GDPR & CCPA Compliance in Oomiji

Oomiji is designed to help organizations responsibly collect, manage, and use customer data. As part of that commitment, Oomiji is built to support compliance with both GDPR and CCPA, two of the most rigorous and widely adopted data-privacy regulations in the world.

What Are GDPR and CCPA?

GDPR (General Data Protection Regulation): GDPR is a European Union regulation that governs how organizations collect, store, process, and use personal data belonging to individuals in the EU.

CCPA (California Consumer Privacy Act): CCPA is a California state law that establishes strong consumer privacy protections for California residents. Because California enforces some of the most rigorous consumer privacy standards in the U.S., systems designed to meet California requirements establish a strong compliance baseline for all other states.

How Oomiji Supports GDPR & CCPA Compliance (+ the Role It Plays)

It's important to understand that Oomiji is a tool as the ultimate compliance responsibility lies with the company using the platform. Oomiji's role is to make compliance easier to achieve and maintain by providing the technical foundation and operational controls that support GDPR and CCPA-aligned data practices in daily use.

The screenshot below shows a consent checkbox presented at a time a customer submits their information. This consent language makes the purpose of data collection explicit and limits use to the scope approved by the individual. This is a foundational requirement under both GDPR and CCPA and establishes a clear, auditable record of user intent.

Note that the checkbox is intentionally unchecked by default. Under GDPR, pre-ticked boxes do not constitute valid consent as consent must be given through a clear, affirmative action by the individual. 

You'll also see this capability via an UNSUBSCRIBE action within the editor for conversations and landing pages, giving contacts a clear way to withdraw consent at any time, which is another requirement under both GDPR and CCPA.


  • Consent-Driven Data Collection: 
    • Data collected through Oomiji can be directly tied to lawful and transparent user interactions. 
  • Centralized Contact Records: 
    • All personal data in Oomiji is tied to a single record, with email serving as the unique identifier. This allows you to clearly see what personal data is stored and maintain a single source of truth across teams. This centralization is critical when responding to data subject requests as you can locate, review, and act on an individual's data from one place rather than searching across disconnected tools.
  • Data Access and Control: 
    • Because customer information, engagement history, and feedback live in one system, organizations can both locate an individual’s data quickly and avoid personal data being scattered across disconnected tools

Why This Matters:

  • Customer Trust: People are more likely to engage when they know their data is handled responsibly
  • Operational Clarity: Clear data practices reduce internal confusion and risk
  • Business Resilience: Strong privacy foundations reduce exposure to regulatory penalties and reputational damage

Clear intent → controlled data use → stronger compliance posture