Privacy Policy

1. Who we are

Omnipresent (Blake Ernst, sole proprietor). San Diego, CA. Contact: blake@omnipresent.app.

This policy explains what data we collect from plumbing shop owners who buy our products, what data we handle on behalf of paying clients, how we use it, who we share it with, and the rights you have over it. Plain English. No security theater.

2. What data we collect

Eight categories. Each one is listed below with the source and the exact fields collected.

Account and billing info (via Stripe)

When you buy any product through Stripe checkout we collect: your name, email, phone number, and billing address. Card information (number, expiry, CVV) is sent directly to Stripe and never touches our servers. We see only the last 4 digits and the card brand.

Audit request and intake form data

When you request your free audit, the form on this site collects your name, shop website or Google profile, phone number, and email. If you go on to work with us, a follow-up intake (handled off this website) may also collect your shop name, service area ZIP, CRM software in use (ServiceTitan, Housecall Pro, Jobber, FieldEdge, QuickBooks, Excel, or Other), EIN, legal business name, number of trucks, and the owner's mobile phone number for A2P 10DLC registration.

Your customer list (Sprint clients only)

If you are a paying Sprint client, you upload (or give us access to pull) your past customer list. That typically includes: customer names, phone numbers, email addresses, service addresses, and transaction history (job type, date, ticket amount). See Section 5 for how this is handled.

Website analytics

We use minimal first-party analytics on omnipresent.app to measure page traffic and conversion. No third-party ad tracking pixels, no retargeting, no Facebook pixel. If we add Google Analytics 4 in the future, this section will be updated with the specific cookies and identifiers used.

SMS opt-in records (A2P 10DLC)

When you give us your phone number for SMS communications, we log: the phone number, the consent timestamp, the IP address, the form or source that captured the consent, and the exact disclosure text you agreed to. Same applies to records we hold for Sprint clients' customers. These records exist to prove compliance with the TCPA and CTIA messaging guidelines.

Email engagement data

For emails we send through GoHighLevel (client campaigns) or Instantly (Blake's cold outbound to prospects only), we collect opens, clicks, replies, and bounce status. This is standard email-platform telemetry and is used to measure deliverability and campaign performance.

Telegram bot interactions

Our internal alerting system pushes notifications to Blake via Telegram (new purchases, support requests, system alerts). This data flow involves Blake only. No client or customer data is exposed in those messages beyond first name and the type of event (for example: "new Audit purchase from Mike at Acme Plumbing").

Cookies on omnipresent.app

The site itself is mostly static. The only cookies that may fire on omnipresent.app today are: Stripe checkout session cookies (only on Stripe-hosted pages you redirect to), Vercel hosting session cookies (used for routing, not analytics), and any GoHighLevel form-embed cookies if you submit a form embedded from GHL. See Section 7 for the full cookies list.

3. How we use the data

Specific use per data type from Section 2:

• Account and billing info: to charge you, send receipts, satisfy California ARL renewal reminders, and contact you about your purchase.
• Audit and Sprint intake data: to deliver the Audit, file your A2P 10DLC registration with Twilio and The Campaign Registry, set up your GoHighLevel system, and stay in touch about your engagement.
• Your customer list (Sprint clients): only to run YOUR reactivation campaign. Period. See Section 5.
• Website analytics:to see which pages convert and which don't, so we can improve the site.
• SMS opt-in records: to prove consent to carriers, regulators, or anyone challenging a message. Retained for the active relationship plus 7 years.
• Email engagement data:to measure deliverability, identify cold or dead contacts, and trigger follow-up sequences (your campaigns if you're a Sprint client; Blake's outbound if you're a prospect).
• Telegram interactions: internal alerting only. Not used for any external purpose.

We do not use any of this data to train AI models, build marketing audiences, or sell to data brokers.

4. SMS and phone number handling (TCPA, CTIA, and A2P 10DLC)

This section governs every phone number you give us, every phone number on a list a Sprint client uploads, and every SMS consent record we hold.

Opt-out

Reply STOP to any text message and you are opted out. Opt-out is permanent and propagated to our system, GoHighLevel, and Twilio within 24 hours. We honor opt-outs received through any reasonable method: STOP reply, email to blake@omnipresent.app, or phone call to (619) 853-5003.

Supported opt-out keywords: STOP, UNSUBSCRIBE, END, QUIT, CANCEL, OPTOUT, REVOKE.
Supported help keywords: HELP, INFO, SUPPORT.

Frequency

Message frequency varies by program. Reactivation campaigns typically send 1 to 3 messages per quarter to a given recipient. Transactional messages (appointment confirmations, missed-call text-back, review requests) fire based on customer activity. Message and data rates may apply.

Retention

Opt-out records are kept indefinitely so we can prove that a STOP was honored if anyone challenges it later (compliance audit, plaintiff lawsuit, carrier review). Consent records (the opt-in itself, the disclosure text shown, the timestamp, the IP) are kept for the duration of the active relationship plus 7 years.

This section satisfies the SMS data-handling content required by the CTIA Messaging Principles and Best Practices and the A2P 10DLC PrivacyPolicyUrl requirement that takes effect June 30, 2026.

5. Sprint client customer data

If you are a paying Reactivation Sprint client, the past-customer list you upload (names, phone numbers, emails, addresses, transaction history) is treated as follows:

• Used only to run your campaign. Never used for another client's campaign.
• Never sold, rented, sublicensed, shared with data brokers, or used to build look-alike audiences.
• You retain ownership at all times. Our role is processor; you are the controller.
• Full export delivered to you within 7 business days of contract cancellation.
• Our working copies are deleted within 7 business days after the export is delivered.
• Subprocessors that touch this data (GoHighLevel, Twilio) are listed in Section 6.

Section 5 of our Terms of Service also covers ownership and deletion of your customer list and applies to every Sprint engagement.

6. Third parties we share data with (data processors)

We use the following vendors to deliver our services. Each one signs (or contractually agrees via Terms) to act as a processor, use the data only for the service we've hired them for, and meet their own security and privacy obligations.

• Stripe (payment processing). Shares: name, email, billing address, card data. Purpose: charge you, store payment method, run the Customer Portal. stripe.com/privacy
• GoHighLevel (CRM, email and SMS campaign delivery). Shares: your contact info; for Sprint clients, your full uploaded customer list. Purpose: campaign orchestration, automation, reporting. gohighlevel.com/privacy-policy
• Twilio (SMS delivery, A2P 10DLC brand and campaign registration). Shares: phone numbers, opt-in records, message content, your business EIN and legal name for brand registration. Purpose: carrier-compliant SMS delivery. twilio.com/legal/privacy
• Google Workspace (email infrastructure for blake@omnipresent.app). Shares: any email correspondence with us. Purpose: email sending and storage. policies.google.com/privacy
• Instantly (cold outbound email for Blake's prospecting only). Shares: prospect email addresses Blake sources himself (never client customer data). Purpose: outbound email sequences. instantly.ai/privacy-policy
• Mailscale (cold outbound domain and inbox infrastructure for Blake's prospecting only). Shares: domain and mailbox metadata; no client customer data. Purpose: inbox warm-up, deliverability. mailscale.io/privacy-policy
• Vercel (hosting and DNS for omnipresent.app). Shares: standard web request logs (IP, user agent, URL). Purpose: serving the site, basic operational logging. vercel.com/legal/privacy-policy
• Cloudflare (DNS and edge protection, where applicable). Shares: standard web request metadata. Purpose: DDoS protection, DNS resolution. cloudflare.com/privacypolicy
• Telegram (internal alerts to Blake only). Shares: event metadata in alert messages (purchase event, contact first name, event type). Purpose: real-time notifications. telegram.org/privacy
• Documenso (e-signature for client contracts). Shares: client name, email, contract terms. Purpose: hosted e-sign and signed-doc storage. documenso.com/privacy

As required by the CTIA messaging guidelines and the June 30, 2026 A2P 10DLC requirement, none of these processors receive SMS opt-in data or phone numbers for the purpose of marketing to those numbers on behalf of any other party. The data is used only to deliver the messages the consumer agreed to receive.

7. Cookies and tracking on omnipresent.app

We keep this minimal. No third-party ad pixels, no Facebook pixel, no Google Ads tag, no retargeting. The cookies that may set today:

• Stripe checkout cookies (only on stripe.com pages you are redirected to during checkout). Used for fraud prevention and session state.
• Vercel session cookies. Set by our hosting provider for routing and basic operational use, not for tracking individuals across sites.
• GoHighLevel form-embed cookies (only if you submit a form that is embedded from our GHL workspace). Used to associate your submission with your contact record.

Google Analytics 4 is not active on omnipresent.app today. If and when we add it, this section will be updated, and California users will see an explicit opt-out signal honored (Global Privacy Control / GPC).

8. Your privacy rights

You have the following rights over data we hold about you:

• Right to know what personal information we hold about you, where we got it, and who we shared it with.
• Right to delete your personal information.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising, so there is nothing to opt out of, but the right exists.
• Right to non-discrimination for exercising any of the rights above.

How to exercise these rights: email blake@omnipresent.app with "Privacy request" in the subject line. We verify your identity by replying to the email address on file (or, for non-customers, by asking 2 verifying details). We respond within 30 days (CCPA allows up to 45; we aim for 30).

California residents (CCPA / CPRA)

Categories of personal information we have collected in the last 12 months, mapped to the categories defined in California Civil Code Section 1798.140:

• Identifiers: name, email, phone, billing address, IP address.
• Customer records / commercial information: purchase history, transaction records, products purchased.
• Internet or other electronic network activity: page views on omnipresent.app, email opens and clicks.
• Geolocation data: approximate (city-level) from IP address only. No precise GPS.
• Professional or employment-related information: for Sprint clients: business name, EIN, role.
• Inferences: none drawn for profiling purposes.
• Sensitive personal information: none collected.

Do we sell personal information? No.
Do we share personal information for cross-context behavioral advertising? No.
Do we use sensitive personal information to infer characteristics? No.

This page also serves as our Notice at Collection under CCPA section 7012. The categories collected and purposes are described in Sections 2 and 3 above.

9. International users

Omnipresent is a U.S.-based business serving U.S. plumbing shops only. We have not appointed an EU or UK GDPR Article 27 representative. If you are located outside the United States, please do not submit personal data to us. We do not knowingly accept signups from outside the U.S.

10. Children

This service is directed at plumbing business owners (adults). We do not knowingly collect personal information from anyone under 16 years old. If you believe a minor has submitted personal information to us, contact blake@omnipresent.app and we will delete it.

11. Security

The plain truth on security posture:

• Cardholder data: handled entirely by Stripe (PCI DSS Level 1). We never see full card numbers.
• CRM and campaign data: handled by GoHighLevel (SOC 2 Type II).
• SMS delivery and consent records: handled by Twilio (SOC 2, ISO 27001).
• In transit: all traffic to omnipresent.app and to our processors uses TLS.
• Access: Blake is the only person with access to client systems. Sub-account access for contractors (when used) is scoped and revoked when work ends.
• Passwords: where applicable, hashed using the underlying platform's standard hashing (Stripe, GHL, Vercel handle this).

No system is unbreakable. If we ever have a breach affecting your data, you will be notified within the time limits required by California law (no later than 30 days after discovery for most cases).

12. Changes to this policy

We will email any material change to the billing address on file at least 30 days beforeit takes effect. Non-material updates (typos, clarifications, new processor added to the list, links updated) are made silently with the "Last updated" date at the top of this page revised.

13. Contact

blake@omnipresent.app · (619) 853-5003 · San Diego, CA