you disagree, you must stop using our services.

11. Contact Information

If you have any questions or wish to exercise your rights, please contact us:

Onmo For Services L.L.C.
Rafal Tower, Lusail, Qatar
Email: privacy@onmo.ai

ANNEX A – DATA PROCESSING AGREEMENT (DPA)

1. Parties
Customer: Data Controller
Onmo.ai: Data Processor

2. Purpose & Duration
Onmo.ai processes Personal Data on behalf of the Customer solely to provide the Services, for the duration of the Agreement, unless otherwise required by law.

3. Categories of Data
Device IDs, ad account IDs, campaign data.
User log data (for authentication, support, audit).
Customer personnel details (names, emails, roles).

4. Obligations of Onmo.ai
Process only on documented Customer instructions.
Ensure confidentiality of personnel handling data.
Implement appropriate technical and organizational security measures.
Assist Customer in fulfilling data subject rights (access, deletion, portability).
Notify Customer without undue delay of any data breach.
Make available evidence of compliance (audit reports, certifications).

5. Sub-processors
Onmo.ai may engage sub-processors (e.g., cloud hosting, analytics, MMP integrations). Customer will be informed of new sub-processors. Onmo.ai remains fully liable for their actions.

6. International Transfers
Transfers outside GCC/EU/UK will be safeguarded using SCCs or other lawful mechanisms.

7. Data Breach Notification
Onmo.ai shall notify Customer of breaches without undue delay, including nature, impact, and remedial measures.

8. Return & Deletion
Upon termination, Onmo.ai will delete or return all Personal Data unless retention is required by law.

9. Audit Rights
Customer may audit once annually on reasonable notice or review Onmo.ai’s independent audit reports.

Vector
full-width-image

Ready to Join Us?

We’re excited to hear from talented individuals who want to help build something exceptional. Click below to submit your CV and tell us a little more about yourself.

Submit your CV
white-logo
Smarter Advertising Effortless Growth

We help enterprise teams drive scalable performance through AI-powered marketing, unified data, and strategic execution.

Privacy PolicyTerms & Conditions