How we handle your data.
Last updated: June 2026. This is a template — please review and have a lawyer adapt it for your jurisdiction before going live in production.
1. What we collect
Account info (email, name), the content you submit to OmniAI (chats, prompts, generated images and videos), payment metadata via Stripe (last 4 digits, currency, plan), and usage telemetry (model, latency, token cost). We do not store full credit-card numbers — that data lives only inside Stripe.
2. Why we collect it
To deliver the service you signed up for: route your prompts to the right model, persist your conversation history, gate paid features via the token wallet, and process payments. We use telemetry to monitor performance and prevent abuse — not to build advertising profiles.
3. Bring-Your-Own-Key (BYOK) data
API keys you paste into the Vault are encrypted with AES-256-GCM before being written to our database. The plaintext key never leaves your browser except inside an HTTPS request to OmniAI, and is decrypted only at the moment of an outbound LLM call. We never log raw key material.
4. Who we share it with
Model providers (OpenAI, Anthropic, Google, xAI, Mistral, DeepSeek) receive only the prompt content needed to serve your request — bound by their own policies. Stripe receives payment data necessary to process checkout. We do not sell your data to third parties.
5. Your rights
You can request a copy of your data, delete your account, or revoke any BYOK key at any time. Account deletion removes your conversations, prompts, generated content, and BYOK keys from our systems within 30 days; soft-deleted media files persist in object storage indefinitely per platform constraints but are no longer linked to your account.
6. Retention
Active account: data is kept until you delete it. After deletion: 30-day grace period for accidental restores, then permanent removal of database records. Payment receipts retained 7 years to meet tax/compliance obligations.
7. Contact
Privacy questions, data export, or deletion requests: send an email to privacy@omniai.example (replace with your real contact before going live).