OmniSciences Privacy Policy
Effective Date: May 28, 2026 Last Updated: May 28, 2026
1. Introduction
OmniSciences LLC ("OmniSciences," "we," "us," or "our"), a Wyoming limited liability company, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including OmniPoll, OmniHealth, OmniFi, and OmniResearch (collectively, the "Services").
Our Core Principle: You own your data. We are committed to transparency, user control, and privacy by design.
2. Information We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, phone number | Account creation and authentication |
| Profile Information | Demographics, preferences | Service personalization |
| Financial Information | Bank accounts, transactions (via Plaid) | OmniFi financial insights |
| Health Information | Genetic data, biomarkers | OmniHealth analysis |
| Survey Responses | Poll answers, opinions | OmniPoll insights |
2.2 Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Browser type, operating system | Service optimization |
| Usage Data | Pages visited, features used | Service improvement |
| Log Data | IP address, access times | Security and troubleshooting |
2.3 Information from Third Parties
| Source | Data Type | Purpose |
|---|---|---|
| Plaid | Bank account and transaction data | OmniFi financial aggregation |
| Wearable Devices | Health metrics | OmniHealth integration |
| Authentication Providers | Basic profile info | Social login |
3. How We Use Your Information
We use your information to:
- Provide Services: Deliver the features and functionality you request
- Personalize Experience: Customize insights and recommendations
- Improve Services: Analyze usage to enhance our products
- Communicate: Send service updates, security alerts, and support messages
- Ensure Security: Detect and prevent fraud and unauthorized access
- Comply with Law: Meet legal and regulatory obligations
What We Never Do
- We do NOT sell your personal data to third parties
- We do NOT share your data without your explicit consent
- We do NOT use your data for purposes you haven't agreed to
- We do NOT access your financial accounts without your authorization
4. Financial Data (Plaid Integration)
4.1 How Plaid Works
When you connect a financial account through OmniFi:
- You authorize the connection through Plaid's secure interface
- Plaid retrieves your account and transaction data
- We store this data encrypted to provide you with insights
- You can disconnect accounts and delete data at any time
4.2 Financial Data We Access
| Data Type | What We See | What We Don't See |
|---|---|---|
| Accounts | Account names, balances, types | Account numbers, routing numbers |
| Transactions | Amounts, dates, merchant names | Full card numbers |
| Identity | Name on account | Social Security Number |
4.3 Financial Data Protection
- All financial data encrypted at rest (AES-256)
- Transmitted over TLS 1.2+
- Access logged and auditable
- Never shared with third parties without consent
- Deletable on request
4a. Wearable Health Data (Garmin Connect, Terra, and similar)
4a.1 What We Collect
When you connect a wearable account (Garmin, Oura, Whoop, Apple Health, Fitbit, Polar, etc.), we may receive — subject to the scopes you authorize during the connection flow:
| Category | Examples |
|---|---|
| Activities | Workouts, GPS tracks, distance, pace, heart-rate zones |
| Continuous biometrics | Heart rate, HRV, respiration, pulse-oximetry, stress, body battery, blood pressure |
| Sleep | Sleep stages, duration, quality scores, latency |
| Body composition | Weight, body fat %, BMI, hydration |
| Daily summaries | Steps, calories, intensity minutes |
| Reproductive health (separate opt-in) | Menstrual cycle tracking, pregnancy data — see §4a.6 below for heightened protections |
We collect only the scopes you explicitly grant. You can review and revoke individual scopes at any time in your OmniHealth account settings.
4a.2 How We Use Wearable Data
- Personal analytics. Connected-wearable data is processed to deliver personalized insights to you — training-load patterns, sleep–recovery coupling, HR/HRV trends, body composition shifts.
- Aggregate insights (opt-in only). With your separate, informed consent under WA MHMD and CCPA, derived aggregate signals — never raw records, never identifiers — may contribute to a community insights dashboard. Aggregation passes a documented k-anonymity threshold (minimum cohort k ≥ 50) and differential-privacy budget.
4a.3 Garmin Connect
OmniHealth is a participant in the Garmin Connect Developer Program. We use the Garmin Health API and Activity API under Garmin's data license, which:
- Permits collection of the scopes listed in §4a.1 from Garmin Connect users who have authorized OmniHealth via Garmin's OAuth flow.
- Prohibits redistribution of raw user data to third parties. OmniHealth complies; we share only derived, k-anonymous aggregates and only with the consent of contributing users.
- Permits you to revoke OmniHealth's access at any time from your Garmin Connect account settings, which immediately stops further data delivery to us.
4a.4 Retention and Deletion of Wearable Data
- Wearable data is retained while your OmniHealth account is active.
- On account deletion, wearable-sourced records are purged within 30 days; backups within 90 days.
- On wearable disconnect (without account deletion), historical wearable data remains in your OmniHealth account for personal review unless you specifically delete it.
- On withdrawal of research consent, your future contributions to aggregate insights cease; already-published aggregate statistics cannot be retroactively unmade.
4a.5 What We Never Do with Wearable Data
- We do not sell wearable data.
- We do not share raw wearable records with third parties.
- We do not use wearable data for advertising or cross-context behavioral advertising.
- We do not provide wearable data to insurers, employers, or marketers.
4a.6 Reproductive Health Data (Garmin Women's Health API and similar)
Wearable data that includes menstrual cycle tracking or pregnancy information is handled under additional protections beyond our baseline wearable handling. Reproductive-health data carries heightened legal sensitivity (Washington My Health My Data Act, California Reproductive Privacy Act, similar state laws) and meaningful real-world risk in jurisdictions where reproductive choices are subject to prosecution. We have designed OmniHealth's reproductive-data handling to be user-protective by default.
Additional protections that apply specifically to reproductive-health data:
- Separate explicit consent. Connecting a wearable does not enable reproductive-health collection. A separate, granular opt-in is required, with a clear plain-language description of what will be collected. The default is OFF.
- Excluded from aggregate research by default. Reproductive-health data is excluded from the community insights pool described in §4a.2, regardless of your general research-consent choice. Contributing reproductive-health data to aggregates requires a second, specific opt-in.
- Faster deletion path. A dedicated "Erase reproductive data" control in account settings purges all reproductive-health records and backups within 24 hours, faster than the standard 30-day account-deletion cascade.
- No advertising or marketing use, ever. Not for OmniHealth's own marketing, not for any third party.
- Law-enforcement requests. We will not voluntarily disclose reproductive-health data to law enforcement or other government authorities. We will challenge overbroad subpoenas, warrants, and other legal process to the maximum extent permitted by law. Where the law permits, we will notify you of any legal request targeting your reproductive-health data before responding, so you have an opportunity to object or take protective action.
- Cross-state hardening. Where U.S. state laws conflict on reproductive-data handling, we apply the protections of the state with the strongest user-protective rule, not the state with the weakest.
If you do not wish to share reproductive-health data with OmniHealth at all, leave the Women's Health scope disconnected during the wearable connection flow. You can still connect every other Garmin scope.
5. Data Sharing and Disclosure
5.1 We May Share Data With
| Recipient | Purpose | Your Control |
|---|---|---|
| Service Providers | Infrastructure, analytics | Bound by contracts |
| Plaid | Financial data aggregation | You authorize connection |
| Research Partners | Anonymized insights (if you opt in) | Explicit consent required |
| Legal Authorities | When required by law | We notify you when possible |
5.2 Anonymized Data
With your explicit consent, we may share anonymized, aggregated data for research purposes. This data cannot be used to identify you. If you participate, you receive a share of any revenue generated.
5.3 We Never Share
- Your raw financial transactions
- Your personal health data
- Your identity with advertisers
- Any data without a legal basis or your consent
6. Your Rights and Choices
6.1 Access and Portability
- View Your Data: Access all data we hold about you
- Export Your Data: Download your data in standard formats (JSON, CSV)
- Data Portability: Transfer your data to other services
6.2 Correction and Deletion
- Correct: Update inaccurate information
- Delete: Request complete deletion of your data
- Right to be Forgotten: We honor deletion requests within 30 days
6.3 Consent Management
- Withdraw Consent: Revoke any consent at any time
- Opt Out: Decline optional data collection
- Disconnect Accounts: Remove linked financial accounts
6.4 How to Exercise Your Rights
Contact us at privacy@omnisciences.io or use the in-app settings to:
- Download your data
- Delete your account
- Manage connected accounts
- Update consent preferences
7. Data Security
7.1 Security Measures
| Measure | Implementation |
|---|---|
| Encryption at Rest | AES-256 via AWS KMS |
| Encryption in Transit | TLS 1.2+ for all connections |
| Access Controls | Role-based access, MFA required |
| Monitoring | 24/7 security monitoring and alerting |
| Auditing | All data access logged |
7.2 Incident Response
In the event of a data breach:
- We will notify affected users within 72 hours
- We will notify relevant authorities as required by law
- We will provide information on steps you can take
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Until account deletion |
| Financial Data | Until you disconnect or delete |
| Usage Logs | 90 days |
| Security Logs | 1 year |
After account deletion:
- Personal data deleted within 30 days
- Backups purged within 90 days
- Anonymized data may be retained for analytics
9. Children's Privacy
Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.
10. International Data Transfers
Your data may be processed in the United States. By using our Services, you consent to data transfer to the US. We ensure appropriate safeguards are in place for any international transfers.
11. Third-Party Links
Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification
- In-app notification
- Posting the updated policy with a new effective date
Your continued use of our Services after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices:
Email: privacy@omnisciences.io
Mail: OmniSciences LLC 11 Redwood Drive Bethel, CT 06801 USA
Data Protection Inquiries: security@omnisciences.io
14. State-Specific Rights
California Residents (CCPA)
You have the right to:
- Know what personal information we collect
- Delete your personal information
- Opt out of the sale of personal information (we don't sell data)
- Non-discrimination for exercising your rights
- Limit the use of Sensitive Personal Information (CPRA)
- Correct inaccurate personal information (CPRA)
Do Not Sell or Share My Personal Information. OmniSciences does not sell or share your personal information for cross-context behavioral advertising. We have not done so in the preceding 12 months and do not intend to. No "Do Not Sell or Share" link is required because no such sharing occurs.
Washington Residents (My Health My Data Act)
If you are a Washington resident, you have additional rights under the My Health My Data Act ("WA MHMD"). WA MHMD's definition of "consumer health data" includes wearable-sourced biometric data, sleep and activity data, and any data that identifies a past, present, or future health condition — so this section applies broadly to OmniHealth.
- Separate, informed consent is obtained before we collect or share your consumer health data.
- Right to withdraw consent at any time; withdrawal does not affect processing already completed under prior consent.
- Right to deletion within 30 days, propagated to our service providers and affiliates.
- No geofencing around healthcare facilities.
- Private right of action — WA MHMD permits you to sue us directly for material violations.
To exercise these rights, email privacy@omnisciences.io with subject line WA MHMD Request.
European Residents (GDPR)
You have the right to:
- Access your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Lodge a complaint with a supervisory authority
By using OmniSciences services, you acknowledge that you have read and understood this Privacy Policy.
OmniSciences