Privacy Policy

1. Who We Are

This Privacy Policy explains how OH MY GOSH VENTURES LLC (“OMG Institute,” “we,” “us,” or “our”) collects, uses, and protects your personal information when you use our services, including the website omgplatform.comand any subdomains, the OMG Institute mobile application (the “VIP App”), the OMG Institute Scholarship Program, the OMG Institute VIP Program, and email, SMS, and other communications from us.

Legal entity:

• OH MY GOSH VENTURES LLC, a Florida limited liability company
• Registered office: 4700 Millennia Blvd, Suite 175, Orlando, FL 32839, USA
• Mailing address: 3206 NE 2nd Ave #1070, Miami, FL 33137, USA
• Contact: support@omgplatform.com

By using our services, you agree to the practices described in this Privacy Policy.

2. Information We Collect

A. Information you provide to us

• Account & application data: full legal name, email address, phone number, date of birth, mailing address, country, payment details (processed by Stripe — we do NOT store card numbers).
• Scholarship application data: application essays, polaroid photographs, age, modeling experience, parent/guardian information (if you are under 18).
• Parental consent data (for minors): parent/guardian full name, address, relationship to minor, phone number, email address, electronic signature.
• Identity verification data: government-issued ID information when required (e.g., minor consent flow).
• Image & likeness assets: photographs, video recordings, and audio recordings from coaching sessions, runway events, and program activities.
• Communications: emails, support tickets, chat messages, voicemails, and SMS messages you send to us.
• Survey & feedback responses: answers to surveys, course feedback, testimonials.

B. Information we collect automatically

• Device & log data: IP address, browser type, operating system, device identifiers, time zone, language, referring URLs, pages visited, click activity.
• App usage data (VIP App): features used, lesson progress, time spent, in-app actions, crash logs.
• Cookies and similar technologies — see Section 10.

C. Information from third parties

• Payment processor (Stripe): transaction status, billing address, last 4 digits of card, payment method type, dispute/chargeback status.
• Social platforms: if you contact us via Instagram, Facebook, or other channels, we receive whatever information the platform shares (display name, profile photo).
• Marketing platforms (Brevo): email engagement data (opens, clicks, bounces, unsubscribes).
• Lead-form provider (Fillout): information you submit through our free Starter Kit form.

3. How We Use Your Information

We use your information to:

1. Provide our services — process applications, deliver coaching, run the VIP App, host runway events.
2. Process payments — bill recurring VIP subscriptions, refund eligible amounts.
3. Communicate with you — send transactional emails (receipts, course access, pre-renewal reminders), respond to support requests, send marketing emails (if you opted in).
4. Personalize the experience — recommend lessons, tailor in-app content, adapt mentoring focus.
5. Marketing and promotion — feature accepted Scholarship recipients and consenting VIP members in marketing materials, subject to a separate Image & Likeness Release.
6. Improve our services — analyze usage patterns, debug, run A/B tests, evaluate course effectiveness.
7. Protect our business — detect fraud, prevent chargebacks, enforce our Terms, respond to legal requests.
8. Comply with legal obligations — tax reporting, consumer protection laws, recordkeeping.

4. Legal Basis for Processing (GDPR — EU/EEA/UK Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) requires us to identify a legal basis for each use of your data.

You may withdraw consent at any time by emailing support@omgplatform.com.

5. Who We Share Your Data With

We share your information only with the following categories of recipients.

Service Providers (Processors)

Other Recipients

• Legal & regulatory: law enforcement, courts, tax authorities — only when legally required.
• Business transfers: a successor in interest, acquirer, or assignee in connection with a merger, acquisition, financing, or sale of assets.
• Professional advisors: our attorneys, accountants, and auditors, under confidentiality.

We do NOT sell your personal information as defined under the California Consumer Privacy Act (CCPA) or any state privacy law. We do NOT share your personal information for cross-context behavioral advertising beyond the Meta Pixel disclosure above (with consent for EU/EEA users).

6. International Data Transfers

OH MY GOSH VENTURES LLC is based in the United States. If you access our services from outside the USA, your information is transferred to and processed in the USA. The USA may not have data protection laws equivalent to your home country.

For EU/EEA/UK/Swiss residents, we transfer data to the USA under Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) with our processors, or other safeguards recognized under GDPR. You may request a copy of our SCCs by emailing support@omgplatform.com.

7. How Long We Keep Your Data

After the applicable period, we delete or anonymize the data, except where retention is required by law.

8. Your Privacy Rights

A. GDPR Rights (EU/EEA/UK/Switzerland Residents)

You have the right to:

• Access — request a copy of your personal data (Art. 15)
• Rectification — correct inaccurate or incomplete data (Art. 16)
• Erasure — request deletion of your data (“right to be forgotten”) (Art. 17), subject to exceptions
• Restriction — limit how we process your data (Art. 18)
• Portability — receive your data in a machine-readable format (Art. 20)
• Objection — object to processing based on legitimate interest or direct marketing (Art. 21)
• Withdraw consent — for any processing based on consent (Art. 7(3))
• Lodge a complaint with your local Data Protection Authority

B. CCPA / CPRA Rights (California Residents)

• Know what categories of personal information we collect, sources, purposes, and recipients (Cal. Civ. Code § 1798.110)
• Access the specific pieces of personal information we hold about you (§ 1798.130)
• Delete your personal information (§ 1798.105)
• Correct inaccurate personal information (§ 1798.106)
• Opt out of sale or sharing of personal information — we do not sell or share (§ 1798.120)
• Limit use of sensitive personal information (§ 1798.121)
• Non-discrimination — we will not retaliate against you for exercising your rights (§ 1798.125)

C. Other State Laws

If you are a resident of Virginia, Colorado, Connecticut, Texas, Utah, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, or another state with comprehensive privacy law, you have rights similar to those above under your state's statute.

D. How to Exercise Your Rights

Email support@omgplatform.com with the subject line “Privacy Request” and tell us which right you wish to exercise. We will:

1. Acknowledge your request within 5 business days
2. Verify your identity (we may ask for additional information)
3. Respond within 30 days (GDPR) or 45 days (CCPA), with one possible 45-day extension if reasonably necessary

If we deny your request, we will explain why and how to appeal. You may also authorize an agent to make a request on your behalf; the agent must provide written authorization, and we may require you to verify your identity directly.

9. Children's Privacy

The OMG Institute Scholarship Program and VIP Program are open to applicants 15 years of age or older. We do not knowingly collect personal information from children under 13 (under COPPA). If an applicant between 15 and 17 applies, we collect parental consent through our consent flow at omgplatform.com/contractagreement.

If you believe a child under 13 has provided us personal information, please contact support@omgplatform.com and we will delete it promptly. For applicants under 18, additional protections apply under California's “eraser law” (Cal. Bus. & Prof. Code § 22581) — minors may request removal of content they posted.

10. Cookies and Similar Technologies

EU/EEA residents: non-essential cookies are loaded only after you opt in via our cookie consent banner. California residents: you can opt out of “sale or share” via our cookie banner. You can also manage cookies through your browser settings or via the global “Do Not Track” signal where supported. For California residents, we treat the Global Privacy Control (GPC) signal as a valid opt-out request under CCPA/CPRA.

11. Marketing Communications

Email

We send marketing emails (program updates, new courses, special offers) only to users who opt in via double opt-in (you submit your email and confirm via a link in a verification email). You can unsubscribe at any time by clicking “Unsubscribe” in any marketing email or by emailing support@omgplatform.com. We will honor unsubscribe requests within 10 business days (CAN-SPAM Act).

SMS

We currently do not collect phone numbers for SMS marketing. If we begin SMS marketing in the future, we will require express written consent at sign-up (TCPA-compliant separate checkbox) and provide a STOP keyword for opt-out.

Transactional Communications

Receipts, parental consent confirmations, account notices, payment reminders, and service updates are not marketing — they are required for service delivery and cannot be opted out of while you have an active account.

12. Data Security

We protect your information using:

• Encryption in transit (TLS 1.3 for all web traffic)
• Encryption at rest for database records (Supabase native encryption)
• Access controls — least-privilege role-based access for our team
• Two-factor authentication for all admin accounts
• Vendor due diligence — DPAs with all processors
• Regular security reviews — code review for sensitive endpoints

No security measure is 100% effective. If you suspect unauthorized access to your account, email support@omgplatform.com immediately.

13. Data Breach Notification

If we experience a personal data breach that is likely to result in a risk to your rights, we will notify you and the relevant supervisory authority:

• GDPR (EU/EEA): within 72 hours of becoming aware (Art. 33)
• State laws (USA): per applicable state breach notification statute (typically 30–60 days)
• California: in a manner consistent with Cal. Civ. Code § 1798.82

14. Automated Decision-Making and AI

We use Anthropic Claude (AI) within our VIP App to provide content recommendations, lesson personalization, and feedback automation. The AI does not make consequential decisions about your application or program eligibility — those are made by humans.

Personal identifiers (your name, email, date of birth) are not transmitted to Anthropic. Only anonymized prompt context is sent. For Scholarship application evaluation, polaroid photo review is performed by a combination of AI-assisted screening (Anthropic Vision) and human review by OMG Institute leadership. The final acceptance decision is made by a human.

You may request human review of any automated assessment by emailing support@omgplatform.com.

15. Third-Party Links and Services

Our website and app may contain links to third-party websites or integrations (e.g., Instagram, YouTube, Stripe checkout). This Privacy Policy does not apply to those sites or services. We encourage you to review their privacy policies.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced by:

• Email to your account address (if you have an account)
• Banner notice on omgplatform.com
• Updated “Last Updated” date at the top

Continued use of our services after a material change constitutes acceptance of the updated policy.

17. Contact Us

For any privacy-related question, request, or complaint:

Email: support@omgplatform.com (subject: “Privacy Request”)

Mailing addresses:

• Registered office: OH MY GOSH VENTURES LLC, 4700 Millennia Blvd, Suite 175, Orlando, FL 32839, USA
• Customer correspondence: OH MY GOSH VENTURES LLC, 3206 NE 2nd Ave #1070, Miami, FL 33137, USA

EU residents — you also have the right to lodge a complaint with your local Data Protection Authority.

California residents — you may contact the California Attorney General at oag.ca.gov.