Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 1 May 2026

OML Labs ("we", "our", or "us") operates omllabs.com and the OML network-lab platform.

1. Information We Collect

We collect information you provide directly to us and information collected automatically when you use our services.

• Account data — name, email address, username, and password (stored as a one-way hash) when you register.
• OAuth sign-in data — if you sign in with Google, we receive your name, email address, and Google account identifier. We do not receive your Google password.
• License & billing data — email address, transaction reference, and license tier when you purchase a plan. Payment details (card numbers) are processed exclusively by Razorpay and are never stored on our servers.
• Usage data — IP address, browser/OS, pages visited, and feature usage collected automatically via server logs.
• Lab data — topology configurations and node metadata you create inside the OML platform, stored on your self-hosted OML instance. We only access this data when you explicitly share a lab to the community feed.

2. How We Use Your Information

• Provide, operate, and improve the OML platform and website.
• Authenticate your account and issue license keys.
• Send transactional emails (license keys, receipts, account notices).
• Respond to support requests and prevent fraud.
• Comply with legal obligations.

We do not sell, rent, or share your personal data with third-party advertisers.

3. Google OAuth & Third-Party Sign-In

When you choose to sign in with Google, we use the OAuth 2.0 protocol to authenticate you. We request only the minimum scopes needed: openid, email, and profile. We store your Google account identifier and email to link your OML account. We do not access your Google Drive, Gmail, Contacts, or any other Google service.

4. Data Sharing

We share data only in the following limited circumstances:

• Service providers — Razorpay (payment processing), Google (OAuth authentication). Each provider's own privacy policy applies to data they process.
• Legal requirements — when required by applicable law, court order, or governmental authority.
• Business transfer — in the event of a merger or acquisition, user data may be transferred as part of business assets with the same privacy protections.

5. Data Retention

Account data is retained for as long as your account is active. You may request deletion at any time by emailing hello@omllabs.com. Billing records may be retained for up to 7 years to comply with financial regulations. Server logs are purged after 90 days.

6. Security

We use industry-standard measures including TLS encryption in transit, bcrypt/PBKDF2 password hashing, and RSA-4096 signed license tokens. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

7. Cookies

We use only functional cookies required for authentication (session token stored in localStorage). We do not use advertising or tracking cookies.

8. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at hello@omllabs.com.

9. Your Rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data; object to or restrict processing; or request data portability. To exercise any of these rights, email hello@omllabs.com.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, where appropriate, by email. Continued use of our services after changes constitutes acceptance of the revised policy.

11. Contact Us

OML Labs
Email: hello@omllabs.com
Website: omllabs.com

© 2026 OML Labs. All rights reserved.