How do you define 'tested users'?

A tested user is any visitor included in any experiment (A/B Testing, Personalization, or Survey) and visible in the reporting area. For example, if 500 users see the control page and 500 see the variation page in an A/B test, you consume 1,000 tested users.

Can the Omniconvert code be installed using Google Tag Manager?

Yes, you can install our code using GTM. However, this may slow down code deployment, causing issues like screen flickering during A/B tests or delayed triggering for popups.

Can Omniconvert be used for any type of website?

Omniconvert works for most self-hosted websites, including custom-coded sites, CMS platforms (e.g., WordPress, Joomla, Drupal), and eCommerce platforms (e.g., Shopify, Magento, BigCommerce). The main requirement is access to the source code to paste in Omniconvert's code.

Nexus Insights — Product Privacy Notice

Effective Date: February 25, 2026
Version: 1.0
Data Controller: Omniconvert SRL, 14 Vasile Stroescu Street, Bucharest 021374, Romania
Contact: privacy@omniconvert.com

This notice supplements the main Omniconvert Privacy Policy. It describes how Nexus Insights ("Nexus", "the Service") specifically processes data from your connected analytics integrations. Where this notice is silent, the main Omniconvert Privacy Policy applies.

1. What Is Nexus Insights?

Nexus Insights is an AI-powered analytics intelligence product that connects to your existing analytics platforms (e.g., Google Analytics 4, Omniconvert Reveal, ad platforms), detects anomalies and patterns across those sources, and generates actionable insights and A/B test hypotheses.

Nexus is a business-to-business (B2B) service. We process data on behalf of businesses (agencies, e-commerce brands) and do not directly collect data from their end customers. All data described in this notice belongs to you, the subscribing business.

2. Data We Access from Your Integrations

When you connect an integration to Nexus, we access only the data necessary to detect anomalies and generate insights. We never use your data to train our AI models or share it with third parties for their own purposes.

2.1 Google Analytics 4 (GA4)

Data accessed (legal basis: contract performance):

Traffic metrics — sessions, users, pageviews, bounce rate, engagement rate
Conversion data — conversion rates, funnel steps, goal completions, eCommerce transactions
Revenue data — revenue, average order value, transaction volume
Audience data — device type, channel, geographic region (country/region level only), new vs. returning
Product performance — product views, add-to-cart rate, product revenue
Site speed — Core Web Vitals, LCP, CLS, FID

We do NOT access: Individual user identifiers, IP addresses, precise geographic coordinates, or personally identifiable visitor data.

Google API Services Disclosure: Nexus uses Google Analytics Data API to access your GA4 property data. Your use of this integration is subject to Google's Terms of Service. Nexus's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use GA4 data only to operate Nexus (anomaly detection, insight generation, correlation analysis).
We do not sell or use GA4 data for advertising.
We do not allow humans to read your GA4 data unless you explicitly request support or it is required for security/legal obligations, and only after obtaining your consent.
You can revoke Nexus's access to your GA4 property at any time via your Google Account permissions page.

Retention: GA4 query results used for analysis are not stored raw. Only derived insights (anomaly descriptions, scores, recommendations) are stored in Nexus. When you disconnect your GA4 integration, no further data is queried. Historical insights remain available until you delete them.

2.2 Omniconvert Reveal

Data accessed (legal basis: contract performance):

Customer segments — RFM segment distribution (Champions, Loyal, At Risk, etc.) — aggregate counts only
Lifetime value — average CLV per segment, CLV trends
Purchase behavior — purchase frequency, recency distributions, repeat purchase rates (aggregated)
Retention metrics — churn indicators, segment migration rates
NPS data — NPS score, promoter/detractor ratios (aggregate)

We do NOT access: Individual customer email addresses, names, order histories, or any data that identifies specific end-customers.

Retention: Aggregated segment metrics used in analysis are not stored raw. Only derived insights are retained. On integration disconnect, no further data is queried.

2.3 CROBenchmark

Data accessed (legal basis: contract performance):

Audit scores — overall CRO score, category scores
Criteria status — pass/fail/partial status per audit criterion
Industry benchmarks — anonymous industry median metrics for comparison

Retention: Audit scores are stored to enable trend analysis and recurring opportunity detection. Data is deleted within 30 days of integration disconnect.

2.4 BrandFeel.ai

Data accessed (legal basis: contract performance):

Sentiment scores — overall sentiment score, sentiment trends
Topic analysis — aggregated review topics and theme distributions
Issue tracking — reported issue types and frequencies

We do NOT access: Individual review text, reviewer names, or any data that identifies specific reviewers.

Retention: Aggregated sentiment metrics are not stored raw. Only derived insights are retained.

2.5 Meta Ads (Ad Intelligence Module)

Own advertising data via Meta Marketing API (legal basis: contract performance):

Ad performance — CTR, CPA, ROAS, impressions, spend, conversions
Creative data — your own ad creative (images, video, copy) for performance correlation
Campaign structure — campaign names, ad set configurations

Competitor ad data via Meta Ad Library — public data (legal basis: legitimate interests):

Public competitor ads — ad creative, messaging, duration active, impression range (publicly disclosed by Meta)

This data is publicly available in Meta's Ad Library and is accessed programmatically to inform your ad intelligence briefs. We only collect ads for competitors you explicitly specify.

2.6 Google Ads (Ad Intelligence Module)

Own advertising data via Google Ads API (legal basis: contract performance):

Ad performance — CTR, CPA, ROAS, quality score, spend, conversions
Creative data — your own ad copy, extensions, responsive search ad assets

Competitor ad data via DataForSEO API — public data (legal basis: legitimate interests):

Public competitor search ads — visible ad copy from public search results

2.7 TikTok Ads (Ad Intelligence Module)

Own advertising data via TikTok Marketing API (legal basis: contract performance):

Ad performance — CTR, CPA, ROAS, video play rate, spend, conversions
Creative data — your own video ad thumbnails and copy

Competitor/trending ad data via TikTok Creative Center — public data (legal basis: legitimate interests):

Public trending ads — top-performing ad patterns publicly featured by TikTok

2.8 Gorgias (Ad Intelligence Module)

Data accessed (legal basis: contract performance):

Support ticket themes — categories of customer issues, topic frequencies (extracted by AI — see §3)
CSAT scores — customer satisfaction scores (aggregate)

PII in Support Tickets: Gorgias tickets may contain customer names, email addresses, and order details. Before any ticket content is processed by our AI or stored, it is automatically anonymized: customer names, email addresses, order numbers, phone numbers, and other direct identifiers are replaced with generic placeholders using pattern detection. Only anonymized, thematic content is processed and stored.

Retention: Anonymized extracted themes are retained for up to 90 days to enable trend analysis. Raw ticket content is never stored by Nexus.

3. How Artificial Intelligence Processes Your Data

Nexus uses a multi-agent AI system (built on LangGraph) to analyze your connected data and generate insights. Here is exactly how AI is used:

3.1 What AI Does

Detects statistically significant anomalies in your metrics
Correlates patterns across multiple data sources
Generates natural-language descriptions of insights (headlines, summaries, root cause analyses)
Creates A/B test hypotheses and recommendations
Decomposes ad creatives into structured components (hook, body, offer, CTA) for the Ad Intelligence module
Synthesizes competitive intelligence from your ad data and competitor public ads

3.2 Anonymization Before AI Processing

Before any data is sent to an external AI model, it is anonymized. Specifically:

Customer names, email addresses, phone numbers, and order IDs are removed from support ticket data
Individual user identifiers are not included in AI prompts
Prompts contain only aggregated metrics, percentages, and anonymized thematic content

External AI providers used to process your anonymized data:

Anthropic (Claude) — text insight generation, ad copy analysis, brief creation; receives anonymized metrics, ad copy text, thematic summaries
Google (Gemini) — video ad analysis; receives anonymized video content for structural analysis
OpenAI — ad image generation, ad copy generation; receives brief specifications and style directives (no customer data)
fal.ai (Flux, Kling) — image and video generation; receives creative briefs (no customer data)
Runway ML — video generation; receives creative briefs (no customer data)

3.3 No AI Training on Your Data

Your data is never used to train AI models — neither by Omniconvert nor by our AI sub-processors. All AI sub-processor contracts include explicit prohibitions on using customer data for model training.

3.4 No Automated Decisions with Legal Effects

Nexus does not make automated decisions that produce legal effects or similarly significant impacts on any individual. All AI-generated insights are recommendations for your review and action.

4. Sub-Processors

We use the following sub-processors to deliver the Nexus service. All sub-processors have been assessed for GDPR compliance and have signed Data Processing Agreements with Omniconvert.

Anthropic, PBC (USA) — LLM inference (insight generation, ad analysis) — Privacy Policy
Google LLC (USA) — Gemini LLM inference (video analysis) — Google DPA
OpenAI, LLC (USA) — GPT image generation, ad copy generation — Privacy Policy
fal.ai (USA) — Flux image generation, Kling video generation — fal.ai DPA
Runway AI, Inc. (USA) — Runway ML video generation — Privacy Policy
DigitalOcean, LLC (EU) — cloud infrastructure, database hosting (PostgreSQL) — DigitalOcean DPA
Amazon Web Services (EU) — S3 object storage for generated ad creative assets — AWS DPA

International Transfers: AI sub-processors are based in the USA. Data transfers to these processors are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, which provide equivalent protection to EU data protection law.

Sub-Processor Changes: We will notify you at least 30 days before adding or replacing any sub-processor that processes your data. You may object within this period; if the objection cannot be resolved, you may terminate your Nexus subscription.

5. Agency Multi-Property Model

If you use Nexus as an agency managing multiple client properties:

Data isolation: Each client property's data is strictly isolated. Users assigned to Property A cannot access data from Property B, even within the same agency account.
Access control: You control which team members can access each property.
Client responsibility: As an agency, you are responsible for having a lawful basis to connect your clients' analytics accounts to Nexus and for informing your clients about this processing.
Property deletion: When you remove a property from Nexus, all derived insights for that property are deleted within 30 days. No further data from that property is queried.

6. Data Retention

AI-generated insights and recommendations — until you delete them, or 12 months after last activity on the property
Analysis run metadata (no raw data) — 90 days
Ad intelligence briefs — until you delete them, or 12 months after generation
Gorgias anonymized ticket themes — 90 days
HITL review queue entries — 30 days after resolution
Insight feedback (your own feedback) — 24 months
Integration credentials (encrypted) — until you disconnect the integration

On Account Termination: All data associated with your Nexus account is deleted within 30 days of account closure, except where retention is required by law.

7. Security

Encryption at rest — all stored data is encrypted using AES-256
Encryption in transit — all API communication uses TLS 1.2 or higher
Credential security — integration API keys and OAuth tokens are stored encrypted using pgcrypto; keys are never logged
Access control — role-based access with property-level isolation
Anonymization — PII in support ticket data is automatically stripped before AI processing and storage
ISO 27001 — Omniconvert is ISO 27001 certified
Audit logging — all access to integration credentials and data is logged

8. Your Rights

As a subscriber (data controller for your own analytics data), you have the following rights regarding the data Nexus processes on your behalf:

Access — view all insights and data in your Nexus dashboard at any time
Deletion — delete individual insights via the dashboard, or request full account deletion by emailing privacy@omniconvert.com
Portability — export your insights as CSV or PDF from the dashboard
Disconnection — disconnect any integration at any time from Settings → Integrations
Correction — update your account information via Settings
Objection — if you object to a processing activity, contact privacy@omniconvert.com; we will assess and respond within 30 days

9. Contact

Data Controller: Omniconvert SRL 14 Vasile Stroescu Street Bucharest 021374, Romania Email: privacy@omniconvert.com General: contact@omniconvert.com

For data protection inquiries related to Nexus: privacy@omniconvert.com

10. Changes to This Notice

We will notify you via email and in-app notification at least 14 days before making material changes to this privacy notice. The current version is always available at https://www.omniconvert.com/privacy-policy-nexus/.