Omesta
Pricing
Log inFree Until $1,000
Field-level disclosure

Exactly what we read. Exactly what we don’t.

The full, field-level list of what Omesta touches for each integration. We publish it because every SaaS should — and because our compliance-minded customers ask for it in every security review.
Data spec · v2.4
May 12 · 2026

Default posture

Read scopes

always

Write scopes

opt-in

Token purge

< 60 min

Retention

18 months

Never collected

Full card numbers (PAN)
Bank account numbers
Physical shipping addresses
Customer site-visitor IDs
7 platforms live · 3 queuedSOC 2 Type II

01 · Principle

Read-only by default.

The only write access we ever hold is what you explicitly enable — dunning email sending on Growth and Scale, automated payment retries on Scale only, and nothing else. Revoke every integration in one click from your settings page. Tokens are purged within 60 minutes.

Read scopes

always

We request only read-level OAuth scopes by default. Every scope is disclosed before you authorize.

Write scopes

opt-in

Write access is never enabled unless you explicitly opt in. Dunning emails on Growth; retries on Scale only.

Token purge

< 60 min

Revoke any integration in one click. Tokens are purged from our systems within 60 minutes.

Retention

18 months

Rolling 18-month window for transactional data. Customer metadata retained for account lifetime + 30 days.

02 · Per-integration tables

Every field, every scope.

7 live integrations

01

Stripe

Stripe Connect (Standard) or Restricted API Key

FieldReadWriteRetention
Customersid, email, name, created noneAccount lifetime + 30 days after disconnect
Charges + Payment Intentsstatus, amount, currency, decline code Optional retry (Scale plan)18 months rolling
Subscriptionsstatus, plan, renewal date noneAccount lifetime + 30 days
Refunds & Disputesreason, amount, date none18 months rolling
02

Shopify

Admin API OAuth — read_orders, read_customers, read_products

FieldReadWriteRetention
Ordersid, total, line items, status none18 months rolling
Customersemail, orders count, total spent noneAccount lifetime + 30 days
Productstitle, price, inventory noneAccount lifetime + 30 days
Refundsreason, amount, line items none18 months rolling
03

Meta Ads

Marketing API — ads_read, business_management

FieldReadWriteRetention
Campaigns & Ad Setsspend, impressions, clicks none18 months rolling
Conversionsevent type, value, attribution none18 months rolling
Creativesid, status, preview URL none18 months rolling
04

Google Ads

Google Ads API — read-only scope

FieldReadWriteRetention
Campaigns & Ad Groupsbudget, spend, status none18 months rolling
Keywordstext, match type, performance none18 months rolling
Conversionsaction, value, time none18 months rolling
05

TikTok Ads

TikTok Marketing API OAuth — ads.read, reporting

FieldReadWriteRetention
Campaigns & Ad Groupsspend, impressions, status none18 months rolling
Creativesid, status, preview URL none18 months rolling
Conversionsevent type, value, attribution none18 months rolling
06

Google Analytics

GA4 Data API OAuth — analytics.readonly

FieldReadWriteRetention
Property metadataproperty id, timezone, currency noneAccount lifetime + 30 days
Events & Conversionsevent name, count, value none18 months rolling
Acquisition reportssource, medium, campaign none18 months rolling
07

Square

Square OAuth — PAYMENTS_READ, ORDERS_READ, CUSTOMERS_READ

FieldReadWriteRetention
Paymentsstatus, amount, currency, decline reason none18 months rolling
Ordersid, total, line items, status none18 months rolling
Customersid, email, name noneAccount lifetime + 30 days
Refundsreason, amount, date none18 months rolling

03 · In the queue

Disclosure tables we’ll publish at launch.

PayPal

01

Transactions, Subscriptions

Q3 2026

Plaid

02

Account, Balance, Transactions (read-only)

Q3 2026

Klaviyo

03

Campaigns, Flows, Revenue attribution

Q4 2026

04 · Things we never collect

Five categories of data Omesta never touches.

If your compliance review needs evidence of any of these, we'll provide it under NDA.
01

Full PANs

We never see your customers’ full card numbers. Only the last-4 and brand that Stripe tokenizes.

02

Bank or ACH details

Routing numbers, account numbers, micro-deposits — we don’t touch them.

03

Physical addresses

Unless the integration explicitly exposes them (Shopify orders do, Stripe customers generally don’t).

04

Off-platform data

We only read what you authorize. No screen scraping, no inferred cross-account joins.

05

Site-visitor tracking

Omesta doesn’t install pixels, cookies, or fingerprints on your storefront.

Compliance & privacy

Questions on a specific field or scope? Ask us.

We respond to privacy inquiries within 48 hours and can scope this disclosure to your specific integrations on request.
support@omestasystems.comSecurity posture

Find the money your store is losing. To failed payments, dead ad spend, and silent churn. And put it back in your bank account. Free until we recover $1,000 for you.

Contact

Omesta Systems LLC
5830 E 2nd St
Ste 7000 #33555
Casper, WY 82609
Support@omestasystems.com

Product

  • Omesta

Solutions

  • For Ecommerce Brands
  • For Marketing Agencies
  • For Growth Teams
  • Multi-Brand Management

Resources

  • Integrations
  • Pricing
  • Blog
  • Glossary
  • Compare
  • Roadmap
  • Help Center
  • Partner Program
  • Contact Support
  • Careers
  • Press

Security & Trust

  • Data Security
  • Privacy Policy
  • Terms & Conditions
  • Cookie Policy
  • GDPR Policy
  • Integration Data Disclosure
  • Refund Policy
  • System Status

As featured in

See all 500+ features →
AP NewsNewsBreakBoston HeraldInternational Business TimesStar TribuneStreet InsiderMilwaukee Journal SentinelBarchart
Secure Platform
Encrypted Connections (HTTPS)
API-Based Integrations
Privacy-First Data Handling

© 2026 Omesta Systems LLC. All rights reserved.