// TRUST & PLANS
Privacy & Security
Omna is built on a single principle: **your data never leaves your device.** This page explains exactly what Omna does and doesn't do with your data.
The core guarantee
- Zero network calls. Omna does not send your data to any server — not Omna's servers, not OpenAI's, not Google's, not anyone else's. The only network traffic Omna generates is when you explicitly send a message to an AI app. Even then, Omna only sends the sliced (relevant rows) version, not the original file.
- Zero telemetry. Omna does not phone home with usage data, crash reports, analytics, or any other information about how you use it.
- Zero cloud storage. Your files, your index, your token registry — all stored locally on your Mac.
What Omna does with your files
- Reads your files to build a search index. Files are read from the folders you chose during install (or added later via the menu bar).
- Stores index artifacts in
~/Library/Application Support/Omna/index/. These are: - BM25 keyword index (stores word frequencies per row — not the original text) - Embedding vectors (384 numbers representing the semantic meaning of each row — not the original text) - The masked text of each row (PII replaced with placeholders — not the original text) - Never uploads your files, their contents, or their index artifacts anywhere.
The original file content is not stored in the index. If you delete the source file, the index artifacts are the only trace — and they are on your machine.
At-rest protection
Omna does not ship its own encryption layer. There is no app-level encryption, no macOS Keychain integration, no separate key escrow. At-rest protection comes from two layers that the operating system provides:
- Per-user POSIX permissions. All Omna data lives under your user account's
~/Library/directory, owned by you and not readable by other local users. Slice files (~/Library/Caches/Omna/slices/) are written with stricter0600(owner read+write only) inside a0700directory. - FileVault (if you have it enabled). FileVault encrypts the entire startup disk — every file, including Omna's, is unreadable without your account password while the disk is locked. macOS does not let Omna or any third-party app turn FileVault on for you; it's a System Settings → Privacy & Security → FileVault toggle.
For most personal use this is the right level. For enterprise deployments with a stricter compliance bar, centrally-pushed policy and audit-log export are on the enterprise-tier roadmap (see below).
PII masking — how it works
When Omna processes a file for indexing or slicing, it scans every row for personal information using a local Rust-based detection engine (no cloud NLP, no API calls).
The 10 categories Omna masks:
| Category | Examples |
|---|---|
| Identity | Names, nicknames, dates of birth (covers dob:, birthday:, yob:, year_of_birth:, birth_year:, column-header prefixes like employee_dob:, compact 19880314, and natural-language 15 January 1988) |
| Contact | Email addresses, phone numbers, physical addresses |
| Government IDs | Social Security numbers, passport numbers, driver's license numbers |
| Financials | Credit card numbers, bank account numbers, IBAN numbers |
| Healthcare | Diagnoses, prescriptions, insurance policy numbers |
| Digital footprint | IP addresses, cookies, device IDs |
| Employment | Salaries, performance reviews, HR records |
| Corporate secrets | Internal codes, pricing strategies, product roadmaps |
| Credentials | Passwords, API keys, OAuth tokens |
| Custom patterns | Enterprise-defined patterns (coming in enterprise tier) |
Masked text looks like: John Smith → [PERSON_1], john@example.com → [EMAIL_1]
The token registry maps each placeholder back to the original value. It lives in session memory only (for the browser extension) or on your local machine (for the desktop app). It never leaves your device.
Multi-name detection: If a sentence contains multiple names ("recommend Smith, not Johnson"), Omna detects and masks both — it handles contrastive patterns like "X not Y", "X vs Y", "rather than Z", "instead of W".
Accessibility permission — why Omna needs it
macOS requires Accessibility permission for any app that reads text from another app's UI. Omna uses this permission for one specific purpose: reading the question you typed in the AI chat box at the moment you drop a file.
Omna does not:
- Log your keystrokes
- Read text from other applications (only the focused AI app while Omna's capsule is active)
- Store what you typed beyond the current drop session
- Run in the background reading anything unless an AI app is foregrounded and the capsule is active
The Accessibility permission is read-only for Omna. It never modifies the AI app's UI. (Writing — the ⌘V paste of the sliced file — uses the standard macOS clipboard, which does not require Accessibility permission.)
What's stored locally
| Location | Contents | When deleted |
|---|---|---|
~/Library/Application Support/Omna/index/<subfolder>/ | Per-file index.bm25 + index.embed + index.hnsw.segs + index.rows + index.fingerprint; the masked row text lives inside the BM25 + rows files | When you remove the folder from watch list, or when the 20 GB cap triggers LRU eviction |
~/Library/Application Support/Omna/registry.tsv | Persistent [PERSON_N] ↔ original map (so the same name keeps the same token across sessions) | Never — deleting this file resets all placeholders |
~/Library/Application Support/Omna/watch_folders.json | The list of folders you chose to index | Updated whenever you add or remove a folder |
~/Library/Application Support/Omna/stats.json | Lifetime token count, files sliced count | Never (persists across restarts) |
~/Library/Application Support/Omna/preferences.json | PII masking on/off, low-power mode, slice-vs-advisory mode | Never (persists across restarts) |
~/Library/Application Support/Omna/machine_profile.json | Benchmark result (rows/second, Fast/Slow profile) | Never (measured once at install) |
~/Library/Application Support/Omna/omna.log | Application logs | Rotated at 50 MB — the live log is renamed to omna.log.1 (overwriting any prior .1) and a fresh log is started. At most two files on disk. |
~/Library/Caches/Omna/slices/ | Sliced output files (sent to AI). Directory is 0700, files are 0600 — owner-only. | Automatically after 7 days, or when cache exceeds 500 MB |
| Chrome extension local storage | Token savings stats, claimed spot rank | Cleared when you remove the extension |
macOS permissions summary
| Permission | Why | When granted |
|---|---|---|
| Accessibility | Read typed question from AI chat box | First launch — you grant manually in System Settings |
| Folder access | Read files for indexing | During install — you pick folders via Finder picker, which implicitly grants access |
| Native Messaging | Chrome extension ↔ Mac app communication | Automatic — registered during install, local-only |
Omna requests no other macOS permissions. No camera, no microphone, no contacts, no location, no Photos.
Enterprise considerations
For teams that need centralized policy:
- PII masking categories and sensitivity levels can be configured centrally and pushed to all machines (enterprise tier — coming)
- The audit log of masking activity is stored locally and can be exported (coming)
- No data leaves the machine in any tier — the on-device guarantee is unconditional