Privacy Policy

This Privacy Policy explains how OmniaStrata LLC (“OmniaStrata,” “we,” “us,” or “our”), collects, uses, shares, and protects personal information when you visit our website, use our customer portal, communicate with us, or otherwise engage with our brokerage and trade-facilitation services (together, the “Services”).

OmniaStrata acts as the “controller” of personal information processed for the purposes described below for the purposes of the EU and UK General Data Protection Regulation, and as a “business” under the California Consumer Privacy Act, as amended (“CCPA/CPRA”).

Our Services are designed for business and professional users. We do not knowingly market to or collect personal information from individuals acting outside the scope of a trade or profession, and they are not intended for children under sixteen (16) years of age.

We collect personal information in the following categories:

• Identifiers and contact data — name, business email, business phone, job title, employer, and country of operation.
• Account and authentication data — account credentials, authentication factors, and login history.
• Verification data — identification documents, beneficial-ownership information, corporate registry extracts, sanctions and politically-exposed-person screening results, and similar compliance records.
• Commercial and transaction data — RFQs, quotes, orders, specifications, volumes, destinations, commercial terms, invoices, contracts, and shipping documents.
• Payment-related data — bank-account references, payment-link metadata, settlement instructions, and reconciliation records. We do not store full payment card details on our systems; card data is handled by regulated payment processors.
• Communications — the content of emails, portal messages, support tickets, and notes you send to us or that we send to you.
• Technical data — IP address, device and browser information, language, time zone, pages viewed, session activity, and diagnostic logs.

We collect this information directly from you, automatically through cookies and similar technologies, and from third parties such as verification and screening providers, business registries, payment processors, and counterparties on the opposite side of a transaction.

We use personal information to:

• create and maintain accounts, authenticate users, and operate the portal;
• conduct verification, sanctions, and ongoing compliance screening;
• match Buyers and Suppliers, share RFQs and Quotes, and facilitate Orders and settlement;
• process payments and reconcile transactions;
• provide customer support, respond to inquiries, and resolve disputes;
• send service announcements, security alerts, and operational notices;
• send commercial communications where permitted by law and subject to your right to opt out;
• monitor, secure, and improve the Services and prevent fraud, abuse, and unauthorized access;
• comply with legal, regulatory, audit, tax, and accounting obligations and respond to lawful requests.

For users in the European Economic Area, the United Kingdom, and Switzerland, our lawful bases under the GDPR are: (i) performance of a contract or steps requested before entering into a contract; (ii) compliance with legal obligations to which we are subject; (iii) our legitimate interests in operating, securing, and improving the Services and developing our business, where not overridden by your rights and freedoms; and (iv) your consent, where we ask for it.

We share personal information in the following circumstances:

• Counterparties. Where you are a Buyer or Supplier and a transaction proceeds, we share information necessary to negotiate, contract, settle, and ship the transaction with the relevant Counterparty. Until a Quote is shared, we mask Buyer identity to protect negotiating position.
• Service providers. We use vetted third-party providers for hosting, infrastructure, verification, payment processing, communications, support, and analytics. They process personal information only on our instructions and under contractual data-protection obligations.
• Banks and payment partners. Banks, money-services businesses, and payment processors involved in settlement receive information necessary for verification, transaction monitoring, and execution.
• Professional advisors. Our auditors, lawyers, accountants, insurers, and tax advisors may receive information under duties of confidentiality.
• Government, regulators, and law enforcement. We disclose information where required by law or a valid request from a competent authority, or where we consider disclosure necessary to investigate fraud or protect rights, property, or safety.
• Corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, or sale of all or part of our assets, personal information may be transferred to the counterparty subject to the protections of this Policy.

We do not sell personal information for monetary consideration, and we do not “share” it for cross-context behavioral advertising as those terms are defined under CCPA/CPRA.

OmniaStrata is based in the United States. Personal information you provide may be transferred to, stored, and processed in the United States and in other countries where our service providers operate. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been deemed adequate, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable).

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to meet our legal, regulatory, and accounting obligations.

• account and contact data: for the life of the account and a reasonable period after closure;
• verification and compliance records: at least five (5) years from the end of the business relationship, as required by anti-money-laundering laws, and longer where regulators specify;
• transaction records, contracts, invoices, and shipping documents: at least seven (7) years for tax, accounting, and audit purposes;
• technical logs and analytics: a limited period in identifiable form, then aggregated or deleted.

When the retention period ends, we delete personal information or irreversibly anonymize it.

We implement appropriate administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, audit logging, and vendor due diligence. No method of transmission or storage is perfectly secure. You are responsible for keeping your credentials confidential and for notifying us promptly if you suspect that your account has been compromised.

Subject to local law, you may have the right to:

• access the personal information we hold about you and obtain a copy;
• correct inaccurate or incomplete information;
• request deletion of personal information, subject to retention obligations;
• restrict or object to certain processing, including processing based on legitimate interests;
• request portability of information you provided to us;
• withdraw consent where processing is based on consent, without affecting prior lawful processing;
• opt out of marketing communications;
• lodge a complaint with a data-protection authority in your country of residence.

California residents (CCPA/CPRA). You have the right to know what personal information we collect, use, disclose, and retain; to correct inaccurate information; to request deletion; to limit the use and disclosure of sensitive personal information; and not to be discriminated against for exercising your rights. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any right, contact us at privacy@omniastrata.com from the email address on your account or through a verified channel from your portal account. We will verify your identity before responding and will respond within statutory deadlines. You may designate an authorized agent to act on your behalf, subject to written authorization and identity verification.

We use a small number of cookies and similar technologies, grouped as follows:

• Strictly necessary — required to load the website, maintain sessions, authenticate users, and remember security preferences.
• Functional — remember preferences such as language and timezone display.
• Analytics — help us understand aggregated usage patterns so we can improve the Services.

We do not use third-party advertising or cross-site tracking cookies. You may configure your browser to refuse or delete cookies, but parts of the Services may not function correctly without them. Where required by law, non-essential cookies are used only with your consent.

We may update this Privacy Policy from time to time. The “Effective” and “Last updated” dates at the top of this page indicate when the current version took effect. For material changes, we will post a prominent notice on this page and, where appropriate, notify you through the portal or by email. Your continued use of the Services after the effective date of a revised Policy constitutes acceptance of the revised Policy.

For questions about this Privacy Policy, to exercise your rights, or to raise a concern about our handling of personal information, contact us at privacy@omniastrata.com. If you are not satisfied with our response, you have the right to complain to the data-protection authority in your country or state of residence; we would appreciate the opportunity to address your concerns first.