Last updated: August 8th, 2025
OmnibusX is dedicated to advancing life sciences research by providing powerful, intuitive software tools for the scientific community. We understand that groundbreaking discovery depends on the integrity and confidentiality of research data. Our commitment to you is built on a foundation of trust, transparency, and an unwavering respect for your privacy.
This Privacy Policy articulates our core philosophy: to empower your research while upholding the highest global standards for data protection. Our approach is rooted in the principles of Privacy by Design, data minimization, and user control. This policy is designed to be a comprehensive and clear guide to our data practices, ensuring you understand how we handle information and protect the trust you place in our products and services.
This policy governs all interactions with OmnibusX and its services. It applies to:
- The use of our public-facing website, https://omnibusx.com (the "Website").
- The use of the OmnibusX Application, our cross-platform desktop software for Windows, macOS, and Ubuntu (the "Application").
- The creation and management of user accounts for licensing, authentication, and support purposes.
- The creation and management of user accounts for licensing, authentication, and support purposes.
- All communications with OmnibusX, including but not limited to support requests, feedback, and inquiries submitted via email or other channels.
This document specifically details our processing of "Personal Data" as defined by applicable laws. It is crucial to understand that this policy does not extend to the scientific research data that you process locally within the Application.
To ensure absolute clarity and legal precision, the following terms are used throughout this policy with the meanings defined below. These definitions are harmonized to reflect the requirements of global data protection frameworks, including the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Vietnam's data protection laws.
Personal Data: Any information relating to an identified or identifiable natural person (a 'Data Subject'). This is a broad definition that includes direct identifiers such as a name or email address, as well as indirect identifiers like an IP address, account credentials, or license keys that can be linked to an individual.
Scientific Data: Any and all data, content, or information that a User processes, analyzes, stores, or generates within the OmnibusX Application. This includes, but is not limited to, multi-omics datasets (e.g., scRNA-seq, scATAC-seq), analysis results, metadata, annotations, visualizations, and exported figures. OmnibusX does not access, collect, or store your Scientific Data.
Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means. This includes activities such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the scope of data described in this policy, OmnibusX is the Data Controller.
Data Processor: A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller. We identify our third-party service providers, such as Auth0 and Google, as our Data Processors (or "sub-processors").
User: Any individual or entity using our Website or Application. This includes individual license holders, authorized users under an enterprise license, and visitors to our Website.
We begin with a clear and unequivocal statement that defines our relationship with your research:
OmnibusX does not collect, access, track, store, or otherwise process any Scientific Data that you import, analyze, or generate within the OmnibusX Application.
All of your research datasets, analyses, results, and intellectual property remain exclusively on your local computer. For our enterprise customers, this data resides on your designated on-premise or private cloud servers, under your exclusive control. This architecture is a deliberate implementation of the "Privacy by Design" and "Privacy by Default" principles, which are central tenets of modern data protection law. The limited API calls made by the Application are strictly for essential software functionality and never involve the transmission of your Scientific Data.
We are transparent about the specific categories of Personal Data we process, our purpose for doing so, and the legal justification under applicable laws, including GDPR and Vietnam's PDPD.
Account and Profile Information: When you register for an OmnibusX account to activate a license, we use a specialized third-party identity platform, Auth0, to manage authentication securely. The Personal Data collected during this process includes your full name, email address, and optionally, your institutional affiliation. This information is essential for creating and securing your account, verifying your identity for support purposes, and administering your software license.
Communications with Us: If you contact us for technical support, provide product feedback, or make other inquiries by emailing support@omnibusx.com, we collect your email address and the content of your communication. We process this information to respond to your requests, provide effective customer support, and use your valuable feedback to improve our products and services.
Software-Related Data (OmnibusX Application): To ensure the proper functioning, security, and licensing of the Application, our software makes limited, secure API calls to our servers. These calls transmit the following necessary operational data:
- Authentication and Licensing Data: We transmit user authentication tokens (securely managed by Auth0) and your license key to our servers to verify your identity and confirm your subscription status. This is necessary to grant you access to the software.
- Software Update and System Information: The Application periodically checks for updates by sending your current Application version and operating system (Windows, macOS, or Ubuntu) to our server. This allows us to notify you of available updates, which often contain important security patches and feature improvements.
- Reference File Downloads: The Application includes features to download available reference files (e.g., reference genomes). When you use this feature, we process the request to deliver the selected files to you. We do not log or track which specific files you download or how you use them in your analyses.
Website Usage Data (omnibusx.com): To improve our Website and understand how it is used, we utilize Google Analytics. This service helps us analyze visitor traffic and user behavior.
- We have configured Google Analytics to operate in a manner that respects your privacy. This includes enabling IP address anonymization, a feature where Google truncates the last octet of the IP address before any storage or processing occurs, making it impossible to identify a specific device.
- The data collected is aggregated and anonymized, providing insights into metrics such as which pages are most visited, the duration of visits, the general geographic location of visitors (at the country or city level), and the types of browsers used. This information is statistical and is not linked to your OmnibusX account or any other personally identifiable information.
- In strict compliance with GDPR and Vietnamese law, we will only collect this non-essential analytics data after obtaining your explicit and affirmative consent. This consent is requested through a clear and unobtrusive cookie consent banner that appears when you first visit our Website. You have the right to refuse consent without affecting your ability to browse the site.
OmnibusX does not sell, rent, trade, or otherwise profit from your Personal Data. We share it only in the following limited and necessary circumstances:
Third-Party Service Providers (Sub-processors): We engage a small number of trusted third-party companies to perform specific technical functions on our behalf. These sub-processors are granted access only to the Personal Data necessary to perform their designated services and are bound by contractual obligations, including Data Processing Agreements (DPAs), to maintain the confidentiality and security of the data and to process it only in accordance with our instructions and applicable laws. Our key sub-processors are:
- Auth0 (a product of Okta, Inc.): Provides our identity and authentication platform. Auth0 securely manages user account creation, logins, and password management, helping us protect your account from unauthorized access.
- Google (Google LLC): Provides website analytics services through its Google Analytics platform. Our agreement with Google includes robust data protection terms that govern their processing of this data on our behalf.
Legal Compliance and Protection of Rights: We may disclose Personal Data if we have a good-faith belief that such disclosure is reasonably necessary to: (a) comply with an applicable law, regulation, legal process, or governmental request; (b) enforce our terms of service and investigate potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect against harm to the rights, property, or safety of OmnibusX, our users, or the public, as required or permitted by law.
Business Transfers: In the event that OmnibusX is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of all or a portion of its assets, your Personal Data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or in the uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
OmnibusX is headquartered in Vietnam. Our operations and the service providers we use (such as Auth0 and Google, which are headquartered in the United States) mean that your Personal Data may be transferred to, and processed in, countries outside of your country of residence. These countries may have data protection laws that are different from the laws of your country.
We are committed to ensuring that your Personal Data receives an adequate level of protection regardless of where it is processed. To that end, we have implemented robust safeguards for all cross-border data transfers:
For Transfers from the EEA, UK, and Switzerland: When we transfer Personal Data originating from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on legally-approved transfer mechanisms, primarily the Standard Contractual Clauses (SCCs) issued by the European Commission.
Compliance with Vietnamese Law: We fully adhere to Vietnam's strict regulations governing the cross-border transfer of personal data. As required by Decree 13/2023/ND-CP and subsequent legislation, we conduct and maintain a comprehensive Cross-border Data Transfer Impact Assessment (TIA). This assessment is filed with the Department of Cybersecurity and High-tech Crime Prevention (A05) of the Ministry of Public Security, ensuring our data transfer practices are transparent and compliant with national requirements.
In line with the principle of data minimization, we retain Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, to perform our contractual obligations, to comply with our legal obligations, or to resolve disputes.
Account Information: We retain your account and profile information for as long as your account remains active with us. If you choose to delete your account, we will initiate a process to permanently delete this information from our production systems within 90 days, unless we are required by law to retain it for a longer period (e.g., for financial record-keeping).
Communication Data: Correspondence with our support team is retained for a reasonable period, typically up to two years after the issue is resolved, to maintain a record of the support provided and for internal training and service improvement purposes.
Website Analytics Data: The aggregated and anonymized usage data collected by Google Analytics is retained for a period of 26 months to allow for year-over-year trend analysis. This data is not personally identifiable.
OmnibusX acknowledges and is prepared to uphold your rights over your Personal Data. Depending on your geographical location and the data protection laws applicable to you (such as GDPR, CCPA, or Vietnam's PDPD), you have a number of rights, which include:
The Right to Access: You have the right to request a copy of the Personal Data we hold about you and information about how we process it.
The Right to Rectification: You have the right to request the correction of any inaccurate or incomplete Personal Data we hold about you.
The Right to Erasure (The 'Right to be Forgotten'): You have the right to request the deletion of your Personal Data when it is no longer necessary for the purposes for which it was collected, you have withdrawn consent, or for other legal reasons.
The Right to Restrict Processing: You have the right to request that we suspend the processing of your Personal Data in certain specific cases, for example, while the accuracy of the data is being verified.
The Right to Data Portability: You have the right to request that we provide you with a copy of your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
The Right to Object: You have the right to object to our processing of your Personal Data where we are relying on a legitimate interest as our legal basis for processing.
The Right to Withdraw Consent: In cases where our processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
Rights Related to Automated Decision-Making: OmnibusX does not use your Personal Data for automated decision-making or profiling that produces legal or similarly significant effects.
California-Specific Rights (CCPA/CPRA): If you are a California resident, you have the right to know what personal information we collect, use, and disclose. While we do not "sell" your Personal Data in the traditional sense, the use of third-party analytics cookies may be considered "sharing" for cross-context behavioral advertising under the California Privacy Rights Act (CPRA). You have the right to opt-out of this sharing by managing your preferences in our cookie consent banner.
How to Exercise Your Rights: To exercise any of these rights, please submit your request by contacting us at support@omnibusx.com. Providing a single, dedicated point of contact ensures that your request is funneled directly to the team responsible for privacy matters, allowing us to act efficiently and in compliance with legal timelines. We will respond to all verifiable requests promptly and within the timeframes mandated by applicable law, such as the 72-hour response window for certain requests under Vietnamese law.
Right to Lodge a Complaint: You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that our processing of your Personal Data infringes upon your rights. For users in the EEA, this would be the data protection authority in your country of residence. In the UK, it is the Information Commissioner's Office (ICO). In Vietnam, complaints can be directed to the Ministry of Public Security.
Our Website, Application, and services are not directed to or intended for use by individuals under the age of 16. We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe that your child has provided us with Personal Data without your consent, please contact us at support@omnibusx.com. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take prompt steps to delete such information from our systems.
The field of data protection is constantly evolving. We may update this policy from time to time to reflect changes in our data practices or for other operational, legal, or regulatory reasons. If we make material changes to this policy, we will notify you by posting the updated version on our Website and updating the "Last Updated" date at the top of this page. For significant changes, we may also provide more prominent notice, such as via email. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
This Privacy Policy, and any disputes arising out of or related to it, shall be governed by and construed in accordance with the laws of the Socialist Republic of Vietnam, without regard to its conflict of law provisions. Any legal action or proceeding arising under this policy will be brought exclusively in the competent courts of Vietnam.
If you have any questions, comments, or concerns about this policy, our data practices, or if you wish to exercise your data protection rights, please do not hesitate to contact us at: support@omnibusx.com