Privacy Policy

Effective 1 July 2026

This policy explains how the Ohmatic hosted API and MCP service ("Ohmatic", "we") handles personal data under the EU General Data Protection Regulation (GDPR). The free local engine is a separate product and is not covered here.

1. Who we are (Data Controller)

Ohmatic — Vittoria Lanzo (sole proprietor), Via Montale 367, Cesena, Italy. Contact for any privacy or data-subject request: contact@ohmatic.dev.

2. What we collect

3. Why, and the legal basis

4. Processors and sub-processors

We use these providers to run the service; each processes only what its function needs:

Some providers are based in the United States; transfers rely on appropriate safeguards (e.g. EU Standard Contractual Clauses or an adequacy framework). We can provide details on request.

5. Retention

Circuit payloads: not retained beyond the request. Account email + usage/billing records: kept while your account is active and for the period required by tax/accounting law, then deleted. Technical logs: short rolling windows at our providers.

6. Your rights

Under the GDPR you may request access, rectification, erasure, restriction, portability, and object to processing; and you may withdraw marketing consent at any time. You can download your data and delete your account yourself from the dashboard (deleting also revokes your API key; billing records are retained only for the statutory tax/accounting period). For any other request, email contact@ohmatic.dev. You also have the right to lodge a complaint with your supervisory authority — in Italy, the Garante per la protezione dei dati personali (garanteprivacy.it).

7. Cookies & storage

When you sign in we set one essential cookie that holds your login session — it is required for the dashboard to work and is never used for advertising or tracking. The marketing site also uses your browser's local storage for a single functional preference (your Human/AI view choice), which is never sent to us. We do not use advertising or third-party tracking cookies, so there is no consent banner. Your API key is shown once when you create it and is not stored in your browser by us; agents send it only to our own API to authenticate requests, never to any third party.

8. Children

The service is intended for professional/developer use and is not directed to children. You must be at least 14 — the age of valid consent for information-society services in Italy — and able to agree to the Terms.

9. Changes

We may update this policy; material changes will be posted here with a new effective date.