ØmnimindØmnimind

Privacy Policy

Effective April 29, 2026

Ømnimind (“Ømnimind,” “we,” “us”) is a private health intelligence application. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. By creating an account or using Ømnimind, you agree to the practices described here.

Important: Ømnimind is not a medical device

Ømnimind does not provide medical advice, diagnosis, or treatment. Information generated by Ømnimind is for informational purposes only and is not a substitute for professional medical judgment. Always consult a qualified healthcare professional before making decisions about your health.

1. Who we are and how to contact us

Ømnimind is operated by Ømnimind, Inc. For privacy questions, data requests, or to exercise the rights described below, contact us at privacy@omnimind.app. We aim to respond within 30 days.

2. Information we collect

We collect only what we need to operate Ømnimind for you. Specifically:

  • Account information: email address, password (hashed, never stored in plaintext), date of birth (used only to verify you are 18 or older), and any name or profile fields you provide.
  • Health information you provide: documents, uploaded images (lab results, medication labels, etc.), free-form notes, draft observations, and committed longitudinal records.
  • Conversation history: messages you send to and receive from the AI, including any reasoning blocks the AI returns.
  • Operational data: credit balances and transactions, billing identifiers from our payment processor, sign-in timestamps, and basic device information.
  • Consent records: timestamps and context for each consent decision (terms acceptance, image upload consent, health-data consent).

We do not buy your data from third-party data brokers, and we do not receive PHI directly from healthcare providers; everything in your Ømnimind account comes from you.

3. How we use your information

We use your information solely to:

  • Operate the service (storing your records, running chats).
  • Generate AI responses contextualized by the records you have explicitly committed to memory.
  • Process payments and credit allocations.
  • Run safety and quality checks (for example, the silent post-response audit pass that verifies AI answers against your committed records).
  • Communicate with you about your account or service updates.
  • Comply with legal obligations and prevent abuse.

We do not use your health information to train or fine-tune third-party AI models, and we do not sell or rent your data to anyone.

4. AI processing and third-party providers

To generate responses we send your prompts and the relevant context (your committed records) to AI inference providers we contract with. These providers process the data only to produce a response and are contractually prohibited from retaining it for training. We currently use Vercel AI Gateway, which routes inference to providers including Groq and others; we may change inference providers over time. We use Supabase for database and authentication, Stripe for payments, and Vercel for hosting.

5. Storage, encryption, and security

Data is stored in encrypted databases hosted in commercial cloud infrastructure. Connections to our service are protected by TLS in transit. Access to production systems is restricted, audited, and requires two-factor authentication. Despite our safeguards, no system is perfectly secure; if we discover a breach affecting your data we will notify you and applicable authorities as required by law.

6. Your rights and controls

You can, at any time:

  • Access the records and chats stored in your account through the in-app history and records views.
  • Export your data via the in-app export feature (machine-readable formats).
  • Delete individual records, individual chat sessions, or your entire account. Account deletion removes your health records, chat history, and identifiers from active systems within 30 days, subject to limited retention for fraud prevention, billing, and legal compliance.
  • Withdraw consent for image uploads or for health-data processing more broadly. Withdrawing consent does not retroactively undo prior processing but stops future use.

Depending on your jurisdiction (e.g. EU/EEA, UK, California) you may have additional rights including portability and the right to lodge a complaint with your data protection authority.

7. Children

Ømnimind is intended for adults 18 and older. We do not knowingly collect information from anyone under 18. If we discover an account belongs to a minor we will close it and delete its data.

8. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you in-app and update the effective date above. Continued use of Ømnimind after a change constitutes acceptance of the updated policy.

9. Contact

Questions, requests, or complaints? privacy@omnimind.app.