# Privacy & Security — Omna Help

> Omna is built on a single principle: **your data never leaves your device.** This page explains exactly what Omna does and doesn't do with your data.

Canonical: https://omna.dev/help/privacy-and-security

Omna is built on a single principle: **your data never leaves your device.** This page explains exactly what Omna does and doesn't do with your data.

---

## The core guarantee

- **Zero network calls.** Omna does not send your data to any server — not Omna's servers, not OpenAI's, not Google's, not anyone else's. The only network traffic Omna generates is when you explicitly send a message to an AI app. Even then, Omna only sends the *sliced* (relevant rows) version, not the original file.
- **Zero telemetry.** Omna does not phone home with usage data, crash reports, analytics, or any other information about how you use it.
- **Zero cloud storage.** Your files, your index, your token registry — all stored locally on your Mac.

---

## What Omna does with your files

1. **Reads your files** to build a search index. Files are read from the folders you chose during install (or added later via the menu bar).
2. **Stores index artifacts** in `~/Library/Application Support/Omna/index/`. These are:
   - BM25 keyword index (stores word frequencies per row — not the original text)
   - Embedding vectors (768 numbers representing the semantic meaning of each row — not the original text)
   - The masked text of each row (PII replaced with placeholders — not the original text)
3. **Never uploads** your files, their contents, or their index artifacts anywhere.

The original file content is not stored in the index. If you delete the source file, the index artifacts are the only trace — and they are on your machine.

---

## At-rest protection

Omna does **not** ship its own encryption layer. There is no app-level encryption, no macOS Keychain integration, no separate key escrow. At-rest protection comes from two layers that the operating system provides:

- **Per-user POSIX permissions.** All Omna data lives under your user account's `~/Library/` directory, owned by you and not readable by other local users. Slice files (`~/Library/Caches/Omna/slices/`) are written with stricter `0600` (owner read+write only) inside a `0700` directory.
- **FileVault** (if you have it enabled). FileVault encrypts the entire startup disk — every file, including Omna's, is unreadable without your account password while the disk is locked. macOS does not let Omna or any third-party app turn FileVault on for you; it's a System Settings → Privacy & Security → FileVault toggle.

For most personal use this is the right level. For enterprise deployments with a stricter compliance bar, centrally-pushed policy and audit-log export are on the enterprise-tier roadmap (see below).

---

## PII masking — how it works

When Omna processes text for masking, indexing, or slicing, it scans every row with a **six-layer detection engine** written in Rust — fully on-device, no cloud NLP, no API calls. The same engine runs in the Mac app, the browser extension, and the Python library.

**The six layers:**

1. **Patterns + validators** — emails, phones, SSNs, credit cards, IBANs, and 30+ international ID schemes, *checksum-verified* (Luhn, IBAN mod-97, Aadhaar, NHS, AU TFN/ABN, …) so a real ID is caught and a random look-alike isn't.
2. **Secrets** — 220+ rules (AWS keys, GitHub tokens, JWTs, private keys, database connection strings) with entropy checks.
3. **On-device AI model** — catches contextual personal data no pattern can: a bare name in a sentence, an address, medical context.
4. **Fusion** — resolves overlaps and links the same person across a document.
5. **Policy** — reversible `[PERSON_1]`-style tokens for personal data; **secrets are always redacted irreversibly** and never recoverable.
6. **Audit** — every decision is logged (type, layer, confidence) without ever storing the original value.

**What Omna detects — 30+ data types, plus 220+ secret kinds:**

| Group | Examples |
|---|---|
| People & contact | Names, dates of birth, emails, phone numbers, physical addresses, personal URLs |
| Government & national IDs | SSN, passport, driver's license, tax ID, national IDs — checksum-validated |
| Financial | Credit cards, bank accounts, IBAN, crypto wallets, salary / compensation |
| Health | Medical record numbers, insurance IDs, medical license numbers, diagnoses |
| Employment | Employee IDs, HR / compensation records |
| Digital & network | IP addresses, MAC addresses, device IDs |
| Secrets & credentials | 220+ kinds — API keys, AWS keys, GitHub tokens, JWTs, passwords, private keys — always irreversibly redacted |

**Masked text looks like:** `John Smith` → `[PERSON_1]`, `john@example.com` → `[EMAIL_1]`, an AWS key → `[REDACTED:AWS_KEY]` (irreversible).

**The token registry** maps each placeholder back to the original value. It lives in session memory only (for the browser extension) or on your local machine (for the desktop app). It never leaves your device.

**Multi-name detection:** If a sentence contains multiple names ("recommend Smith, not Johnson"), Omna detects and masks both — it handles contrastive patterns like "X not Y", "X vs Y", "rather than Z", "instead of W".

---

## Accessibility permission — why Omna needs it

macOS requires Accessibility permission for any app that reads text from another app's UI. Omna uses this permission for one specific purpose: **reading the question you typed in the AI chat box at the moment you drop a file.**

Omna does not:
- Log your keystrokes
- Read text from other applications (only the focused AI app while Omna's capsule is active)
- Store what you typed beyond the current drop session
- Run in the background reading anything unless an AI app is foregrounded and the capsule is active

The Accessibility permission is read-only for Omna. It never modifies the AI app's UI. (Writing — the ⌘V paste of the sliced file — uses the standard macOS clipboard, which does not require Accessibility permission.)

---

## What's stored locally

| Location | Contents | When deleted |
|---|---|---|
| `~/Library/Application Support/Omna/index/<subfolder>/` | Per-file `index.bm25` + `index.embed` + `index.hnsw.segs` + `index.rows` + `index.fingerprint`; the masked row text lives inside the BM25 + rows files | When you remove the folder from watch list, or when the 50 GB cap triggers LRU eviction |
| `~/Library/Application Support/Omna/registry.tsv` | Persistent `[PERSON_N] ↔ original` map (so the same name keeps the same token across sessions) | Never — deleting this file resets all placeholders |
| `~/Library/Application Support/Omna/watch_folders.json` | The list of folders you chose to index | Updated whenever you add or remove a folder |
| `~/Library/Application Support/Omna/stats.json` | Lifetime token count, files sliced count | Never (persists across restarts) |
| `~/Library/Application Support/Omna/preferences.json` | PII masking on/off, low-power mode, slice-vs-advisory mode | Never (persists across restarts) |
| `~/Library/Application Support/Omna/machine_profile.json` | Benchmark result (rows/second, Fast/Slow profile) | Never (measured once at install) |
| `~/Library/Application Support/Omna/omna.log` | Application logs | Rotated at 50 MB — the live log is renamed to `omna.log.1` (overwriting any prior `.1`) and a fresh log is started. At most two files on disk. |
| `~/Library/Caches/Omna/slices/` | Sliced output files (sent to AI). Directory is `0700`, files are `0600` — owner-only. | Automatically after 7 days, or when cache exceeds 500 MB |
| Chrome extension local storage | Token savings stats, claimed spot rank | Cleared when you remove the extension |

---

## macOS permissions summary

| Permission | Why | When granted |
|---|---|---|
| **Accessibility** | Read typed question from AI chat box | First launch — you grant manually in System Settings |
| **Folder access** | Read files for indexing | During install — you pick folders via Finder picker, which implicitly grants access |
| **Native Messaging** | Chrome extension ↔ Mac app communication | Automatic — registered during install, local-only |

Omna requests no other macOS permissions. No camera, no microphone, no contacts, no location, no Photos.

---

## Enterprise considerations

For teams that need centralized policy:
- PII masking categories and sensitivity levels can be configured centrally and pushed to all machines (enterprise tier — coming)
- The audit log of masking activity is stored locally and can be exported (coming)
- No data leaves the machine in any tier — the on-device guarantee is unconditional
