Privacy Policy

• Your files are encrypted on your device before they ever reach us.
• They're decrypted only briefly, in memory, on our own self-hosted conversion worker — never written to disk in the clear, never sent to anyone else, never kept after the job finishes.
• AI conversions run on our own self-hosted models. No third-party AI APIs, ever.
• Uploads and outputs auto-delete on a short clock (hours to days).
• We don't sell your data. We don't run ad tracking. There are no tracking cookies.

We keep collection to the minimum needed to run the service:

• Your email address. Used to sign you in (we use a one-time code sent to your inbox — no passwords) and to reach you about your account.
• Subscription status. If you upgrade, our payments processor tells us whether your plan is active. Your card details go to the app store / payments processor, never to us.
• Your files, encrypted. The files you convert are encrypted on your device and stored only as ciphertext for as long as the conversion needs them (see Retention).
• Diagnostics. Crash and error reports so we can fix what breaks. These describe the failure, not your files.

OMNIvour encrypts every file with AES-256-GCM in the app, on your device, before upload, and stores it only as ciphertext. Converting a file does require reading it: to do that, our own self-hosted conversion worker decrypts it in memory using your key, performs the conversion, re-encrypts the result, and discards both the plaintext and the key the moment the job finishes. That decryption happens only on infrastructure we run — your files are never written to disk in the clear, never sent to a third party, and never retained once the conversion completes.We don't scan, profile, or sell your file contents, and we never use them to train anything.

AI-powered conversions run on models we host ourselves. Your file contents are never sent to OpenAI, Google, Anthropic, or any other third-party AI provider — because we don't use any.

Only to operate the product:

• Sign you in and keep your account working.
• Run your conversions and deliver the result back to you.
• Apply your subscription entitlements.
• Diagnose crashes and keep the service reliable.

We do not use your information for advertising, profiling, or resale.

We use a small set of infrastructure providers to run OMNIvour. Each sees only what its job requires:

• Supabase — account sign-in and our application database.
• Cloudflare R2 — temporary, encrypted storage of files during conversion.
• RevenueCat — subscription management (works alongside the App Store / Google Play).
• Sentry — crash and error diagnostics.
• Hugging Face — hosting for the AI models we run ourselves.

None of these providers receives your encryption key, and none can read your file contents.

Files are ephemeral by design:

• Uploaded files: auto-deleted within 24 hours.
• Converted outputs: auto-deleted within 7 days.
• Access logs: retained 30 days for security, then removed.

Your account email and subscription status are kept while your account is active. Delete your account and they go too.

• We don't sell or rent your personal information to anyone.
• We don't run advertising or behavioral tracking.
• We don't set tracking cookies.
• We don't send your files to third-party AI services.

You can access, correct, export, or delete your data. The fastest path to deletion is built into the product: delete your account, which permanently removes your account and associated data. You can also email us at support@omnivour.app for any request. Depending on where you live (for example, the EEA, UK, or California), you may have additional rights — we honor them regardless of location.

OMNIvour isn't directed to children. You must be at least 13 years old to use it (16 in the EEA). We don't knowingly collect data from children under these ages; if you believe a child has provided us data, contact support@omnivour.appand we'll remove it.

We operate in the United States, and our providers may process data in the United States and other countries. Wherever your data is processed, the protections in this policy — including on-device encryption — travel with it.

If we change this policy, we'll update the date at the top. For material changes — a new category of data, a new provider, a longer retention window — we'll give you notice in the app or by email before the change takes effect.

OMNIvour is operated by RADLAB LLC, a Wyoming limited liability company, which is the controller of your personal information. Questions, requests, or concerns? Email support@omnivour.app — a human reads it.