Security & Data Privacy

Your data never
leaves your building.

Most AI platforms store your business data on their servers. OMNI works differently. The Node sits in your office. Your credentials, your customer conversations, your call recordings, and your business intelligence stay under your roof — not ours. This is not a privacy policy commitment. It is a physical architectural constraint.

Learn about the Node → Book a live demo
🔒Credentials encrypted on your hardware 🎙️Call audio never uploaded 🏥HIPAA-friendly architecture 🏠Single-tenant device — your data only
The architecture argument

A privacy policy is a legal document.
A physical constraint is permanent.

Every SaaS intelligence platform — regardless of their privacy policy, their SOC 2 certification, or their marketing language — has your data on their servers. That data is subject to their security practices, their breach risk, their retention policies, their employee access, and their legal obligations if subpoenaed.

OMNI was built on a different premise entirely. The Node is a physical device in your office. Data that lives on a device in your office cannot be remotely accessed, cannot be subpoenaed from a vendor, and cannot be affected by a third-party breach. The architecture prevents it — not because we committed to a policy, but because the data never reaches infrastructure we control.

The distinction that matters

A policy commitment says: "we promise not to misuse your data." A physical constraint says: "your data is on hardware in your building and we physically cannot access it." These are not equivalent levels of protection. OMNI operates on the latter.

Policy vs. Architecture — what actually protects you
☁️ SaaS Privacy Policy
Can be updated unilaterally by the vendor
Only as strong as their security team and infrastructure
Data can be subpoenaed from the vendor directly
A breach at their end exposes your data regardless of the policy
Employees at the vendor company can access your data
◎ OMNI Physical Architecture
Cannot be changed — it's a physical device in your office
Only as strong as the locks on your office — which you control
Data on your hardware cannot be subpoenaed from a vendor
A breach at our infrastructure doesn't affect data that was never there
We have no access path to your data — the Node accepts no inbound connections
Module-by-module data handling

Exactly what happens to your data
in each module. No ambiguity.

Every piece of data OMNI touches follows one of three patterns: collected by the Node outbound, processed transiently through AI inference, and the intelligence stored on your Node. Here's the exact flow for each module — the specific data it touches, where it goes, and what never leaves your building.

Omni Ads Revenue Attribution
No sensitive customer data
Data the Node collects

Ad performance metrics from Google Ads, Meta, TikTok, and other ad platforms (impressions, clicks, spend, ROAS, conversion data). Google Search Console ranking data. No customer PII is involved — this is aggregated performance data only.

What transits AI inference

Aggregated performance data is sent to Claude (Anthropic API) for analysis. The AI produces the intelligence brief. The raw metrics are not retained by the API provider under standard enterprise API terms.

What stays on your Node

Intelligence archives, ROAS history, cannibalization patterns, daily briefs, and the knowledge base used to improve recommendations over time. Your ad account credentials stored encrypted locally.

Omni Calls Phone System Intelligence
Contains sensitive conversations — handled entirely on-device
Data the Node collects

Call audio is accessed via your VoIP platform API. This is the highest-sensitivity data OMNI processes — it contains customer conversations, potentially including sensitive personal and financial information.

What transits AI inference

Nothing — transcription happens entirely on-device. Apple Silicon's Neural Engine performs all transcription locally on the Node. No audio file is ever uploaded to any cloud service or third-party transcription platform. Zero cloud exposure for call audio.

What stays on your Node

Full call transcripts, quality scores, keyword alerts archive, win/loss pattern intelligence, agent performance history. All stored locally — permanently yours. HIPAA-friendly by architecture for healthcare clients handling PHI on calls.

Omni Care Email + Support Intelligence
Ticket content processed in memory only — not written to OMNI infrastructure
Data the Node collects

Support ticket content from your inbox or ticketing platform (Zendesk, Freshdesk, Help Scout, Intercom, Gmail, Outlook, Gorgias). This can include customer names, order details, complaint content, and sensitive communications.

What transits AI inference

Ticket content passes through the Claude API for classification, urgency scoring, and draft generation. It transits the AI inference pipeline in memory for the duration of that operation. It is not written to OMNI server infrastructure at any point. The analysis completes and the raw content is gone.

What stays on your Node

Approved draft responses, the self-improving knowledge base built from resolved tickets, escalation patterns, and customer history your team has generated. Ticket content lives in your inbox — the Node processes it but doesn't become a secondary copy of your customer data.

Omni Intel Competitive Intelligence
No customer data — competitor public data only
Data the Node collects

Publicly available competitor data — ad creative (via ad transparency tools), website content and changes, public review platforms, job posting boards, social media activity, Reddit and forum mentions. No private or customer data is involved.

What transits AI inference

Scraped competitor data is analyzed by Claude or Gemini API to produce the weekly intelligence brief and identify strategic patterns. Public data about competitors transits AI inference. Your own business data does not flow through this module's AI calls.

What stays on your Node

Full competitor intelligence archive — ad history, website change log, hiring signal timeline, review velocity trends, and every weekly strategic brief. Permanently stored on your Node. Represents months or years of competitive intelligence you own outright.

Omni Search SEO + AEO Intelligence
Aggregated ranking data — no customer PII
Data the Node collects

Google Search Console ranking data, CTR and impressions, keyword position history. AI engine citation monitoring (ChatGPT, Perplexity, Claude, Google AI Overviews) — tracking mentions of your brand in AI-generated responses. No customer PII involved.

What transits AI inference

Aggregated ranking and citation data analyzed by Claude API to produce keyword gap analysis, content brief recommendations, and AEO strategy. Standard aggregated web performance metrics — no sensitive data.

What stays on your Node

Complete ranking history, content brief archive, AEO citation tracking database, and keyword opportunity log. Your Search Console API credentials stored encrypted locally.

Omni Presence + Analytics Social Publishing + Performance Engine
Public content and aggregated metrics only
Data the Node collects

Your social platform analytics (engagement, reach, follower metrics). Competitor public social content across Instagram, TikTok, LinkedIn, Facebook, X, and YouTube — all publicly visible posts and their engagement data. Your brand voice configuration.

What transits AI inference

Analytics data and your brand voice guidelines are sent to Claude API to generate content drafts and the weekly content calendar. Competitor post data is analyzed for archetype scoring and format strategy. No customer or follower PII is processed.

What stays on your Node

Approved content calendar history, brand voice configuration, archetype performance archive, competitor content intelligence database. Social platform OAuth credentials stored encrypted locally.

Omni Visuals AI Image Generation
Performance data inputs — generated images saved locally
Data the Node sends

Image generation prompts constructed from your ROAS data and analytics insights are sent to the Nano Banana Gemini API (POST /api/v1/generate/image) with resolution and aspect ratio parameters. No customer data or credentials are included in generation requests.

What the API returns

A generated image file is returned from the Nano Banana Gemini API and received by the Node. The image is the only data exchanged — prompt sent, image received. Subject to Nano Banana Gemini's standard API data handling terms.

What stays on your Node

Every generated image saved to your configured local folder (default: ~/Desktop/Omni Images). Full visual archive stored on your Node permanently — yours regardless of subscription status. Optional sync to iCloud, Dropbox, or Google Drive.

AI provider data handling

Powered by enterprise AI.
Your data doesn't train their models.

OMNI uses Anthropic (Claude) and Google (Gemini) as AI inference providers — the same infrastructure trusted by Fortune 500 companies and governments worldwide. Understanding what these providers do and do not do with your data is important, and the answer is different from what most people assume.

🤖
Anthropic — Claude API
Used by: Omni Ads, Omni Care, Omni Search, Omni Intel, Omni Presence, Omni Calls (pattern analysis)

Does not use API inputs to train models

Under Anthropic's standard API terms, inputs sent via the API are not used to train or improve Claude models. This is explicitly different from Claude.ai (the consumer product), which has different terms.

Enterprise API — transient processing

Data sent to the Claude API is used to generate the requested output and is not retained beyond the duration of the API call under standard enterprise terms.

SOC 2 Type II certified

Anthropic's infrastructure meets SOC 2 Type II standards for security, availability, and confidentiality. Full details available at anthropic.com/security.

🧠
Google — Gemini API
Used by: Omni Analytics (content scoring), Omni Visuals (image generation via Nano Banana Gemini)

API inputs not used for model training

Under Google's Gemini API terms for enterprise/paid usage, inputs are not used to train or improve Google's models. Again, distinct from consumer Gemini products.

Google Cloud infrastructure — enterprise grade

Gemini runs on Google Cloud, which is ISO 27001, SOC 2, SOC 3 certified and used by governments and regulated industries globally.

Consumer vs. API — an important distinction

Using Gemini.com or Google's consumer AI products is a different data arrangement from the enterprise API. OMNI uses the API — the clean version with enterprise data handling terms.

⚠️

We recommend verifying current data handling terms directly with Anthropic and Google for your specific use case, particularly for regulated industries. API terms can be updated. The current terms referenced here were accurate at the time of this page's publication — check anthropic.com/legal/api and Google's API terms for the most current version.

Maximum transparency

What we can see.
What we can't.

We believe you should know exactly what access we have to your business — and what we don't. Here it is, without hedging.

What OMNI can see

Software updates and module configuration

We can push software updates to your Node remotely. This is necessary for maintaining module functionality. We cannot execute arbitrary code — only validated OMNI system updates.

Node operational status and error logs

We can see whether modules are running, whether integrations are connected, and error logs for troubleshooting. These logs contain operational metadata — not your business data or customer content.

Subscription status and plan tier

We know you're a subscriber and which modules are licensed. Standard subscription management — no different from any SaaS billing relationship.

What OMNI cannot see

Your platform credentials

After onboarding, your Google Ads, VoIP, CRM, and support platform credentials exist only in encrypted local storage on your Node. We have no access path to them.

Your call transcripts and recordings

Transcription happens on-device. Transcripts are stored on your Node. We have never seen and cannot see the contents of your calls.

Your customer support conversations

Ticket content passes through AI inference transiently and is not written to our infrastructure. Your customers' conversations with you are not stored on our systems.

Your competitive intelligence archive

Everything Omni Intel has built about your competitors — their patterns, their vulnerabilities, their strategic signals — lives on your Node. We cannot access it.

Any data after you cancel

Cancel your subscription and there is nothing to retrieve from our end. Your data was never ours to keep. It was always on hardware in your office.

Regulated industries

Healthcare, legal, finance,
and compliance-sensitive businesses.

OMNI's architecture was designed with regulated industries in mind — not retrofitted with compliance language, but built from the ground up with local processing as the default. Here's what the architecture means for the most common compliance frameworks.

🏥

HIPAA — Healthcare

OMNI's on-device architecture eliminates the primary HIPAA compliance risk cloud tools create: a cloud data processor handling PHI who needs to sign a BAA. Because call audio is transcribed locally and support ticket content is processed in memory only, there is no cloud data processor in the chain for the most sensitive data flows.

Important note

HIPAA compliance depends on your entire operating environment. OMNI's architecture is designed to be HIPAA-friendly — we recommend consulting your compliance advisor to assess how OMNI fits into your specific HIPAA program. We do not claim HIPAA certification.

⚖️

Legal & Professional Services

Law firms and professional services businesses handling privileged communications face significant risk when client conversations flow through cloud infrastructure. OMNI's call transcription happening entirely on-device means client call content never reaches a third-party server. Omni Care's ticket processing in memory only means client communications are not written to external databases.

Attorney-client privilege and professional confidentiality obligations vary by jurisdiction. Consult your bar association or professional body guidelines for your specific practice area.

🏦

Finance & Financial Services

Financial services businesses handling customer financial data, account information, or regulated communications benefit from OMNI's local processing architecture. The Node's outbound-only connection model means no inbound attack surface exists — reducing the risk profile relative to cloud-connected alternatives.

PCI DSS note

OMNI does not process payment card data. If your calls involve card numbers, Omni Calls' on-device transcription model means those numbers are not uploaded to any cloud service — though you remain responsible for your overall PCI compliance environment.

Security questions

The questions your IT team
is going to ask.

Is OMNI HIPAA compliant?+
OMNI is designed with a HIPAA-friendly architecture — the on-device processing model eliminates the primary compliance risk that cloud-based tools create. No call audio, no support ticket content, and no customer data is stored on third-party servers. However, HIPAA compliance is a certification that depends on your entire operating environment. We recommend consulting your compliance advisor regarding your specific obligations. OMNI's architecture removes the cloud data processor from the chain — there is no third-party server to sign a BAA with because the data never gets there.
Can OMNI see my credentials or business data?+
No. Your credentials are stored encrypted on your Node's local hardware — we cannot access them after onboarding. We cannot read your call transcripts, your support tickets, your competitive intelligence archive, or your customer data. These are stored on hardware in your office. The Node connects outbound to your platforms — it does not accept inbound connections — so we have no remote access path to your business data.
What happens to my data when it goes through Claude or Gemini?+
When OMNI uses Anthropic (Claude) or Google (Gemini) APIs, data passes through their inference infrastructure transiently — it is used to generate the intelligence output and is not retained for model training under standard enterprise API terms. This is different from consumer products like Claude.ai or Gemini.com. Enterprise API is the clean version. The intelligence output is stored on your Node. The raw input is gone once the API call completes. We recommend verifying current terms directly with each provider for your specific compliance requirements.
How are my credentials handled during onboarding?+
During your onboarding call, credentials are entered directly into your Node's encrypted local storage over a secure session. They are never emailed, never texted, never transmitted to our servers, and never written to any cloud database. Once the onboarding call ends, your credentials exist only on the Node — even our team cannot access them. The onboarding session is conducted remotely by our team directly on your Node during the call.
Does the Node have any inbound connections we need to worry about?+
No. The Node operates on an outbound-only connection model — it connects out to your platforms to fetch data and deliver intelligence briefs, but it does not accept inbound connections from the internet. This means the Node presents no inbound attack surface. No port forwarding, no open ports, no remote access path from the internet to your Node. This is a fundamental architectural choice that reduces the security risk profile significantly compared to devices or servers that accept inbound connections.
Is my data shared between OMNI clients?+
No. Each OMNI Node is a single-tenant device — it is a physical piece of hardware dedicated entirely to your business. There is no shared database between clients. Your competitive intelligence, customer conversations, and business data have no path to any other client's device or our infrastructure. This is different from multi-tenant SaaS platforms where all clients' data lives in the same database, separated only by access controls.
What happens to my data if I cancel?+
The scheduled modules stop running, but everything on your Node stays permanently. Every call transcript, every intelligence archive, every competitive pattern, and every piece of business data lives on hardware you own. There is nothing to retrieve from our end — your data was never stored on our infrastructure. Cancel your subscription, delete the agent folder if you wish, and there is no residual data anywhere in our systems to worry about.

Security that doesn't rely on
trusting us.

The strongest security architecture is one where the vendor can't access your data even if they wanted to. Your credentials are encrypted on hardware in your office. Your calls never leave your building. Your business intelligence is permanently yours. That's not a promise — it's how the system physically works.

See plans & pricing → Book a live demo

Physical data sovereignty  ·  No inbound connections  ·  HIPAA-friendly architecture  ·  Cancel and keep everything