Omli Privacy Policy

Privacy Policy

Omli Technologies Private Limited ("Omli", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you access or use any of the following (collectively, the "Services"):

  • Our websites (including omli.in and related pages) (the "Website");
  • Our mobile and web applications (the "Apps");
  • Our voiceenabled hardware and connected toys/devices (the "Products").

This Policy is tailored for individuals in India and is intended to align with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 (together, the "DPDP Law ") (as and when operationalized) and the Information Technology Act, 2000 and applicable rules (including reasonable security practices). Where the DPDP Law imposes stricter obligations, Omli will comply upon commencement and as rules are notified.

If you do not agree with this Policy, please do not access or use the Services. Where we rely on consent under DPDP Law, we will obtain it through a clear affirmative action (such as in-app consent screens, checkboxes) for specified purposes.

1) Who We Are & How to Contact Us

Data Fiduciary: Omli Technologies Private Limited, WeWork DLF Forum, Cybercity, Phase III, Gurugram, Haryana 122002, India.
Email (Privacy/Support): contact@omli.in

India Grievance Officer: Shivam Munshi, CEO,
Contact: +91-9500153960,
Address: Omli Technologies Private Limited, WeWork DLF Forum, Cybercity, Phase III, Gurugram, Haryana 122002, India.
Email: shivam@omli.in

We aim to acknowledge grievances within 24–72 hours and resolve them within applicable statutory timelines.

2) Who Uses Omli - Roles & Audience

The categories of people who interact with our Services (collectively, "Users") include:

  • Site Visitor: anyone visiting our Website.
  • Customer: an individual who purchases Products from Omli or our partners.
  • Authorized User (Parent/Guardian/Representative): an adult who registers/manages a Product for a child.
  • Primary User: the user of a Product (either the Authorized User or the Authorized User’s child) and any person who interacts with a Product in a store/demo.

Children & Teens. Under the DPDP Law, a child is any person under 18. The Apps and Website are intended for adult parents/guardians to set up/manage Products for a child. We do not knowingly collect personal data from children via the Website or Apps without verifiable parental/guardian consent. See Section 7 (Children’s Privacy).

3) Personal Data We Collect

3.1 Information You Provide

a. Account & Purchase: name, email, phone, shipping/billing address, login credentials; order and warranty details. Payments are processed by our payment partners; we store limited payment metadata.

b. Child Setup (provided by parent/guardian): what the Product should call the child (name or nickname), child’s date of birth (to tailor age appropriate experiences), names/relationships of family members, parental contact email/phone, and optional preferences (likes/dislikes).

c. Your Communications: support queries, feedback, emails, phone calls, or postal correspondence.

d. Surveys, Promotions: responses and any details you choose to submit.

e. Social Channels & Forums: content you post on Omli managed forums/blogs/social pages is considered public and may be read, collected, and used by others.

3.2 Voice Interactions & Transcripts

a. Temporary Audio Capture: When a Primary User speaks to a Product, the Product may capture voice audio to perform via our service provider(s). Audio files are archived thereafter.

b. Text Transcripts: Transcriptions of interactions may be retained for up to 90 days to (i) enable parental review and (ii) support conversation continuity/personalization. Parents/guardians can view and delete transcripts in the App at any time; after 90 days they are archived. Where the DPDP Rules require minimum retention of logs or records for security, compliance or other lawful purposes, we will retain such information for the required period.

3.3 Images, Environment & Sensors

a. Voices in the Household: Depending on features you enable, Products may detect and/or analyze voices to personalize experiences (e.g., recognizing a household profile) or to wake on trigger words (e.g., “Hello” style wake word). Background audio could be captured incidentally when someone speaks near the Product. You can disable mic access in settings.

b. Spatial Mapping: Certain Products may collect information about their environment (movement/path, proximity sensors) to create a digital map of accessible space; this is generally nonvisual and not a recognizable image of your home.

3.4 Automatic Data Collection

We may automatically collect: IP address, device identifiers (e.g., MAC/advertising ID), OS/browser details, mobile network info, approximate location (e.g., time zone or city) to enable features like local weather and for connectivity, pages/screens viewed, actions taken, error logs/diagnostics, session duration and telemetry. We also use cookies, local storage, and secure mobile storage for authentication, preferences, fraud prevention, analytics, and features.

3.5 Biometric Information (If Enabled)

With explicit, verifiable parental/guardian consent (or your consent if you are an adult Primary User), Products may collect and store face/voice characteristics to help a user securely log in or personalize experiences. We do not sell, lease, or trade biometric data. Biometric templates (if used) are stored with industry standard security and retained for no more than three (3) years from the last use, after which they are deleted. You may delete biometric data at any time via the App or by contacting us.

3.6 Information from Other Sources

We may receive information from app stores, identity verification services, social signin providers, analytics/measurement partners, retail partners, and logistics/payment partners, consistent with your settings on those services.

4) DPDP Notice at Collection

Before or at the time we collect personal data, we provide a DPDP Notice that is presented independently from other information and is understandable on its own. The notice provided includes:

  • an itemised description of the personal data collected;
  • the specified purpose(s) for which such personal data is processed and an itemised description of the goods, services, uses enabled by such processing;
  • a communication link and other means (where applicable) to (i) withdraw consent; (ii) exercise rights under the DPDP Law; and (iii) make compliant to the Data Protection Board of India.

5) How We Use Personal Data (Purposes)

We process personal data to:

  • Provide and operate the Services (including pairing/control of Products over Bluetooth/WiFi; conversational features: speechtotext, text generation, texttospeech);
  • Create/manage accounts; verify a parent/guardian’s identity and relationship to a child; manage onboarding;
  • Personalize content (e.g., age appropriate experiences, nickname, preferences);
  • Communicate about accounts, purchases, updates, warranty, and policy changes;
  • Support & safety: detect/repair errors, prevent fraud/abuse, ensure product integrity, and respond to incidents;
  • Analytics and improvement of Services, including deidentified/aggregated insights;
  • Marketing to adults (with consent/optin where required); no behavioral targeting to children;
  • Comply with law, respond to lawful requests, enforce terms, and protect rights/safety.

Automated Decisions/Profiling. We do not make decisions producing legal or similarly significant effects using solely automated processing without appropriate safeguards or your consent where required. You can contact us to express a view, obtain an explanation, or contest such decisions where applicable.

6) Legal Bases & Consent

Where the DPDP Law applies, we rely on one or more of the following:

  • Consent (including verifiable parental/guardian consent for children) for specified purposes;
  • Compliance with law and legitimate uses under Indian law (e.g., fraud prevention, security, legal claims, and emergencies).

You may withdraw consent at any time through settings or by contacting us (Section 1). Withdrawal does not affect prior lawful processing.

7) Cookies, SDKs & InterestBased Ads (Adults)

We and our partners use cookies, pixels, and APIs/SDKs for functionality, performance, analytics, and (on the Website only) interestbased advertising to adults. You can manage cookies in your browser/device and opt out of interestbased advertising using platform settings and recognized industry tools. We do not use advertising trackers on Products for targeting or retargeting children.

8) Children’s Privacy

  • A child is under 18. We collect only what is reasonably necessary for a child to use child appropriate features, and require verifiable parental/guardian consent before collecting, using, or disclosing a child’s personal data, except for limited one time responses or consent seeking. Before processing a child’s personal data, we use appropriate technical and organisational measures to obtain verifiable consent of the parent or guradian and conduct due diligence to check that the individual idenitifying as the parent or guradian is an identifiable adult, including by reference to reliable identity or age details available with us, identity or age details provided, or a virtual token mapped to such details issued by an authorised identity (including through Digital Locker service provider where applicable).
  • Parents/guardians can review, correct, or delete their child’s data, withdraw consent, or disable microphones /features through settings or by contacting us (Section 1).
  • Voice audio captured for interactions is used only to provide the requested functionality (transcription and response) and is deleted promptly after transcription. Text transcripts are retained up to 90 days (or less if deleted by the parent) to enable review and continuity.
  • We do not conduct behavioral advertising to children and design our Services to avoid processing likely to harm a child’s wellbeing.

Household Notice. If you use Products where others may be present, you are responsible for complying with applicable notice/consent requirements (e.g., informing guests that wakeword detection and incidental audio capture may occur). You may restrict capture using settings.

9) Your Choices & Controls

  • Account & Profile: Access/update certain details in your account dashboard.
  • Transcripts & Biometric Data: View/delete conversation transcripts at any time; delete biometric data in the App or by contacting us.
  • Location & Permissions: Disable location, or microphone access in device settings; some features may not function.
  • Marketing Preferences (Adults): Opt out via unsubscribe links, inApp settings, or by contacting us.
  • Cookies/Ads (Adults): Manage browser/mobile settings; use platform optouts.
  • Consent Withdrawal: Withdraw at any time via settings or by contacting us.

10) Your Privacy Rights

Subject to applicable law, you (or your parent/guardian for a child) may:

  • Request access personal data processed by Omli;
  • Request correction or updating of inaccurate or incomplete data;
  • Request erasure of personal data where applicable that is no longer necessary or where consent is withdrawn subject to lawful retention requirements;
  • Seek Grievance Redressal via our Grievance Officer; and
  • Nominate another individual to exercise your rights on your behalf, in accordance with the DPDP Law.

We may request information to verify identity and relationship to the child before acting on a request. Certain data may be retained where required by law or for legal claims.

11) Disclosures and Sharing

We may share personal data with:

  • Service Providers (Processors): cloud hosting, speechtospeech/ speech-to- text/texttospeech, analytics/measurement, identity verification, payments, logistics, customer support. They act on Omli’s instructions and are subject to confidentiality and security obligations.
  • ThirdParty Developers/Partners: where you choose to use partner content/services or jointly branded offerings; your data may be provided directly to those partners under their privacy policies.
  • Affiliates: for support consistent with this Policy.
  • Advertising Partners (Website – adults only): to deliver/measure ads; never for targeting children or on Products.
  • Legal/Safety: to comply with law or legal process; protect rights, property, or safety; prevent fraud/security incidents; or enforce terms.
  • Business Transfers: as part of a merger, acquisition, financing, reorganization, or sale of assets.
  • With Your Direction/Consent.

No Sale of Personal Data. We do not sell personal data.

12) Data Retention

We retain personal data only as long as necessary for the purposes described, including to comply with law, resolve disputes, and enforce agreements. Illustratively:

  • Audio of interactions: retained only until transcription completes, then deleted.
  • Text transcripts: retained up to 90 days unless deleted earlier by the parent/guardian.
  • Biometric templates (if enabled): retained up to 3 years from last use, then deleted.
  • Account, purchase, and support records: retained for the life of the account and a reasonable period thereafter (e.g., tax, fraud prevention, legal obligations).

Notwithstanding the illustrative periods above, we may retain certain personal data, associated traffic data and processing logs for minimum periods required under the DPDP Rules and other applicable law, including for security safeguards, aditability, incident investigation, and compliance.

13) Security

We implement reasonable technical and organizational measures including encryption in transit/at rest for sensitive data, authenticated access, least privilege controls, logging/monitoring, and vendor duediligence. No system is perfectly secure; if a data incident occurs, we will take steps consistent with law, which may include notifying you and authorities. On becoming aware of a personal data breach, we will intimate each affected Data Principal, through the user account or registered communication mode, including: (a) description of breach; (b) likely consequences; (c) measures implemented to mitigate risk; (d) recommend safety steps; and (e) contact information for queries. Further, we will intimate the Data Protection Board of India and provide updated or detailed information within 72 hours of becoming aware of the breach (or such longer period as permitted), in accordance with applicable law.

14) ThirdParty Sites, Social Media & SDKs

The Services may include links to thirdparty sites/services and embedded SDKs/APIs. Their data practices are governed by their own policies. Your interactions with such features (apart from our Services) are governed by those third parties’ terms and privacy notices.

15) Do Not Track

You can manage tracking by adjusting cookies/permissions and using opt out tools.

16) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will make reasonable efforts to notify you by posting the updated Policy and, where appropriate, by additional notice (e.g., email/in App). Your continued use after the effective date constitutes acceptance.

17) Contact

Omli Technologies Private Limited
WeWork DLF Forum, Cybercity, Phase III, Gurugram, Haryana 122002, India
Email: contact@omli.in
Phone: +91-9500153960

If you are a parent/guardian and wish to review, correct, delete, or withdraw consent for your child’s data, or if you wish to delete biometric data, you may do so via the App or by contacting us as above.

Your Responsibilities. If guests are present near a Product, ensure you have proper notice/consent from those individuals as required by applicable law.