Privacy Policy

Last updated: April 22, 2026

NiceMatrix Technologies Inc. (“Company”, “we”, “us”, or “our”) operates OmniFire at omnifire.app (the “Service”). This Privacy Policy (the “Policy”) explains what personal information we collect, how we use and share it, your rights, and how you can contact us. By accessing or using the Service, you agree to the practices described in this Policy. Capitalized terms used but not defined here have the meaning given to them in our Terms of Service.

We are the data controller for the personal information described below, except where we act as a data processor on behalf of a workspace owner (for example, when one of your team members uploads content into a workspace you own).

1. Information We Collect

1.1 Account Information

When you create an account through our authentication provider (Logto SSO), we receive and store:

• Your name and email address
• A unique user identifier issued by our SSO provider
• Optional profile details you choose to provide (display name, avatar, language)

We do not store your authentication passwords — these are managed entirely by our SSO provider (Logto).

1.2 Social Media Account Connections

When you connect a third-party social media platform to OmniFire through OAuth, we collect and store:

• OAuth access tokens and refresh tokens (encrypted at rest)
• Platform-specific user IDs, page IDs, channel IDs, or equivalent identifiers
• Account names, display names, and avatar URLs made available by the platform
• Scopes and permissions granted by you during the OAuth flow

1.3 Content Data

We store the content you create and manage through the Service, including:

• Posts, drafts, scheduled content, and editorial comments (text and metadata)
• Media files (images, video, audio) you upload to the Service
• Publishing history, delivery status, and per-platform response metadata
• Workflow events (submissions, approvals, rejections, and change requests)

1.4 Workspace and Collaboration Data

If you create or join a workspace, we also collect information that supports team collaboration:

• Workspace name, plan, and configuration
• Member roles and permissions (owner / admin / reviewer / editor)
• Client records (brands or customers you manage), and their connected accounts
• Activity and audit logs within the workspace

1.5 Usage Data

We automatically collect information about how you use the Service:

• Feature usage events and action logs
• Error reports and diagnostic data
• Timestamps, user agent, referring URL, and pages visited

1.6 Payment Information

Payment processing is handled by Stripe, Inc. We do not store full card numbers, CVV codes, or other sensitive cardholder data. Stripe provides us with:

• Last four digits of your card and card brand
• Card expiry (month/year)
• Billing country and postal/zip code
• Subscription, invoice, and transaction records
• Tax information where required by applicable law

1.7 Technical Data

We collect technical information including:

• IP address and approximate location derived from it
• Browser type and version
• Device type and operating system
• Date and time of access and session identifiers

1.8 Communications

If you contact us by email or through in-product messaging, we retain the content of your messages together with your email address so that we can respond and keep a service history.

2. How We Use Your Information; Legal Bases

We use the information we collect for the purposes listed below. Where the General Data Protection Regulation (“GDPR”) or a similar law applies, the corresponding legal basis is shown in brackets.

• Provide the Service — manage your account, publish your content to connected platforms, store your drafts and media, enable team collaboration [performance of a contract].
• Process payments — handle subscription billing, taxes, renewals, refunds, and manage account status [performance of a contract; legal obligation].
• AI content polishing — when you use AI-assisted features, the text or media you submit is sent to third-party AI providers (for example, OpenAI) solely to generate the suggestions you request. We do not use your content to train our own AI models, and we configure our providers to opt out of training on your data where that option is available [performance of a contract; consent].
• Send notifications — deliver transactional emails and SMS (for example, account confirmations, security alerts, subscription updates, publishing alerts); send marketing communications only where you have opted in, and you can unsubscribe at any time [contract; consent for marketing].
• Improve the Service — analyze usage patterns, diagnose bugs, improve performance, and develop new features, typically on an aggregated or anonymized basis [legitimate interest].
• Security and abuse prevention — detect and prevent fraud, abuse, credential stuffing, rate-limit evasion, and unauthorized access [legitimate interest; legal obligation].
• Comply with law — respond to lawful requests, enforce our Terms of Service, and protect our rights and the rights of our users [legal obligation; legitimate interest].

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

3. How We Share Your Information

We share personal information only with the categories of recipients listed below, and only to the extent necessary to operate the Service or comply with law. All service providers are contractually required to handle your data securely and use it only for the purposes we specify.

3.1 Connected Social Media Platforms

When you publish through OmniFire, the content and account metadata needed to complete the publication are transmitted to the platforms you have connected. Supported platforms include (without limitation) Twitter/X, Facebook, Instagram, Threads, LinkedIn, Pinterest, YouTube, TikTok, Weibo, WeChat Official Accounts, WeChat Channels (视频号), Xiaohongshu, Douyin, Bilibili, and Kuaishou. Each platform processes your data according to its own privacy policy and terms.

3.2 Identity and Authentication — Logto

Account authentication is handled by Logto. The name, email address, and SSO identifier you provide at sign-up are processed by Logto on our behalf.

3.3 Payment Processing — Stripe

Your payment information is processed by Stripe, Inc. Stripe’s handling of your data is governed by Stripe’s Privacy Policy.

3.4 AI Providers — OpenAI (and equivalent)

When you use AI-assisted features, the specific content you submit for processing is sent to our AI providers (currently OpenAI). We only send the content you choose to process; we do not forward unrelated data. OpenAI’s handling of this data is governed by their privacy policy.

3.5 Media Storage and CDN — Cloudflare

Media files you upload are stored on Cloudflare R2. Cloudflare also provides CDN, DNS, and security services that may process IP addresses and request metadata on our behalf. See Cloudflare’s Privacy Policy.

3.6 Email Delivery — Resend

Transactional emails are delivered through Resend, Inc. Your email address, message content, and delivery metadata are shared with Resend solely for delivery and bounce handling.

3.7 SMS Delivery — Twilio / Aliyun

Where you enable SMS notifications, your phone number and the message content are shared with our SMS providers (currently Twilio, Inc. and/or Alibaba Cloud Aliyun SMS) solely for delivery.

3.8 Hosting Infrastructure

Our application and databases are hosted on professionally managed cloud infrastructure with providers such as Hetzner Online GmbH. These providers process data only as necessary to provide hosting, network, and storage services.

3.9 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

3.10 Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable law, lawful requests from public authorities, court orders, or to protect the rights, property, or safety of the Company, our users, or the public.

4. Data Retention

We retain personal information only as long as necessary for the purposes set out in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Default retention guidelines:

• Account data: retained for the life of your account; deleted (or anonymized) within 30 days of account closure unless retention is required by law.
• Content data: retained for the life of the workspace it lives in; on workspace archival or owner deletion, content is purged within the windows below.
• Payment records: retained for at least 7 years to comply with Canadian and other applicable tax-record requirements.
• Audit logs and activity records: retained according to your plan tier (Pro 30 days, Business 180 days, Agency 365 days), then pruned automatically.
• Suspended workspaces: content is preserved for 90 days during the appeals window, then purged unless reinstated.
• Archived workspaces: content is preserved for 180 days, then purged unless re-activated.
• Closed accounts: personal information is deleted within 30 days; content data follows the workspace timeline above.
• Deleted media files: objects are removed from primary storage immediately and from CDN caches within 24 hours; backups are pruned within 35 days.

We may retain anonymized or aggregated data indefinitely for analytics and product improvement; such data cannot reasonably be used to identify you.

5. Data Security

We implement administrative, technical, and organizational measures designed to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption in transit (TLS) and at rest for sensitive data including OAuth tokens
• Access controls based on least-privilege principles for engineering and support staff
• Regular dependency updates, security patches, and vulnerability scanning
• Audit logging of administrative actions and access to user data
• Segregation of production and non-production environments; staging uses masked data
• Backup and disaster-recovery procedures, with restoration tested periodically

No security measure is perfect. We cannot guarantee that unauthorized access will never occur, and you are responsible for maintaining the confidentiality of your account credentials.

6. Data Breach Notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected users without undue delay. Notice will describe the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken or propose to take. Where applicable, we will also notify you at the email address associated with your account or by posting a notice on the Service. If you suspect a security incident, please contact us at [email protected] immediately.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: ask us to delete personal information, subject to legal retention obligations.
• Portability: receive your information in a structured, commonly used, machine-readable format.
• Objection / restriction: object to or ask us to limit certain processing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
• Lodge a complaint: with your local data-protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within the time required by applicable law (typically 30 days).

7.1 For EU/EEA and UK Residents (GDPR / UK GDPR)

In addition to the rights above, you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you. We do not currently make automated decisions of this kind. If we ever do, we will provide notice and the option to request human review.

7.2 For Canadian Residents (PIPEDA)

You have the right to access your personal information, request corrections, and file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have mishandled your information.

7.3 For California Residents (CCPA / CPRA)

California's California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA / CPRA), gives you additional rights, including the right to know what personal information we have collected about you, the right to delete or correct that information, the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising these rights. We do not sell personal information and do not share it for cross-context behavioral advertising. You may exercise your rights by contacting us at the email below.

8. Cookies

We use a minimal set of cookies, all strictly necessary for the Service to function:

• Session cookies: essential for authentication and maintaining your logged-in session.
• Preference cookies: remember your language and theme preferences.
• Workspace cookie: remembers which workspace you last used so the app loads in the right context.

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies, and we do not participate in advertising networks.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at [email protected].

10. International Data Transfers

NiceMatrix Technologies Inc. is established in Canada. Your data may be transferred to and processed in countries other than your country of residence, including Canada, the United States, the European Union, and any region where our service providers operate. We implement appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses, equivalent UK international data transfer mechanisms, and relying on adequacy decisions where available.

11. Third-Party Links

The Service may contain links to third-party websites or platforms. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. Please review the privacy policies of any third party you visit.

12. Governing Law

This Policy is governed by the laws of the Province of Alberta, Canada, without regard to its conflict-of-laws principles, and subject to any mandatory consumer-protection or data-protection law that applies in your jurisdiction.

13. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy on the Service with a new “Last updated” date and, where appropriate, notify you by email. Your continued use of the Service after the updated Policy takes effect constitutes acceptance of the changes.

14. Contact Us

If you have questions or concerns about this Policy or our data practices, please contact us:

• Email: [email protected]
• Company: NiceMatrix Technologies Inc.
• Location: Alberta, Canada