Privacy Policy
Effective Date: 9 April 2026
Introduction
Privacy Policy Last updated: 9 April 2026 This Privacy Policy explains how Omnipink Ltd. (“Spicestars”, “we”, “us” or “our”) processes personal data in connection with the website and services available at https:// www.Spicestars.ai (the “Service” and “APP”).
1. Data controller
The data controller responsible for the processing of personal data under this Privacy Policy is: Omnipink Ltd. Registered office address at John Kennedy, 8 IRIS HOUSE, 3rd floor 3106, Limassol, Cyprus, registered under the number HE 491125 with the Chamber Of Commerce in the Cyprus Email: legal@omnipink.ai For US state privacy laws, Spicestars acts as a “business” or “controller”, as applicable.
2. Scope
This Privacy Policy applies to:
visitors to the Website,
registered users of the Service,
communications with us. It does not apply to third-party websites or services linked from the Service.
3. Categories of personal data
Depending on how you interact with the Service, we may process the following categories of personal data:
Account data (e.g. email address, account identifiers)
Technical data (e.g. IP address, device type, browser information)
Usage data (e.g. interaction logs, feature usage)
Communication data (e.g. support inquiries)
Preference data (e.g. language or interface settings) We do not intentionally process special-category data under Article 9 GDPR.
4. Purposes and legal bases
Purpose Legal basis Provide and operate the Service Contract Account administration and support Contract Security, fraud prevention, abuse detection Legitimate interest Functional personalisation Consent Analytics and service improvement Consent Marketing communications Consent Legal and regulatory compliance Legal obligation
5. AI-enabled features and automated processing
The Service uses AI-enabled systems to generate content and support user interactions based on user inputs and system parameters.
AI outputs are generated dynamically.
Automated processing does not produce legal or similarly significant effects on users within the meaning of Article 22 GDPR.
Personal data is not used to train general-purpose AI models unless explicitly stated.
Automated processing is limited to what is necessary to provide the Service. This section is intended to satisfy transparency obligations under GDPR and emerging AI-specific regulation.
6. Communications and marketing
We distinguish clearly between:
Service communications, which are necessary to provide the Service (e.g. security notices, account updates); and
Marketing communications, such as newsletters or promotional messages. Marketing communications are sent only where you have provided explicit opt-in consent. You may withdraw marketing consent at any time via unsubscribe links or your account settings. We do not sell personal data or share it for cross-context behavioural advertising.
7. Recipients of personal data
We may share personal data with the following categories of recipients:
hosting and cloud infrastructure providers,
analytics providers,
security and fraud-prevention providers,
customer support service providers,
professional advisers or authorities where legally required. All recipients act as processors under written agreements imposing data-protection obligations consistent with GDPR. Processors may engage sub-processors subject to equivalent safeguards.
8. International data transfers
Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including adequacy decisions or Standard Contractual Clauses approved by the European Commission.
9. Data retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, taking into account legal, contractual, and operational requirements. Retention periods vary by data category and are reviewed regularly.
10. Your rights
You have the right to:
access your personal data,
rectify inaccurate data,
request erasure,
restrict or object to processing,
withdraw consent at any time,
lodge a complaint with a supervisory authority. Requests may be submitted to legal@omnipink.ai . We respond within statutory timeframes. The following US state rights may also be relied on where applicable and you may have rights to:
access, correct, or delete personal data,
opt out of targeted advertising,
appeal decisions regarding your data. We do not discriminate against users for exercising privacy rights.
11. Security measures
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, monitoring, and incident-response procedures. As can be seen [here]
12. Age limitation
The Service is intended for users aged 18 or older. We do not knowingly process personal data of persons under the age of 18 or the equivalent minimum age based on jurisdiction. Our Services are intended solely for adults aged 18 and above. In the event we discover misinformation from an individual under 18, or the equivalent minimum age based on jurisdiction, steps will be taken to promptly delete the information and block the user.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated appropriately.
14. Contact
For privacy-related questions, please contact: legal@omnipink.ai