Privacy Policy

Last Updated: April 30, 2026

Welcome to OmniKit (hereinafter referred to as "the App"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your information.

1. Core Philosophy: Clean, Local-First, No Ads

OmniKit adopts a local-first privacy design. Most tools—including QR scanning, local calculations, Time Toolkit, Photo editing, 2FA (TOTP) Authenticator, Clipboard history, Notes, and PDF reading—run on your device. We do not use third-party advertising SDKs, do not sell user data, and do not upload the content you process in tools unless you explicitly choose a networked feature.

2. Information We Collect

To provide stable services and continuously improve the product, we may collect minimal, essential information:

• Anonymous Identity Information: The App avoids requiring your real name, phone number, or email for core use. If backend services are needed, we may use a random anonymous identifier that is separate from your local tool content.
• Device and App Information: Including broad device model, OS version, app version, country/language, and install channel where available. The Device Info tool may display Android ID and Google Advertising ID locally for your own reference. We do not use the Advertising ID for ads, profiling, or cross-app tracking.
• Anonymous App Statistics: We may use Firebase Analytics to understand aggregated behavior such as app opens, screen views, onboarding completion, paywall views, purchases, and feature usage counts. These events must not include Clipboard text, Notes content, QR scan results, OCR text, file names, images, 2FA account names, 2FA secrets, AI prompts, or AI responses.
• Crash Diagnostics: We may use Crashlytics to detect and fix crashes. Crash reports are used for reliability and must not intentionally include sensitive user content.
• Third-Party Network Location Services: When you specifically utilize our "Network Info/Public IP" tool, we call the API of the third-party service provider ipinfo.io. This process involves identifying your IP address for geographical mapping. We commit that we will not store such data on our own servers.
• RevenueCat Subscription Management: For users purchasing Pro features or subscribing, we use RevenueCat to validate customer entitlement receipts securely without tying them to personally identifiable information.

3. Permissions and Use

The App requests sensitive permissions only when you explicitly interact with corresponding features:

• Camera Permission: Requested only to facilitate the "QR/Barcode Scanner," "OCR Text Recognition," or "Photo Toolkit" interfaces.
• Storage / Photos Permission: Requested only when saving edited images, importing photos for manipulation, or generating Cloud Instance Shares.
• Internet Access: Used for subscription checks, user-triggered network tools, anonymous analytics, crash reporting, optional sync or backup, and user-triggered AI processing where available. It is not used to render third-party advertisements.

4. 2FA Authenticator & Data Sovereignty

If you use the 2FA (TOTP) feature, please be informed that your secret seeds are exclusively retained in the encrypted local storage bounds of your Android device framework (Android Keystore). Deleting the app may result in permanent forfeiture of your 2FA keys. Do not delete without backups.

5. AI and User-Triggered Processing

When AI features are available, OmniKit sends content to an AI service only after you actively choose an AI action, such as summarizing, translating, or explaining selected content. We do not automatically upload Clipboard history, Notes, OCR text, files, or images in the background for AI processing. AI diagnostics should record only operational metadata such as action type, length bucket, success, latency, and cost class, not raw prompts or responses.

6. Data Storage and Security

• Local Storage Priority: Highly sensitive data is stored exclusively on your local device.
• Supplier Security: We leverage mature cloud frameworks provided by Google (Firebase) and RevenueCat as our backend infrastructure.
• No Ads and No Sale of Data: We do not integrate third-party advertising SDKs and we never sell your behavior logs, app data, or tool content.
• User Control: Where supported, you may clear local histories, manage privacy settings, export data, and delete optional cloud data.