Skip to content

← Back to OmniLink

OmniLink Privacy Policy

Last updated: May 25, 2026 Status: DRAFT for review by qualified legal counsel — not legal advice. Bracketed items (e.g., [legal entity], [address], cneira@interfaceomnilink.com, https://www.interfaceomnilink.com) are placeholders to confirm before publication.

Interface OmniLink IP, LLC (“OmniLink,” “we,” “us”) provides AI‑assisted, real‑time language interpretation for phone and in‑person sessions across healthcare, legal, staffing, and manufacturing settings. We take privacy seriously, especially because our service processes sensitive spoken communications. This Privacy Policy explains what we collect, how we use and share it, how long we keep it, and the choices and rights you have. This policy covers the United States; international terms are not addressed here.

1. Who we are and our role

OmniLink delivers interpretation as a service to organizations (our “Customers” — e.g., a clinic, law firm, staffing agency, or manufacturer) and their authorized users (providers, staff) and session participants.

  • For session content created on behalf of a Customer, the Customer is the data controller (and, in healthcare, the HIPAA covered entity), and OmniLink acts as the service provider / processor (and, where applicable, a HIPAA business associate under a Business Associate Agreement).
  • For our own operations (account administration, security, billing, product analytics), OmniLink acts as a controller for that limited data.

Where OmniLink processes data on a Customer’s behalf, requests from individuals about that data are generally directed to the Customer.

2. Information we collect

Account & profile data. Name, work email, phone, job title/role, workspace/organization, and authentication data for users we provision.

Session content. To provide interpretation we process:

  • Audio of the session (voice of participants), when audio recording is enabled.
  • Transcripts of what is said, and the translations produced.
  • AI‑generated notes/summaries derived from the session.
  • Session metadata — participants, languages, role, timestamps, duration, and consent records.
  • For identity verification (phone), a participant’s stated name and, optionally, date of birth, compared against expected values.

Voice / biometric data. Audio of a person’s voice may constitute a biometric identifier under certain U.S. state laws (e.g., Illinois BIPA, Texas CUBI, Washington). Where audio recording is enabled, we process voice audio solely to deliver, transcribe, and interpret the session. See §6 and §7 for our biometric notice and retention.

Usage, device & log data. IP address, browser/OS, timestamps, and product usage events, used to operate, secure, and improve the service. We do not use advertising trackers.

3. How we use information

We use the information above to:

  • Provide real‑time interpretation (transcribe, translate, and speak), generate notes, and verify caller identity at the Customer’s direction;
  • Deliver the finalized session record to the Customer’s designated storage (see §5);
  • Operate, secure, troubleshoot, and improve the service;
  • Communicate service, security, and administrative messages;
  • Comply with law and enforce our agreements.

We do not sell personal information, and we do not use Customer session content to train our own or third‑party AI models. We contract our AI subprocessors to operate on a no‑training / zero‑data‑retention basis (see §4).

4. AI and third‑party subprocessors

To deliver the service we share the minimum necessary data with vetted subprocessors that act on our instructions under contract:

SubprocessorPurposeData shared
Anthropic (Claude)Translation, note generation, identity verificationTranscript text; stated name/DOB for verification
ElevenLabsSpeech‑to‑text and text‑to‑speechSession audio; text to synthesize
SupabaseApplication database, authentication, storage, functionsAccount and session data
RingCentralTelephony for phone sessionsCall connection data
Customer‑designated storage (e.g., Microsoft SharePoint/OneDrive, Google Drive, Amazon S3)Delivery of the finalized session record to the Customer’s own systemThe session bundle (note, transcript, audio, metadata)

We require subprocessors handling Customer content to commit to confidentiality, no model training on Customer content, and zero/limited retention. A current subprocessor list is available at https://www.interfaceomnilink.com/subprocessors. In healthcare, subprocessors that handle protected health information do so under a Business Associate Agreement.

5. Delivery to your organization’s storage, then minimization

When a provider approves and locks a session, OmniLink delivers the finalized record (note PDF, transcript, audio if enabled, and metadata) to the Customer’s own designated storage, which becomes the system of record. After delivery is confirmed, OmniLink purges its copy of the most sensitive artifact — the audio — following the retention rules in §7. If delivery fails, we alert the Customer’s administrator and hold the purge until the issue is resolved, rather than deleting an undelivered record.

6. Voice / biometric notice and choices

Where audio recording is enabled by the Customer:

  • We collect and process voice audio only to record, transcribe, interpret, and deliver the session — not to identify individuals across sessions, and not for advertising.
  • Recording is off unless enabled for the workspace, and is gated on consent captured before the session (see §9).
  • Voice audio is encrypted in transit and at rest and access is limited to the systems and personnel needed to provide the service.
  • Participants and Customers may request access to or deletion of voice data, subject to the retention rules below and the Customer’s own obligations.

7. Data retention and deletion

  • Voice audio (biometric). We retain voice audio only for the duration of the active engagement — i.e., as long as needed to process and deliver the session to the Customer’s storage — and then delete it. After confirmed delivery, the audio is purged (within a short grace window of up to 7 days to allow delivery confirmation and retries). Audio for sessions that are never finalized is purged on the standard retention clock. Audio is not retained beyond what is necessary to provide the service.
  • Transcripts, notes, and metadata. Retained in the Customer’s OmniLink account per the Customer’s configured retention policy and the Customer’s recordkeeping obligations (which, for example in healthcare, may require multi‑year retention).
  • Legal hold. Records subject to a legal hold are exempt from automated deletion until the hold is released.
  • Account closure. On termination, we return and/or delete Customer data per the Customer agreement, except where retention is required by law.

8. How we share information

We share information: with the Customer and the participants entitled to it; with subprocessors as described in §4; to the Customer’s designated storage as described in §5; to comply with law or valid legal process; to protect rights, safety, and security; and in connection with a business transfer (merger, acquisition, or asset sale), subject to this policy.

Capturing and processing a conversation — and recording it where audio is enabled — generally requires the consent of the participants, and many U.S. states require all‑party (two‑party) consent to record. The Customer is responsible for obtaining and documenting the legally required consents before each session. OmniLink provides an in‑product consent step (including recording and AI‑processing notice, and a biometric notice where audio is enabled) to help, but the legal responsibility for consent rests with the Customer.

10. Your rights

Depending on your U.S. state of residence (e.g., California’s CCPA/CPRA, and comparable laws in other states), you may have rights to access, correct, delete, or limit the use of your personal information, and to not be discriminated against for exercising them. Because OmniLink usually processes session data on behalf of a Customer (controller), individuals should direct such requests to the relevant Customer; we will assist the Customer as required. For data where OmniLink is the controller, contact us at cneira@interfaceomnilink.com.

11. Healthcare (HIPAA)

When a Customer uses OmniLink with protected health information, OmniLink acts as a business associate under a Business Associate Agreement and applies the safeguards required by the HIPAA Privacy, Security, and Breach Notification Rules. PHI is handled on a minimum‑necessary basis and is not used for any purpose other than providing the service.

12. Security

We use administrative, technical, and physical safeguards appropriate to the data, including encryption in transit and at rest, access controls and tenant isolation, and audit logging. No system is perfectly secure; in the event of a breach of unsecured personal information, we will notify affected parties and regulators as required by applicable law (including, for PHI, the HIPAA breach‑notification timelines). Learn more at https://www.interfaceomnilink.com/security.

13. Children

OmniLink is a workplace/enterprise service not directed to children and we do not knowingly collect personal information from children under 13. Where a Customer uses OmniLink in contexts that may involve minors (e.g., pediatric care), the Customer is responsible for the appropriate consents and safeguards.

14. Changes to this policy

We may update this policy. We will post the updated version at https://www.interfaceomnilink.com/privacy and revise the “Last updated” date. Material changes will be communicated as required by law.

15. Contact

Interface OmniLink IP, LLC Attn: Privacy [address] cneira@interfaceomnilink.com

This document is a draft prepared to support a review by qualified legal counsel. It is not legal advice and does not create any professional relationship. Confirm all bracketed placeholders, jurisdictional applicability, and subprocessor terms before publication.

Questions? Email cneira@interfaceomnilink.com.