Privacy Policy
Last updated: June 11, 2026
OmniView ("we", "us", "our") operates the website holossystems.com and provides video synchronization services. This policy explains what data we collect, why, and how we protect it.
In short: We collect only what we need to run the service. We don't sell your data. We don't use tracking or analytics. Your data is stored on servers in Germany (EU).
1. Data we collect
Account information
When you create an account, we collect:
- Name — to identify you in the dashboard
- Email address — for login, verification, and notifications
- Password — stored securely using bcrypt hashing (we never store or see your actual password)
- Organization (optional) — displayed in your dashboard
Media uploads (videos and photos)
When you or your event attendees upload media files, we collect:
- Media file — stored on our servers for synchronization, display, and playback
- GPS location (optional) — used to show camera positions on the event map and to match uploads to the correct stage. Only collected with explicit browser permission.
- Compass heading (optional) — used to determine camera direction
- Device timestamp — used for synchronization and chronological ordering
Event Attendees (Non-account holders)
If you upload a video or photo via an event's upload link (e.g. after scanning a QR code at a live event), we collect:
- Media file — stored on our servers for synchronization, display, and playback as part of the event
- GPS location (optional) — only collected with your explicit browser permission, used to show camera positions on the event map and to match uploads to the correct stage
- Compass heading (optional) — used to determine camera direction
- Device timestamp — used for synchronization and chronological ordering
- Location description (optional) — free-text field you may fill in (e.g. "Main stage, left side")
We do not require you to create an account to upload. We do not collect your name, email address, or any device identifiers. Uploaded media files are associated with the event, not with you personally.
Visual data
Videos and photos uploaded to the Service — whether by account holders or event attendees — may contain images of people, including recognizable faces and other visual features. OmniView processes these media files solely for synchronization, display, and playback purposes. We do not perform facial recognition, biometric analysis, or any form of individual identification on uploaded content.
The event organizer who created the event is the data controller for the uploaded content and is responsible for informing attendees that filming and photography is taking place and that media may be collected and published via the OmniView event page and viewer.
Payment information
Payments are processed by Stripe. We never see or store your full credit card number, bank account details, or iDEAL credentials. Stripe handles all payment data under their own privacy policy.
Cookies
We use a single session cookie (omniview_session) to keep you logged in. This cookie:
- Is HTTP-only (not accessible to JavaScript)
- Expires after 72 hours
- Contains only your session token — no tracking data
We do not use analytics cookies, advertising cookies, or third-party tracking.
2. How we use your data
- Provide the service — synchronize videos, display photos and the viewer, manage your events
- Authentication — verify your identity and protect your account
- Notifications — send verification emails, password resets, and sync status updates
- Payments — process upgrades via Stripe
- Content review — OmniView personnel may access uploaded content for content moderation, quality assurance, technical support, debugging, and compliance with legal obligations. This access is a necessary part of operating the Service (legal basis: legitimate interest, Art. 6(1)(f) GDPR; and performance of contract, Art. 6(1)(b) GDPR).
- Service improvement — anonymized and aggregated sync metrics (e.g. accuracy statistics, platform patterns, audio fingerprints, camera intrinsics) are used to improve our synchronization engine and develop new features. This data cannot be linked back to any individual, video, or event.
We do not use your data for advertising, profiling, or selling to third parties.
3. Third-party services
We share data with the following services, only as needed to operate:
- Hetzner Online GmbH (hosting) — all data is stored on Hetzner servers in Germany. Hetzner acts as a sub-processor under our instructions. Hetzner Privacy Policy
- Stripe (payments) — receives your email and plan selection during checkout. Stripe Privacy Policy
- Resend (email delivery) — receives your email address and name to deliver notifications. Resend Privacy Policy
4. Where your data is stored
All data is stored on servers hosted by Hetzner in Germany (EU). This means your data is protected under the General Data Protection Regulation (GDPR) and European data protection laws.
5. How long we keep your data
- Account data — kept as long as your account exists. Delete your account by contacting us.
- Media files (videos and photos) — kept for the duration specified by the event organizer's plan (30 days for Free, 12 months for Pro, 24 months for Business). After expiration, all media files and associated personal metadata (GPS, timestamps) are permanently and automatically deleted. This applies to content uploaded by account holders and event attendees alike.
- Anonymized sync data — aggregated, non-personal technical data from the synchronization process (e.g. accuracy metrics, platform statistics) may be retained indefinitely to improve our service. This data cannot be traced back to any individual, video, or event. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Payment records — retained as required by tax law (typically 7 years).
6. Your rights (GDPR)
As an EU resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Object — object to data processing
To exercise any of these rights, email us at privacy@holossystems.com.
Event attendees without an account
If you uploaded media via an event upload link without creating an account, we do not have your name or email on file. To request deletion or access to your upload, please email us at privacy@holossystems.com with the event URL and the approximate date, time, and file name of your upload so we can locate it.
7. Security
We protect your data with:
- HTTPS/TLS encryption for all connections
- bcrypt password hashing
- HTTP-only session cookies
- Server-side input validation
8. Changes to this policy
We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website. The "last updated" date at the top reflects the most recent version.
9. Contact
Questions about this privacy policy? Contact us at privacy@holossystems.com.
10. Company details
Holos Systems
[Address]
[Postal code, City]
The Netherlands
KvK: [number]
BTW: [number]