Omnistream

Privacy Policy

Last updated: 1 June 2026

1. Who We Are

Omnistream (“we”, “our”, “us”) is a B2B financial intelligence platform that helps Indian businesses analyse bank statements, identify cost-recovery opportunities, and manage invoices. We act as the Data Fiduciary for the personal data described below and are committed to protecting it in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Data We Collect

  • Phone number (for authentication via OTP)
  • Business name, GSTIN, PAN, owner email (optional, set in Settings)
  • Bank statements you upload (PDF files)
  • Parsed transaction data and X-Ray analysis results
  • Invoice and buyer-contact data you create within the platform
  • Limited technical/usage logs and email open events (see Section 8)

3. How We Use Your Data

  • To provide bank statement analysis and X-Ray findings
  • To generate, send, and track invoices on your behalf
  • To calculate financial impact and queue actionable items
  • To send OTP authentication messages and transactional emails
  • To operate, secure, and improve the service

We process this data to perform our contract with you and for our legitimate business purposes of operating the service. We do not sell your data or use it for third-party advertising.

4. AI Processing of Your Statements

To generate X-Ray findings and extract invoice details, transaction text from your statements is processed by our AI sub-processor, Anthropic (Claude API). This processing may occur on infrastructure located outside India. Anthropic processes this content only to return analysis results to us and does not use your data to train its models under our API terms. We send only the data needed for the analysis.

5. Data Storage

Your records are stored in Supabase infrastructure in the Mumbai (ap-south-1) region. Bank statement PDFs are held in encrypted object storage, and database records are encrypted at rest. Access is isolated per organisation using row-level security.

6. Data Retention

Your uploaded statement PDF is deleted from storage immediately after a successful parse. If a parse fails, the file is retained for no more than 72 hours to allow re-processing, after which it is removed; as a backstop, any residual statement files are purged within 90 days. Parsed transaction data, findings, and invoices are retained while your account is active and are removed when you delete your data or close your account.

7. Your Rights Under the DPDP Act

As a Data Principal you have the right to access, correct, and erase your personal data, to withdraw consent, to nominate another person to exercise your rights, and to grievance redressal. You can permanently delete all your data at any time using Settings → Delete All My Data — this is immediate and irreversible. For any other request, contact our Grievance Officer (Section 9).

8. Cookies, Tracking & Analytics

We use essential session cookies required for authentication. We may use privacy-respecting product analytics (such as PostHog) to understand feature usage and improve the service; we do not use third-party advertising or cross-site tracking cookies. Our invoice and collection emails include a standard 1×1 open-tracking pixel so we can show you whether an invoice email was opened; you can block remote images in your email client to opt out.

9. Third-Party Sub-Processors

  • Supabase — database, auth, and encrypted storage (Mumbai region).
  • Anthropic — AI processing of statement/invoice text (see Section 4).
  • Razorpay — payment processing. We never store card details; Razorpay is PCI-DSS Level 1 certified.
  • MSG91 — OTP delivery (processes your phone number only).
  • Resend — transactional and collection email delivery.
  • Vercel — application hosting.

10. Grievance Officer & Contact

In accordance with the DPDP Act 2023, our Grievance Officer is [Grievance Officer name]. For privacy questions, data requests, or complaints, contact privacy@omnistream.in (we aim to respond within the timelines required by law). You may also reach us via our Contact page.