Privacy Policy

Effective Date: April 1, 2026  |  Last Updated: April 1, 2026

Om3ga AI LLC ("Om3ga," "we," "us," or "our") operates the om3ga.ai platform. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (used for authentication and communication)
• Hashed password (we never store plaintext passwords; passwords are hashed using scrypt with unique salts)
• Name (if provided during signup)

1.2 Usage Data

When you use our services, we automatically collect:

• IP address (for security, rate limiting, and audit logging)
• Browser user agent (for compatibility and security)
• Timestamps of service usage
• Which services you access (e.g., "Assignment Solver," "Legal Research")

1.3 Conversation Data

When you interact with Om3ga AI services, we store:

• Messages you send to AI services (prompts, questions, uploaded text)
• AI-generated responses
• Uploaded files (images, documents) processed by our services
• Feedback and beta testing notes submitted through our feedback system

1.4 Healthcare Data (HIPAA-Covered Services)

For healthcare-related services (Healthcare Report Generator, Medical Research & Diagnostics), we may process Protected Health Information (PHI). See Section 7 for HIPAA-specific provisions.

1.5 Information We Do NOT Collect

• We do not use third-party analytics trackers (no Google Analytics, no Facebook Pixel)
• We do not collect biometric data
• We do not collect financial information (no payment processing at this time)
• We do not collect location data beyond IP-derived general location

2. How Your Data Is Stored

2.1 Storage Architecture

• Account data: Stored in encrypted files on our private server
• Conversation data: Stored in a local ChromaDB vector database on our private server
• Session tokens: HMAC-SHA256 signed cookies stored in your browser; session records maintained on our server
• Uploaded files: Stored temporarily on our private server for processing, then deleted after use unless the service requires retention (e.g., CAM project files)
• AI models: Run locally on our private hardware using Ollama — your data is never sent to OpenAI, Google, Anthropic, or any other AI provider for processing

2.2 Website Hosting

Our website frontend is hosted on Vercel, Inc. Vercel processes HTTP requests and serves static content. Vercel does not have access to your conversation data, account credentials, or AI processing. All AI processing occurs on our private hardware, not on Vercel's servers. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

2.3 Email Services

We use Resend (resend.com) to send transactional emails (password resets, feedback confirmations, system notifications). Resend processes the email address and email content necessary for delivery. Resend does not have access to your conversation data or account credentials.

3. How We Use Your Data

We use your data exclusively to:

• Provide and improve Om3ga AI services
• Authenticate your identity and maintain your session
• Generate AI responses to your requests
• Store conversation history so the AI can reference past interactions (the "memory" feature)
• Send you system notifications, password resets, and feedback updates
• Monitor for security threats and unauthorized access
• Comply with legal obligations

4. Data Sharing

We may disclose your information only in these limited circumstances:

• Legal compliance: When required by law, subpoena, court order, or government request
• Safety: To prevent harm to you, other users, or the public
• Service providers: Vercel (website hosting) and Resend (email delivery) process limited data as described in Section 2. These providers are contractually prohibited from using your data for their own purposes
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data would be transferred to the successor entity under the same privacy protections

5. Cookies and Tracking

5.1 Cookies We Use

• om3ga-session: An HMAC-SHA256 signed session cookie that authenticates your login. Contains your session ID and email address in a cryptographically signed format. Expires when you log out or after 7 days of inactivity.
• om3ga-nda: A signed cookie recording your acceptance of the Non-Disclosure Agreement. Contains only your email and acceptance timestamp.
• om3ga-bta: A signed cookie recording your acceptance of the Beta Tester Agreement. Contains only your email and acceptance timestamp.

5.2 What We Do NOT Use

• No third-party tracking cookies
• No advertising cookies
• No analytics cookies
• No cross-site tracking
• No fingerprinting

5.3 Local Storage

Some features use your browser's localStorage to enhance your experience (e.g., chat history, UI preferences, beta tester feedback history). This data never leaves your browser and is not transmitted to our servers.

6. Data Retention

• Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
• Conversation data: Retained for as long as your account is active to provide the memory and context features. You may request deletion at any time.
• Session data: Automatically purged after 7 days of inactivity.
• Audit logs: Retained for 90 days for security monitoring, then automatically deleted.
• Uploaded files: Processed and deleted immediately unless the service requires retention (e.g., saved CAM projects). CAM project files are retained until you delete them.
• Feedback submissions: Retained indefinitely for product improvement unless you request deletion.

7. HIPAA Compliance (Healthcare Services)

• Local processing: All healthcare AI processing occurs on our private hardware. PHI is never transmitted to third-party AI providers.
• Access controls: Healthcare tools require authentication. Access is logged and auditable.
• Encryption: All data in transit is encrypted via TLS 1.3. Data at rest is stored on encrypted volumes.
• Minimum necessary: Healthcare tools process only the information you provide. We do not access more data than necessary to fulfill your request.
• Business Associate Agreements (BAAs): If you are a covered entity requiring a BAA, contact us at chad@om3ga.ai.
• Breach notification: In the unlikely event of a data breach involving PHI, we will notify affected individuals and the HHS within 60 days as required by HIPAA.

Important: Om3ga AI healthcare tools are designed to assist healthcare professionals — they do not replace professional medical judgment. All AI-generated healthcare content includes appropriate disclaimers.

8. Your Rights

8.1 All Users

You have the right to:

• Access: Request a copy of all data we hold about you
• Correct: Request correction of inaccurate data
• Delete: Request deletion of your account and all associated data
• Export: Request a machine-readable export of your data
• Withdraw consent: Stop using our services at any time

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: You may request disclosure of the categories and specific pieces of personal information we collect about you
• Right to delete: You may request deletion of personal information we have collected from you
• Right to opt-out of sale: We do not sell personal information. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
• Categories of personal information collected: Identifiers (email), internet activity (usage logs), and inferences (AI conversation history)
• Categories sold: None. We do not sell personal information.
• Categories disclosed for business purposes: Email address (to Resend for email delivery), HTTP request data (to Vercel for website hosting)

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: chad@om3ga.ai
• We will respond to verified requests within 30 days

9. Security

• All web traffic encrypted with TLS 1.3
• Passwords hashed with scrypt (128-bit salt, 64-byte output)
• Session cookies signed with HMAC-SHA256 and verified with timing-safe comparison
• Rate limiting on authentication endpoints (5 attempts per 15 minutes)
• IP-based access controls on sensitive API endpoints
• Regular security audits and penetration testing of our own infrastructure
• Cloudflare tunnels for secure remote access to backend services
• No default passwords on any service

10. Children's Privacy

Om3ga AI services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete that information immediately. If you believe a child under 13 is using our services, contact us at chad@om3ga.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Wisconsin, United States, without regard to conflict of law principles. Any disputes arising from this policy shall be resolved in the courts of Marathon County, Wisconsin.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

Om3ga AI LLC
Email: chad@om3ga.ai
Schofield, Wisconsin, United States

© 2026 Om3ga AI LLC. All rights reserved.