Omi Scribe (macOS) Privacy Policy

Omi Scribe (macOS) Privacy Policy

Effective: 01 October 2025

Controller: Omi Health B.V. (KVK 69497680), Eindhoven, Netherlands  •  [email protected]

1 · What We Collect

App content (audio, transcripts, notes) – Processed entirely on your device. Omi Health B.V. does not receive, transmit, or store your content.

Diagnostics (optional) – If you enable diagnostics, we may receive technical crash logs and performance metrics only. No audio, transcripts, or clinical data are included. You can disable diagnostics any time in Settings.

Model downloads (Apple Data Transmission) – Clinical AI models are downloaded from Apple’s servers via the BackgroundAssets framework when you first launch the app or install updates. Apple may log these requests under its own privacy policy. No personal or clinical data are sent to Omi Health B.V.

2 · Why We Process This Information

To provide, maintain, and improve app stability and security, in our legitimate interest under GDPR Article 6(1)(f).

3 · Sharing

We do not sell or trade data. If diagnostics are enabled, we use vetted service providers solely for error reporting or technical support and bind them by data-processing contracts.

4 · Security

• All processing occurs on-device within a sandboxed macOS environment.

• Audio files and session data are encrypted at rest using AES-256-GCM authenticated encryption, with keys stored in the macOS Keychain (device-bound).

• During playback, temporary decryption occurs in a secure temporary directory and files are auto-deleted after playback stops.

• Biometric authentication (Touch ID / Face ID) is handled exclusively by Apple’s Secure Enclave; Omi Health B.V. never receives or stores biometric data. You can configure auto-lock between 1 and 10 minutes.

5 · Exports & User Responsibility

If you copy, export, or share notes, transcripts, or audio (for example via clipboard, file export, or screen sharing), you assume responsibility for protecting that data outside the app.

You agree to securely transmit and store exported data and comply with applicable privacy laws (HIPAA, GDPR, etc.). Omi Health B.V. cannot control or secure data once exported.

6 · HIPAA (US Customers Only)

Omi Scribe processes all data locally on your device and does not create, receive, maintain, or transmit PHI on your behalf. No Business Associate Agreement (BAA) is provided.

If you are a HIPAA Covered Entity, you remain solely responsible for using the Software in compliance with HIPAA Privacy and Security Rules. If we introduce future cloud features that process PHI, we will reassess and offer appropriate agreements. Contact [email protected] for BAA inquiries.

7 · Your Rights (GDPR / EU EEA Users)

• Access, correction, deletion, restriction, and objection rights per Articles 15–21 GDPR.

• To exercise rights, contact [email protected].

• You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local DPA.

Data Retention Policy – Session data is stored until you delete it or per your configured retention setting (30, 90, 365 days, or never). When the retention period ends, audio and transcripts are permanently deleted from local storage.

8 · Children

The app is not intended for children under 16 and should not be used by minors without parental consent.

9 · Changes

We will publish any updates at omi.health/legal/omi-scribe-privacy and update the effective date. Significant changes will also appear in-app.

10 · App Store Privacy Disclosure

On the Mac App Store product page, we disclose privacy details under Apple’s required categories. If no data is collected, the listing will state “Data Not Collected.”

© 2025 Omi Health B.V. All rights reserved.

omi.health/legal  •  [email protected]  •  Eindhoven, Netherlands