The short version
OmniChat is a Chrome browser extension that lets you broadcast one prompt to multiple AI services simultaneously. This policy explains what personal data we collect, why, and the rights you have over it.
What we collect
| Email address | To create and identify your account. Used for login and password reset emails. |
| Password | Stored as a secure bcrypt hash โ never in plain text, never readable by us. |
| Daily usage count | Number of broadcasts per day, stored server-side to enforce free-tier limits. |
| Brain memory | Text you manually type into the Brain tab, synced to your account across devices. |
| Projects | Project names and descriptions you create, synced to your account. |
| Conversation history | Prompts and AI responses from your broadcasts, stored locally and optionally synced. |
| IP address | Logged temporarily at registration to limit abuse. Not stored long-term. |
| License key | Your Whop subscription key, used to verify Pro access each session. |
What we never collect
- AI conversation content
- Browsing history
- Advertising cookies
- Payment card details
- AI account credentials
- Device identifiers
- Location data
- Data for ads
How we use your data
| Authentication | Your email and password let you log in securely across devices. |
| Cross-device sync | Brain facts, projects, and conversation history sync via Firebase so your data is available anywhere. |
| Usage enforcement | Daily broadcast count enforces the free tier of 5 broadcasts per day. |
| License verification | Your key is checked against Whop each session to confirm your Pro subscription. |
| Abuse prevention | IP rate limiting prevents mass account creation to abuse the free tier. |
Third-party services
We use these services to operate OmniChat. Each handles data under their own privacy policy:
firebase.google.com/support/privacy
whop.com/privacy
render.com/privacy
Security
| Password hashing | bcrypt with salt rounds โ we cannot read your password. |
| Transport | All communication uses HTTPS/TLS encryption. |
| Token expiry | Auth tokens expire after 30 days and require re-login to refresh. |
| Local data | API keys and conversation cache stay in Chrome's local storage, never sent to us. |
| Database rules | Firebase security rules ensure each user can only access their own data. |
Your rights
- AccessRequest a copy of all data we hold about you at any time.
- DeletionRequest full deletion of your account and all associated data within 30 days.
- CorrectionRequest correction of inaccurate personal data we hold.
- ExportExport your Brain facts, projects, and conversation history from the Settings tab in the extension.
Children's privacy
OmniChat is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their data, contact us and we will delete it immediately.
Changes to this policy
We may update this policy as OmniChat evolves. When we do, we update the effective date above. Continued use of OmniChat after changes means you accept the updated policy.
Questions or requests?
To access, delete, or export your data โ or if you have any questions about this policy.
โ omnipilot.ai@gmail.comWe respond within 30 days.