← Back to Stomni

Privacy Policy

1. Who We Are

This website at stomni.com (the "Site") is operated by STO Enterprises LLC, a limited liability company organized under the laws of the State of Wyoming, United States of America ("Stomni," "we," "us," or "our"). Stomni provides AI automation consulting and implementation services to finance teams at mid-market enterprises.

For any privacy-related questions, data requests, or concerns, you can reach us at info@stomni.com.

2. What This Policy Covers

This Privacy Policy explains what personal information we collect when you interact with stomni.com or with Stomni directly through email, meetings, or engagement work. It describes how we use that information, who we share it with, how long we keep it, and what rights you have over it.

This policy applies to:

• Visitors to stomni.com who browse the site anonymously
• Individuals who submit a form on the site (for example, to book a scoping call)
• Individuals who email us directly at info@stomni.com or any other Stomni address
• Individuals whose companies have engaged Stomni for consulting or implementation work

This policy does not cover third-party websites linked from stomni.com. When you click an external link, you leave the scope of this policy and enter the privacy terms of whichever site you land on.

3. What Information We Collect

3.1 Information you give us directly

When you submit a form, email us, or engage us for work, you may share:

• Your name and job title
• Your work email address and phone number
• Your company name, size, and industry
• A description of the problem you want help with
• Any additional context you choose to share during discussions or engagements

3.2 Information collected automatically

When you visit stomni.com, our hosting and infrastructure providers automatically log:

• Your IP address and approximate geographic location
• The type of browser and device you are using
• The pages you visit on our site and the time you spent on each
• The referring website, if any
• Technical information required to deliver the site to you securely

This data is used to operate the site, prevent abuse, and understand how visitors use the site in aggregate. We do not use it to build advertising profiles.

3.3 Client engagement data

When we are engaged to build or deploy an AI automation for your organization, we may process data you provide to us for that purpose (for example, invoice samples, general ledger extracts, or supplier records). This data is handled under the terms of a separate engagement agreement and Data Processing Addendum, and is governed by the specific contract between your organization and Stomni, not by this Privacy Policy. Your engagement data is never used to train public AI models and never leaves the environment you authorize.

4. How We Use Your Information

We use personal information for the following purposes and no others:

• To respond to your inquiries and requests
• To schedule and conduct meetings, scoping calls, and engagement work
• To deliver the services you have engaged us for
• To send occasional updates about our work, new services, or relevant insights (only to people who have explicitly asked to receive them)
• To maintain records required for tax, accounting, audit, and legal purposes
• To protect the security of our site, our systems, and our clients
• To comply with legal obligations

We do not sell personal information to third parties. We do not rent email lists. We do not share your details with data brokers.

5. Cookies and Similar Technologies

Stomni.com uses a minimal set of cookies and similar technologies, strictly for operational and analytical purposes:

• Essential cookies required to deliver the site and protect against abuse (set by our hosting provider, Cloudflare).
• Analytics cookies or similar used to understand how visitors use the site in aggregate. We aim to use privacy-friendly analytics that do not track individuals across sites.

We do not use cookies for cross-site behavioural advertising. You can disable cookies in your browser at any time; the site will continue to work, though some features may be slightly reduced.

6. Who We Share Information With

We share personal information only with the service providers we use to operate our business. Each of these is a reputable company with its own privacy obligations. The main categories are:

Infrastructure and operations

• Cloudflare, Inc. — hosting, content delivery, DNS, and security
• GitHub, Inc. (Microsoft) — source code management for site files
• Hostinger International — email hosting for our @stomni.com addresses
• Google LLC — administrative email and office tools where used

Communication and scheduling

• Calendar and booking tools used to schedule calls (for example, TidyCal)
• Form submission tools used to collect inquiries (for example, Tally or similar)
• Email delivery and sequencing tools, where used (for example, Kit or similar)
• Video conferencing tools used for meetings (for example, Zoom, Google Meet, Microsoft Teams)

Automation and analytics

• Workflow automation platforms used to coordinate internal operations (for example, n8n, self-hosted on infrastructure we control)
• Privacy-friendly web analytics tools (for example, Plausible) or standard analytics tools (for example, Google Analytics)

We will update this list when material changes occur. Service providers are contractually required to process personal information only on our instructions and only for the purposes we have authorized.

We may also disclose personal information when required by law, court order, or legitimate legal process, or when necessary to protect the rights, property, or safety of Stomni, our clients, or others.

7. International Data Transfers

Stomni operates globally. Depending on where you are located and where our service providers operate, your information may be transferred to and processed in the United States, the European Union, the United Kingdom, the Republic of North Macedonia, the United Arab Emirates, or other jurisdictions. When we transfer personal data across borders, we rely on appropriate legal mechanisms including standard contractual clauses or equivalent protections.

8. How Long We Keep Your Information

We keep personal information only for as long as we need it for the purposes described in this policy, or for as long as we are legally required to keep it. Specifically:

• Inquiry and form submission data: kept for up to 24 months after the last interaction, then deleted or anonymized.
• Client engagement records: kept for the duration of the engagement and for a reasonable retention period afterward to meet tax, audit, and contractual obligations (typically 6–7 years).
• Marketing communications data: kept until you unsubscribe or request deletion.
• Technical and security logs: kept for a short rolling period as determined by our hosting providers (typically 30–90 days).

9. Your Rights

Depending on where you live, you have certain rights over the personal information we hold about you. These include:

• Access — to ask what information we hold about you and receive a copy
• Correction — to ask us to fix information that is wrong or incomplete
• Deletion — to ask us to delete information we no longer have a legitimate reason to keep
• Restriction — to ask us to stop using information in certain ways
• Portability — to ask for a copy of your information in a structured, machine-readable format
• Objection — to object to how we process your information for certain purposes
• Withdrawal of consent — to withdraw any consent you previously gave us

To exercise any of these rights, email us at info@stomni.com with "Privacy Request" in the subject line. We will respond within 30 days. If we cannot fulfil your request, we will explain why.

If you believe we have mishandled your personal information, you have the right to complain to a data protection authority in your country.

10. How We Secure Your Information

We take reasonable technical and organizational measures to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and, where appropriate, at rest
• Access controls that limit who can see personal information inside our team
• Regular review of our security practices and those of our service providers
• Secure development and deployment practices for all code we build and host
• Operational practices designed to align with emerging standards for information security and responsible AI governance

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we work to apply professional best practices.

11. Testimonials and Case Studies

We sometimes publish testimonials, quotes, and case studies describing work we have done for clients. The underlying content is always authentic and approved by the client before publication.

Many of our engagements involve sensitive enterprise information. In cases where a client has given us permission to describe the work but has asked not to be named, we may replace names and identifying details with generalized descriptions (for example, "CFO, European manufacturing firm" instead of a specific name and company). The experience, outcome, or quote described is always real and always approved by the individual or organization involved.

If you have given a testimonial or been featured in a case study and you want it removed, or if you want your attribution changed, email info@stomni.com with "Testimonial Request" in the subject line. We will remove or amend the content within 14 business days of receiving a verified request from the individual or authorized company representative who originally provided it.

12. AI Data Handling

Because AI is central to what we do, we think it's important to be explicit about how we handle data in AI systems we build and operate:

• Client data is never used to train public AI models. Ever. This is a core operating principle and a contractual commitment in every engagement.
• Prompts and outputs involving client data are processed through AI providers under enterprise-grade terms that prohibit training on submitted content.
• Human oversight is built into every agent we deploy. We design systems so that consequential decisions involve a human in the loop where it matters (for example, anything that writes to a general ledger, releases a payment, or communicates externally on behalf of a client).
• Data residency is configurable. We work with clients to ensure that personal and confidential data stays within the regions they require.
• We operate an internal AI management approach aligned with emerging international standards for responsible AI governance.

13. Children's Privacy

Stomni is a B2B service directed at finance professionals and enterprise decision-makers. Our site and services are not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@stomni.com and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or the legal environment. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify affected individuals directly. Your continued use of stomni.com after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise any of your rights, or want to report a concern, email us at info@stomni.com with "Privacy Request" in the subject line. We will respond within 30 days.

STO Enterprises LLC
Email: info@stomni.com