Omoi Privacy Policy
Last updated: 16 July 2026. Effective: 16 July 2026.Who we are. Omoi is operated by Abhiraj Sinha, [REGISTERED ADDRESS], India (“Omoi”, “we”). We are the data fiduciary (under India’s Digital Personal Data Protection Act, 2023) and data controller (under the EU GDPR) for the personal data described here. Contact: privacy@getomoi.com. Grievance Officer (DPDP Act): Abhiraj Sinha, privacy@getomoi.com — we respond to grievances within the timelines prescribed by law.
The short version. Omoi is a private space for your life. Everything you capture belongs to you. We use AI services to organize what you capture — under contracts that prohibit them from training on your data. We never sell your data, we never show ads, and we never store the bank SMS messages we read. Delete your account and everything goes with it.
1. What we collect, and why
| Data | Examples | Why (purpose) | Legal basis (GDPR) |
|---|---|---|---|
| Account data | Name, email, password (stored only as a salted hash) | Create and secure your account | Contract |
| Content you capture | Notes, voice recordings, photos, files, links, journal entries, tasks, events, habits, goals, learning items, weekly reviews | The product — storing and organizing your life | Contract |
| Financial content you add | Expenses, budgets, receipts you scan, shared-expense (Split) records | Financial Memory features | Contract |
| Bank SMS (Android only, opt-in) | Transaction alerts from bank senders | Automatic expense capture. Processed, never stored — see section 3 | Consent |
| Subscription status | Plan, product ID, renewal state (via RevenueCat) | Operate Omoi Pro. We never see or store your card number — Apple/Google process payment | Contract |
| Contacts (optional, on-device) | Names, phone numbers, and emails from your address book, read on your device only to show the Split contact picker. Only the single person you select — their name and, if present, phone/email — is sent to us, as a Split group member you created. The rest of your address book never leaves your phone. | Adding people to Split groups | Consent (the OS permission) + Contract (the member you add) |
| UPI ID (optional) | Your own UPI address (e.g. name@bank), if you choose to publish it | Shown to people you share a Split group with, so they can pay you back. We never process, hold or route the payment — see section 3a | Consent |
| Device & technical data | Push notification token, device platform/version, IP address in server logs, crash and error logs | Reminders, sync, security, debugging | Legitimate interest |
We do not collect: advertising identifiers, location history, contacts as a dataset (see below — your address book is read on your device only and is never uploaded), or any analytics from third-party ad/tracking SDKs — there are none in the app.
2. AI processing — what leaves your device
To organize your captures and answer your questions, we send relevant text (and, for receipt scanning, images; for voice notes, audio) to AI service providers acting as our processors:
- Anthropic (Claude models): note titling, tagging, summaries, expense categorization, weekly-review suggestions, AI Memory answers, and extraction of transaction details from bank-SMS text that our deterministic parser could not fully read.
- OpenAI: text embeddings (which power search) and voice-note transcription (Whisper).
Both providers process this data solely to return results to us, under API terms that prohibit using your data to train their models. AI outputs (titles, tags, summaries, answers) are stored in your account as part of your content. AI can be wrong; treat its outputs as suggestions, not facts or advice.
3. Bank SMS — the strongest promise in this policy (Android only)
If you grant SMS permission, Omoi reads incoming SMS to detect bank transaction alerts. What happens: (a) messages are filtered to transactional senders; (b) a deterministic parser extracts amount, merchant, date, and reference; (c) if parsing fails, the remaining text is passed transiently (held only in a short-lived processing queue) to Anthropic to extract the transaction; (d) the extracted transaction — never the message — is saved to your ledger with a one-way hash used only to prevent duplicates.
Full SMS bodies are never written to our database, never stored in your account, and never used for anything except extracting the transaction in front of it. Personal (non-transactional) SMS content is not collected. You can revoke the permission at any time in Android settings; the feature simply turns off. iPhone: Apple does not permit SMS access, so this feature does not exist on iOS.
3a. Contacts — read on your phone, never uploaded (optional)
Contacts: if you grant contacts access, Omoi reads your address book on your device to let you pick people for Split. We never upload, store, or sync your contact list. Only the specific people you choose to add to a group are sent to our servers, exactly as if you had typed them. Revoke the permission any time in Settings; you can always add people by typing.
Concretely: searching and filtering happen in memory on your phone, we read only names, phone numbers and emails (never photos, addresses, birthdays or notes), and no hash or fingerprint of your contacts is transmitted anywhere. We cannot tell you which of your contacts use Omoi, because we never see them.
3b. Paying a friend back with UPI — we are not in the payment chain
If someone you share a Split group with has published their UPI ID, Omoi can open your own UPI app (GPay, PhonePe, Paytm, BHIM…) with their address and the amount pre-filled. The payment is made by you, through your own bank, and Omoi is not a party to it. We never touch, hold, route or instruct funds, we are not a payment processor, and we see nothing about whether or how the payment completed. Omoi only records that a settlement happened — afterwards, and only when you explicitly confirm it — exactly as it already does when you pay someone in cash.
4. Who we share data with (sub-processors)
We share personal data only with processors needed to run Omoi, bound by data-processing agreements: Anthropic (AI processing, USA), OpenAI (embeddings & transcription, USA), RevenueCat (subscription management, USA), Railway (application, database and file/attachment hosting, [REGION]), Expo push service (delivering notifications), Apple / Google (app distribution, payments — as independent controllers under their own policies). We do not sell or rent personal data, and we do not share it with advertisers — ever. We disclose data to authorities only when legally compelled, and we will tell you unless the law forbids it.
5. International transfers
Our servers are hosted in [REGION]; AI providers process data in the USA. Where GDPR applies, transfers rely on Standard Contractual Clauses and equivalent safeguards. Where the DPDP Act applies, we transfer only to countries not restricted by the Central Government.
6. Retention
Your content is kept while your account is active. When you delete an item, it is removed from your account immediately and from backups within 90 days. When you delete your account (in-app or via our deletion page), all personal data is deleted within 30 days, backups within 90 days. Server logs are kept up to 30 days. Subscription records are kept as required by tax and accounting law.
7. Your rights
Wherever you live, you can: access your data, correct it, delete it (Settings → Account → Delete account, or our account-deletion page), withdraw consent (e.g. revoke SMS permission), and complain — to our Grievance Officer, to the Data Protection Board of India (DPDP Act), or to your local supervisory authority (GDPR). EU/UK users additionally have the rights to portability, restriction, and objection. We answer requests within 30 days and never charge for them.
8. What we never do
We never sell your data. We never show you ads or share data with ad networks. We never use your content to train AI models, nor permit our processors to. We never store raw bank SMS. We never read more than you gave us permission to read.
9. Children
Omoi is not directed at children under 18 (India) / under 16 (EU) and we do not knowingly process children’s data. If you believe a child has an account, contact us and we will delete it.
10. Security
Encryption in transit (TLS) and at rest, hashed passwords, token-based authentication, strict per-user data isolation, least-privilege access. Details: our Security page. No system is perfectly secure; if a breach affects you, we will notify you and the required authorities as the law requires.
11. Changes
We will post changes here with a new date, and for material changes we will notify you in the app before they take effect.
12. Coming later (transparency)
We plan optional integrations — e.g. reading email receipts from Gmail (read-only, opt-in, Google-verified) and calendar sync. None is active today; each will require your explicit opt-in and an update to this policy before launch.
Related: Terms of Service · Refund & Cancellation Policy · Security · Delete your account