How we protect your business

When you connect your Google Business Profile, authentication happens directly between your browser and Google via OAuth 2.0. Ominvo receives an access token only — your Google username and password are never transmitted to or stored on our servers at any point.

Every connection between your browser and Ominvo is encrypted via HTTPS/TLS. Your account data, review data, and AI responses are stored in Supabase with encryption at rest. We use industry-standard AES-256 encryption for stored data.

Ominvo uses Supabase row-level security (RLS) on every table. This means database queries are enforced at the row level — your reviews, AI responses, and account settings are mathematically inaccessible to any other Ominvo user, even in the event of an application-level bug.

When you generate an AI reply draft, only the text of the review is sent to Anthropic's API. Your business name, email address, payment details, and account information are never included in AI processing requests. Anthropic's data usage policies apply to this data.

All billing and payment processing is handled entirely by Stripe. Ominvo never sees, stores, or logs your card number, CVV, or full billing details. Our servers only receive a Stripe customer ID and subscription status.

In the event of a confirmed security breach affecting your data, we will notify you by email within 72 hours of discovery, in accordance with standard data breach notification requirements. We will include the nature of the breach, data affected, and steps we have taken.