Privacy Policy — what we collect, how we use it, and your rights

1. What this Policy covers

This Privacy Policy applies to getomnichannel.com, including all subdomains, mobile-optimised versions, RSS feeds, email newsletters, lead-generation forms, comparison tools, and any other digital property we operate that links to this Policy (collectively, the "Site"). It describes:

• The categories of personal information we collect and the sources of that information;
• How we use, retain, and disclose that information;
• The cookies and similar tracking technologies we and our partners use;
• Your rights as a data subject, consumer, or resident of a jurisdiction with applicable privacy laws; and
• How to contact us, exercise your rights, or file a complaint.

This Policy does not apply to third-party websites, services, or applications you reach via outbound links from the Site — including the affiliate links and advertised vendor pages we reference in our reviews. Once you click an outbound link, you are subject to the privacy practices of that destination. We encourage you to read the privacy policies of any vendor you engage with.

By using the Site, you confirm that you have read and understood this Policy. If you do not agree with any part of it, please do not use the Site.

2. Information we collect

We collect personal information in three ways: information you give us directly, information collected automatically when you interact with the Site, and information we receive from third parties such as advertising networks and affiliate platforms.

2.1 Information you provide directly

2.2 Information collected automatically

2.3 Information from third parties

We may receive information about you from:

• Affiliate networks (such as Impact.com, PartnerStack, CJ Affiliate) — they tell us when a click on the Site led to a qualifying signup or purchase on a vendor's website, so we can be paid commission. The information they share is typically a transaction ID, the date, and a hashed reference; not your name or contact details.
• Advertising platforms (Google Ads, LinkedIn Ads) — when you click an ad that brings you to the Site, the platform may tell us the campaign that referred you.
• Analytics and security providers — for fraud prevention, bot mitigation, and aggregated audience insights.
• Public sources — if you advertise with us, we may verify your business through public registries, your LinkedIn profile, or your company's public website.

2.4 Information we do not collect

We do not knowingly collect or process special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, health, or sexual orientation). Please do not submit such information to us via comments, forms, or email.

3. How we use your information

We process your personal information for the following purposes, relying on the legal bases noted in brackets (see section 9.1 for definitions):

• Operating the Site — serving pages, remembering your cookie consent, preventing fraud and abuse. [Legitimate interest; necessary for performance of a contract for account holders]
• Personalising content — showing buying guides relevant to your industry, suggesting comparisons related to a tool you have read about. [Legitimate interest]
• Sending newsletters and editorial updates — only if you opt in. Every email contains an unsubscribe link. [Consent]
• Connecting you with vendors — if you fill in a "Get a quote" or "Find the right tool" form, we forward the information you specifically authorise to the vendor(s) you select. We never share lead data without an unambiguous opt-in checkbox. [Consent]
• Improving our content and product — analytics on which pages help readers and which fall flat. We anonymise and aggregate where possible. [Legitimate interest]
• Advertising attribution — measuring which marketing channels bring useful readers, and (with consent) showing relevant ads on third-party platforms. [Consent for non-essential ad cookies; legitimate interest for first-party measurement]
• Responding to you — when you email us, leave a comment, or report an issue. [Legitimate interest; performance of a contract]
• Legal and compliance — meeting tax, accounting, and regulatory obligations, and defending our rights. [Legal obligation; legitimate interest]

We do not use personal information for automated decision-making that produces legal or similarly significant effects on you. We do not use your data to train large language models.

4. Cookies and similar tracking technologies

Cookies are small text files placed on your device when you visit a website. Similar technologies include local storage, session storage, pixels, web beacons, and SDKs. We use four categories:

4.1 Strictly necessary cookies

Required for the Site to work — for example, remembering your cookie-consent choice, securing forms against CSRF, and load-balancing. These do not require consent and cannot be disabled through the cookie banner.

4.2 Functional cookies

Remember preferences such as your country, language, and which vendors you added to a comparison. These improve the experience but are not strictly required.

4.3 Analytics cookies

We use Google Analytics 4 with IP anonymisation enabled. Analytics cookies tell us which pages are read, how readers arrive at the Site, and where they leave. In jurisdictions that require it (the EU, UK, and similar), analytics cookies only fire after you give consent through the cookie banner.

4.4 Advertising and affiliate cookies

If you consent, we (and our partners) place cookies that:

• Attribute affiliate commissions correctly when you click a "Visit vendor" link;
• Measure ad performance on platforms such as Google Ads and LinkedIn Ads;
• Allow our advertising partners to show you relevant ads on other websites (frequency-capped retargeting).

You can withdraw advertising-cookie consent at any time via the "Cookie preferences" link in our footer. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4.5 Do Not Track and Global Privacy Control

We treat the Global Privacy Control (GPC) signal sent by your browser as a valid request to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising in jurisdictions that recognise it (including California). Browser "Do Not Track" signals are not standardised, and we currently do not respond to them; we rely on the cookie banner and GPC instead.

5. How we share information

We share personal information only in the limited circumstances set out below. We do not sell personal information for money.

5.1 Service providers (data processors)

We engage trusted third parties to perform functions on our behalf — including web hosting (Cloudflare, Kinsta), email delivery (SendGrid, Postmark), analytics (Google Analytics), customer-support tooling, and payment processing (Stripe). These providers may only process your data on our documented instructions, are bound by written data-processing agreements, and may not use your data for their own purposes.

5.2 Vendors you choose to contact

If you complete a "Get a quote", "Demo request", or "Find the right tool" form on the Site and tick the consent box, the information you submit is forwarded to the specific vendor(s) you select. The vendor then becomes an independent controller of that data, and their own privacy policy governs what they do with it.

We will never forward your contact details to a vendor unless you have made an unambiguous, per-vendor choice to be contacted. We do not sell or barter contact lists with vendors outside of these explicit lead-gen interactions.

5.3 Affiliate networks

When you click an affiliate "Visit Tool" button, the destination URL contains a tracking parameter that identifies the click as having come from GetOmnichannel. The affiliate network may set its own cookies on the destination domain. We do not pass your name, email, or other identity data through affiliate links.

5.4 Advertising partners

If you have consented to advertising cookies, ad platforms (Google, LinkedIn, Meta) may collect identifiers that allow us to measure campaign performance and show retargeting ads. These partners act as joint or independent controllers depending on the platform. You can withdraw consent at any time.

5.5 Corporate transactions

If GetOmnichannel is involved in a merger, acquisition, financing, reorganisation, or sale of all or part of our assets, personal information may be transferred as part of that transaction. We will notify users by email or a prominent notice on the Site at least 30 days before the transfer takes effect, and any successor entity will be bound by terms no less protective than this Policy.

5.6 Legal disclosures

We may disclose information when we have a good-faith belief that disclosure is necessary to:

• Comply with a legal obligation, court order, or lawful request from public authorities;
• Enforce our Terms of Service or other agreements;
• Detect, prevent, or otherwise address fraud, security, or technical issues;
• Protect the rights, property, or safety of GetOmnichannel, our users, or the public.

5.7 Aggregated and de-identified data

We may share aggregated or de-identified information (which cannot reasonably be used to identify you) for any purpose — for example, "23% of our readers are evaluating Zendesk alternatives in Q2." We commit to not attempting to re-identify such data.

6. How we protect your information

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, loss, misuse, alteration, and disclosure. These include:

• TLS 1.2+ encryption for all data in transit between your browser and our servers;
• Encryption at rest for sensitive datasets stored in our infrastructure;
• Role-based access controls; only personnel who need access to your data for a specific purpose receive it;
• Web application firewall, bot-management, and DDoS mitigation through our hosting providers;
• Regular security reviews and patching cadence;
• Written confidentiality and data-processing agreements with all sub-processors.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. If we become aware of a personal-data breach affecting your data, we will notify the relevant supervisory authority and, where required, you, in accordance with applicable law and within the timelines prescribed (typically 72 hours under GDPR).

7. International data transfers

GetOmnichannel is headquartered in the United States and operates globally. Personal information we collect may be transferred to, stored in, and processed in the United States, the European Union, the United Kingdom, and other countries where our service providers operate.

Where we transfer personal data from the EEA, UK, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on:

• The European Commission's Standard Contractual Clauses (SCCs) — module 2 (controller to processor) or module 3 (processor to processor);
• The UK International Data Transfer Agreement or the UK Addendum to the SCCs;
• The EU–US Data Privacy Framework where the recipient is certified under it;
• Supplementary measures (encryption, pseudonymisation, access controls) where the transfer-impact assessment indicates they are needed.

You may request a copy of the safeguards we use by contacting us at [email protected]. We may redact or summarise commercially sensitive parts.

8. Data retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The table below sets out our standard retention periods.

When the retention period expires, we either delete the data or irreversibly anonymise it so that it can no longer be associated with you.

9. Your privacy rights — GDPR & UK GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights set out in this section. The data controller responsible for your personal information is GetOmnichannel, contactable at the address in section 14.

9.1 Legal bases we rely on

• Consent — for marketing emails, non-essential cookies, and lead-share with vendors;
• Performance of a contract — for account features and paid advertiser services;
• Legitimate interests — for site analytics, fraud prevention, security, and editorial operations, where those interests are not overridden by your fundamental rights;
• Legal obligation — for tax, accounting, and regulatory disclosures;
• Vital interests — only in rare emergencies involving someone's safety.

9.2 Your rights

You have the right to:

• Access — request a copy of the personal data we hold about you;
• Rectification — ask us to correct inaccurate or incomplete data;
• Erasure ("right to be forgotten") — ask us to delete your data, subject to limited legal exceptions;
• Restriction of processing — ask us to pause processing while a dispute is resolved;
• Data portability — receive your data in a structured, commonly used, machine-readable format;
• Object — object to processing based on legitimate interests, including direct marketing;
• Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal;
• Lodge a complaint — with your local supervisory authority. A list of EU authorities is at edpb.europa.eu; in the UK, the ICO at ico.org.uk.

9.3 How to exercise your rights

Email us at [email protected] with the subject line "Data Subject Request" and tell us which right you want to exercise. We will respond within 30 days of receiving a verifiable request (extendable by a further 60 days for complex requests, with notice). We may need to verify your identity before fulfilling certain requests — typically by asking you to confirm an email address we already hold.

10. California residents — CCPA / CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").

10.1 Categories of personal information we collect

In the past 12 months, we have collected the following statutory categories: identifiers (name, email, IP address); commercial information (advertiser purchase history); internet/network activity (pages viewed, clicks); geolocation (city-level only); professional or employment information (job title, company); and inferences drawn from the above (e.g. "evaluating helpdesk software").

10.2 Sale and sharing

We do not sell personal information for monetary value. However, our use of advertising cookies for cross-context behavioural advertising may qualify as "sharing" under the CCPA. You have the right to opt out of this sharing at any time using the "Do Not Sell or Share My Personal Information" link in the footer, or by enabling the Global Privacy Control signal in your browser.

10.3 Your CCPA rights

• Right to know — what personal information we have collected, its sources, the purposes, and the categories of third parties with whom we have shared it;
• Right to delete — request deletion of personal information we have collected from you;
• Right to correct — request correction of inaccurate personal information;
• Right to opt out of the sale or sharing of personal information;
• Right to limit the use and disclosure of sensitive personal information (we do not currently use sensitive personal information for purposes that would trigger this right);
• Right to non-discrimination for exercising any CCPA right.

To submit a request, email [email protected] or use our privacy request form. You may also designate an authorised agent to submit a request on your behalf, in which case we will require written proof of authorisation.

10.4 Shine the Light (California Civil Code §1798.83)

California residents may request information about our disclosure of personal information to third parties for those parties' direct-marketing purposes. We do not disclose personal information to third parties for their own direct-marketing purposes. To make such a request, contact us at [email protected].

11. Other US state privacy rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights similar to those described above — including the rights to access, correct, delete, and opt out of targeted advertising and certain "sales" of personal data. We honour all such requests through the same channel: [email protected].

Nevada residents have the right under SB 220 to opt out of the sale of certain covered information. We do not sell covered information as defined by Nevada law, but you may submit an opt-out request to the same email address.

If you are unhappy with our response to a state privacy request, you may appeal by replying to our response email with the word "appeal" in the subject line. We will review the appeal within 60 days. You may also contact your state Attorney General if you remain dissatisfied.

12. Children's privacy — COPPA

The Site is intended for business buyers and is not directed to children. We do not knowingly collect personal information from children under 16 years of age. If we learn that we have inadvertently collected personal information from a child under 16, we will delete it as quickly as practicable.

If you believe a child under 16 has provided us with personal information, please contact [email protected] and we will take prompt action to investigate and remove it.

13. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page;
• Post a prominent notice on the Site for at least 30 days; and
• Where required by law and where we hold your email, send a notification to your inbox.

Your continued use of the Site after the effective date of any update constitutes acceptance of the revised Policy. If you do not agree with the changes, please discontinue use of the Site and contact us to delete any data we hold about you.

14. Contact us & complaints

If you have questions about this Policy, want to exercise a right, or wish to submit a complaint, please use the channels below. We aim to respond to every request within 30 days; complex requests may take up to 90 days, and we will tell you if we need the extension.

If you are an EEA, UK, or Swiss resident and you remain dissatisfied with our response, you have the right to lodge a complaint with your local data-protection supervisory authority. We would, however, appreciate the chance to address your concerns first.

This Policy was last reviewed by independent privacy counsel on April 25, 2026. It supersedes all prior versions. Earlier versions are available on request. Plain-English summaries on this page are explanatory only — the substantive text governs in case of conflict.