Privacy Policy

This Privacy Policy describes how Omnivoo Inc. (a Delaware, USA corporation, the US-incorporated parent) and Dynalize Technologies Pvt Ltd (India, the operating entity for India EOR services) (collectively, "Omnivoo," "we," "us," or "our") collect, use, share, and protect your personal information when you use our platform at omnivoo.com and app.omnivoo.com (the "Platform"). Omnivoo offers two co-equal products: (1) India EOR via Dynalize Technologies Pvt Ltd, from $149 per employee per month across all 28 Indian states, covering statutory benefits, Provident Fund (PF), Employee State Insurance (ESI), Tax Deducted at Source (TDS), professional tax, and Form 16, and (2) Contract Management for global contractor payments at $49 per contractor per month across 120+ countries, including W-8BEN and W-8BEN-E collection, verified IRS tax treaty rates, 1042-S handling, and country-aware SOW, MSA, NDA, and DPA templates.

By using our Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

1. Information We Collect

Personal Information

• Full name, email address, phone number, and mailing address
• Date of birth, gender, and nationality
• Government-issued identification numbers (Aadhaar, PAN, passport)
• Profile photos and digital signatures
• Login credentials and authentication data

Employment Data

• Employment contracts, offer letters, and engagement terms
• Job title, department, work location, and reporting structure
• Compensation details including salary, bonuses, and benefits
• Leave records, attendance data, and timesheet submissions
• Performance records and employment history
• Emergency contact information and nominee details

Financial Data

• Bank account details for salary disbursement
• Tax-related information (PAN, Form 16, investment declarations for TDS)
• Provident Fund (PF) and Employee State Insurance (ESI) account details
• Payment transaction history and payslip records
• Billing information for employer accounts (processed via our payment partners)

Contractor and Cross-Border Tax Data (Contract Management)

• W-8BEN and W-8BEN-E forms collected from contractors paid through US clients
• IRS tax treaty residency declarations and supporting documentation
• 1042-S withholding records and related US tax reporting data
• Country of tax residence and foreign tax identification numbers
• Contractor bank account, wallet, or local payout details for cross-border disbursement
• Signed SOW, MSA, NDA, and DPA documents and related contract metadata

Usage Data

• IP address, browser type, device information, and operating system
• Pages visited, features used, and time spent on the Platform
• Referral URLs and interaction patterns
• Error logs and performance data

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account Setup: When you ask to try the product through our website, we create a pending account for you and pre-fill your setup with the details you provided, so you can start using Omnivoo without entering them again. A pending account is activated when you verify your email
• EOR Services: To act as the Employer of Record in India, including hiring, onboarding, and managing employees on behalf of client companies
• Payroll Processing: To calculate and disburse salaries, including statutory deductions for Provident Fund (PF), Employee State Insurance (ESI), Tax Deducted at Source (TDS), and Professional Tax
• India Compliance: To file statutory returns, generate compliance reports, and ensure adherence to Indian labour laws across all 28 states, and, for Contract Management clients, to support IRS reporting, contractor tax withholding, and tax treaty validation
• Contract Management (Global Contractors): To collect W-8BEN and W-8BEN-E forms, apply verified IRS tax treaty rates, issue 1042-S, generate country-aware SOW, MSA, NDA, and DPA documents, and process contractor payouts across 120+ countries
• Contract Management (Employment Documents): To create, manage, and store employment contracts and engagement agreements for EOR employees
• Benefits Administration: To administer employee benefits programs including insurance, leave policies, and other entitlements
• Communications: To send transactional emails (payslips, contract notifications, compliance updates) and, with your consent, marketing communications about our services
• Inquiry Routing: When you submit an inquiry through our website, we may use your IP address to estimate your approximate country so we can route your request to the right team. Only the approximate country is derived, and the raw IP address is not retained for this purpose beyond the lookup itself
• Platform Improvement: To analyze usage patterns, fix bugs, and improve the Platform's features and performance
• Legal Obligations: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents

3. How We Share Your Information

We do not sell your personal information. We share your data only in the following circumstances:

• With Employers: We share employee data with client companies as necessary to fulfil our EOR obligations. This includes employment records, payroll summaries, and compliance documentation
• Government Authorities: We submit data to Indian government bodies as required by law, including EPFO (for Provident Fund), ESIC (for ESI), the Income Tax Department (for TDS filings), and state-level Professional Tax authorities
• Payment Partners: We use third-party payment partners to execute domestic and cross-border payments, including Cashfree as the India domestic rail and international payout rails such as Wise and Payoneer that together support disbursement across the 120+ countries covered by Contract Management. These partners receive only the financial and identifying data necessary to execute transactions and comply with anti-money-laundering rules
• Cloud and Operational Sub-Processors: We use Amazon Web Services (AWS) and Google Cloud for infrastructure, storage, and other operational services, alongside additional sub-processors for e-signature, email delivery, and document storage used by Contract Management. A current list of sub-processors is available on request to contact@omnivoo.com. All sub-processors process data on our behalf under written contractual obligations
• Professional Advisors: We may share information with auditors, legal counsel, and consultants as needed for business operations and compliance
• Legal Requirements: We may disclose information when required by law, subpoena, court order, or governmental regulation
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change

4. Data Security

We implement industry-standard security measures to protect your personal information:

• All data in transit is encrypted using TLS 1.2 or higher
• Data at rest is encrypted using AES-256 encryption
• Authentication is managed through secure HTTP-only cookies and signed session tokens, with automatic session refresh
• Access to personal data is restricted on a need-to-know basis with role-based access controls
• Support staff access to user accounts is read-only, requires a documented reason, and is fully audited
• We conduct regular security assessments and vulnerability testing
• Our infrastructure is hosted on SOC 2-compliant cloud providers

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practical standards.

5. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data is retained for the duration of the employment relationship or service agreement
• Post-Termination: Employment records, payroll data, and tax filings are retained for a minimum of 8 years after the end of the employment relationship, as required by Indian labour and tax laws
• Financial Records: Transaction records and invoices are retained for a minimum of 8 years in accordance with the Indian Companies Act and Income Tax Act
• Contractor Tax Records (Contract Management): W-8BEN and W-8BEN-E forms, 1042-S withholding records, and related contractor tax documentation are retained for the longer of the form validity period (generally three calendar years after the year of signature for W-8 forms) plus the applicable IRS statute of limitations, and for any longer period required by the contractor's country of tax residence
• Usage Data: Anonymized usage data may be retained indefinitely for analytics purposes
• Leads and Unverified Accounts: Information from website form submissions, and pending accounts that are never activated (email never verified), is retained for up to 12 months, after which it is deleted or anonymized unless you have since become an active customer
• Account Deletion: Upon request, we will delete or anonymize your personal data, except where retention is required by law

6. International Data Transfers

Omnivoo operates across the United States and India and serves clients and contractors in 120+ countries. Your personal information may be transferred to and processed in countries other than your country of residence:

• US-India Transfers: Data flows between Omnivoo Inc. (Delaware, USA) and Dynalize Technologies Pvt Ltd (India) as necessary to deliver our services
• Global Contractor Payout Flows: For Contract Management, contractor identity, tax, and payout data is transferred to our payment partners and to local banking systems in the contractor's country of residence so that cross-border payments can be settled in local currency
• EEA and UK Transfers: Where personal data of individuals in the European Economic Area or the United Kingdom is transferred outside those regions, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, for UK data, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs, together with supplementary measures where required
• Safeguards: We implement appropriate contractual and organizational safeguards to protect your data during international transfers, including standard contractual clauses and data processing agreements with sub-processors
• Indian Data Protection: We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and related regulations for data processed in India
• US Data Protection: For data processed in the United States, we comply with applicable federal and state privacy laws

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request your data in a structured, commonly used, machine-readable format
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing
• Grievance Redressal: Under the DPDPA, you have the right to file a complaint with the Data Protection Board of India

To exercise any of these rights, please contact us at contact@omnivoo.com. We will respond to your request within 30 days.

Grievance Officer (DPDPA): For India data subjects, our designated Grievance Officer can be reached at contact@omnivoo.com, attention: Grievance Officer, Dynalize Technologies Pvt Ltd. We will acknowledge grievances within the timelines required by the Digital Personal Data Protection Act, 2023 and applicable rules.

8. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve our Platform:

• Essential Cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled
• Analytics Cookies: Help us understand how users interact with the Platform so we can improve the experience
• Preference Cookies: Remember your settings and preferences across sessions

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Platform.

9. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at contact@omnivoo.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through a notice on the Platform. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: contact@omnivoo.com
• US Entity: Omnivoo Inc., a Delaware corporation, United States (US-incorporated parent)
• India Entity: Dynalize Technologies Pvt Ltd, Pune, Maharashtra, India (operating entity for India EOR services)
• Grievance Officer (India): Reachable at contact@omnivoo.com with subject "Grievance Officer"
• Website: omnivoo.com

12. Governing Law

Privacy disputes relating to data processed by Omnivoo Inc. are governed by the laws of the State of Delaware, United States, without regard to its conflict-of-laws principles. Privacy disputes relating to data processed by Dynalize Technologies Pvt Ltd are governed by the laws of India, including the Digital Personal Data Protection Act, 2023, with the Data Protection Board of India as the competent regulator. Nothing in this section limits a data subject's right to bring a claim before a supervisory authority in the European Economic Area, the United Kingdom, or any other jurisdiction whose mandatory laws apply to the relevant processing.