Privacy Policy
Last updated: June 4, 2025
Introduction
This Privacy Policy explains how Clssfd, Inc. ("OMGBaby," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website, mobile applications, and related services.
This Policy applies to all users of OMGBaby services and should be read in conjunction with our Terms of Service. For general legal matters including liability, dispute resolution, and other contractual terms, please refer to our Terms of Service.
By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
1. Who We Are
Clssfd, Inc. ("OMGBaby," "we," "us," or "our") is a Delaware corporation. Our business address is 251 Little Falls Dr, Wilmington, DE 19808. You can reach us at hi@omg.baby.
2. Information We Collect
| Category | Examples | Source | GDPR Basis* |
|---|---|---|---|
| Account Data | Parent name, email, Google profile picture | Google OAuth | Consent |
| Kid Data (minimal) | Child's name (entered by parent) | User | Consent / contract |
| Gmail Purchase Data | Sender, subject, item name, price, image URLs, order ID | Gmail API (read‑only) | Consent |
| Uploaded Photos | One child photo for Power Card | User | Consent |
| User‑Generated Content | Reviews, comments, ratings | User | Consent |
| Generated Assets | Power Card image, Virtual Stash metadata | Derived | Legitimate interest |
| Payment Meta | Stripe customer ID, billing information, status | Stripe | Contract |
| Usage Data | IP, device ID, cookies, page views, events | Automatic / cookies | Legitimate interest |
| Marketing Prefs | Opt‑in at sign‑up; unsubscribe any time | User | Consent |
*GDPR legal bases apply to EU/UK users.
3. How We Use Information
- Provide the Service (generate Power Card, build Virtual Stash, display recommendations).
- Process payments via Stripe (we never store full card numbers).
- Improve & secure the Service (analytics, debugging, fraud prevention).
- Send you service-related communications and updates about your account.
5. Third-Party Services
Our Site may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party sites you visit.
6. Google API Services — Limited Use
Our use of Gmail data complies with the Google API Services Data Policy ("Limited Use"). We access purchase‑receipt messages only to create user‑facing features and never share Gmail data except as aggregated insights. Revoke access anytime at Google Account › Security › Third‑party access.
8. Data Retention & Deletion
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data type | Retention |
|---|---|
| Personal data (e.g. Google account data, raw Gmail messages, parsed purchase data, photos, generated assets, reviews, friends, etc.) | Kept while account is active and 12 mo after deletion |
| Payment records | 7 yrs (tax & accounting) |
Delete account by emailing hi@omg.baby. We erase personal data and instruct processors to do the same (subject to legal holds).
9. Data Security
We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards to protect it from unauthorized access, use, alteration, or disclosure. Our security measures include but are not limited to:
- Encryption: We use industry-standard encryption protocols including AES‑256 for data at rest and TLS 1.2+ for data in transit over the internet.
- Access Controls: Access to personal information is restricted to authorized personnel who require it for their job functions, subject to strict least‑privilege access controls.
- Data Storage: Personal information is stored on secure servers with firewalls and intrusion detection systems.
- Regular Security Assessments: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
- Employee Training: Our staff receives regular training on data privacy and security best practices.
- Secure Payment Processing: Payment transactions are processed through PCI DSS Level 1 compliant service providers like Stripe.
- Incident Response Plan: We have an incident response plan in place to address potential data breaches promptly and effectively.
- Physical Security: Our facilities are secured with access controls and monitoring to prevent unauthorized physical access.
Your Responsibility
While we take significant steps to safeguard your personal information, no system is completely secure. You also play a crucial role in protecting your information by maintaining the confidentiality of your account credentials and using secure networks.
Data Breach Notification
In the event of a data breach that compromises your personal information, we will notify you and the appropriate authorities in accordance with applicable laws and regulations.
However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
10. Your Privacy Rights
GDPR and CCPA Compliance
OMGBaby is committed to protecting your personal data and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Your Rights
Depending on your location, you may have certain rights regarding your personal data, including:
- The right to access your personal data
- The right to rectify inaccurate personal data
- The right to erasure ('right to be forgotten')
- The right to restrict processing of your personal data
- The right to data portability
- The right to object to processing of your personal data
- The right to withdraw consent at any time
- The right to lodge a complaint with a supervisory authority
Exercising Your Rights
To exercise these rights or for any questions about our data practices, please contact us at hi@omg.baby.
Data Processing
We process personal data only on lawful bases as outlined in this Privacy Policy. We retain personal data only for as long as necessary to provide our services or as required by law.
International Data Transfers
Your information may be transferred to, and maintained on, servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If we transfer your personal data outside of the European Economic Area (EEA) or California, we ensure appropriate safeguards are in place to protect your data. By using our Services, you consent to any such transfer.
Do Not Sell My Personal Information
California residents have the right to opt-out of the sale of their personal information. We do not sell personal information as defined by the CCPA.
11. Children's Privacy
The Service is for adults (18+). We do not knowingly collect data directly from children under 13.
12. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, without regard to conflict of law principles. For data protection matters involving EU residents, applicable GDPR provisions will take precedence where they provide greater protection.
For general legal matters including dispute resolution, please refer to our Terms of Service.
13. Changes to This Policy
We'll post updates here and email/in‑app notify 7 days before material changes take effect.
14. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: hi@omg.baby
Address: Clssfd, Inc., 251 Little Falls Dr, Wilmington, DE 19808
We will respond to privacy-related inquiries within 30 days of receipt.