Skip to content

Privacy

We don't sell your data. Full stop.

No ads, no cross-site trackers, no data sales. Here's the long version of what we do and don't do with the information OmniF stores.

Last updated · 24 May 2026

Working draft

This document reflects how OmniF handles your data today and how we intend to keep handling it. A formally reviewed version, prepared with counsel, will replace this in the coming weeks. We're publishing the working draft now so you can see exactly how we operate.

What we collect

  • Account info — email, password hash, the country you signed up from (for tax purposes), and timestamps for security auditing.
  • Training data — workouts, nutrition logs, bloodwork uploads, AI conversations, and anything else you create in OmniF.
  • Payment info (Pro only) — handled entirely by Stripe. We never see your full card number; we store a reference token and your subscription status.
  • Basic analytics — page views, error reports, and aggregate performance metrics. No individual cross-page tracking, no advertising IDs.

What we don't collect

  • Your location (the country at signup is the only geographic data we keep)
  • Your browsing history outside OmniF
  • Device fingerprints for advertising
  • Cross-site tracking IDs
  • Your contacts, photos, microphone, or any other device data we don't need to operate the app

Where your data lives

Training data is encrypted at rest on our servers (AWS, EU region) and stored locally on every device you've installed OmniF on, so offline mode works. Server-side data is encrypted both at rest and in transit. Only you can read your own data — not Anthropic, not Amazon, not us.

Bloodwork uploads receive an additional encryption layer client-side before they're sent to the server, so even our own infrastructure operators can't read them.

Sub-processors

Three external services have technical access to limited parts of your data:

  • Amazon Web Services — hosts our infrastructure in EU (Ireland) and processes encrypted data at rest. No human at AWS reads your training data.
  • Stripe — processes Pro subscription payments. Stripe sees your payment method; we don't.
  • Our AI provider (currently Anthropic, with OpenAI as a fallback for specific features) — receives the specific context for each AI request you make, only when you make one, and only if you're on Pro. No training data is sent to AI providers outside of an active request.

Your rights

You can:

  • Export everything in plain JSON anytime from Settings → Export
  • Delete your account, which permanently deletes all server-side data within 30 days (the 30-day buffer is for backup expiry)
  • Disconnect AI — Pro subscribers can disable AI features entirely from Settings, in which case no data is sent to AI providers
  • Object to specific processing by emailing us

Children

OmniF is not intended for use by anyone under 16. We don't knowingly collect data from minors. If you believe a child has signed up, email us and we'll delete the account.

Changes

When the formally reviewed version is ready, we'll email every account holder at least 30 days before it takes effect. Material changes after that point will follow the same notice period.

Questions?

We answer privacy questions personally, usually within 24 hours.

privacy@omnif.co