Privacy Policy

Last updated: 11 May 2026 · Effective: 11 May 2026

This Privacy Policy describes how Omnivia Apps ("we", "us", "our") handles your information when you use any of our mobile applications — including but not limited to OmniaLife, CaddieIQ, and other apps published under our developer account on the Google Play Store.

This policy is written in plain English. Where Google requires specific verbatim disclosures (notably for Gmail data), those disclosures are reproduced word-for-word.

Quick summary — what you actually need to know:

Your in-app content (notes, rounds, photos, voice recordings, settings) lives on your device. We don’t store it on our servers.
Apps that offer a paid subscription or cross-device sign-in (currently CaddieIQ) hold a small account record on Firebase — email, display name, profile photo URL, subscription tier. Nothing else.
We never sell, trade, or share your data with advertisers.
We use Google’s Gemini AI to process voice notes, photos, and email metadata you choose to scan. The data is sent to Google’s API, processed, and discarded — never used to train AI models on your data, never retained.
If you connect Google services (Calendar, Gmail, Contacts), we ask only for the minimum permissions we need.
You can delete your account from inside the app, uninstall the app to wipe local data, or revoke permissions in your Google Account settings.

1. Who we are

Omnivia Apps is an independent mobile-app developer based in the United Kingdom. We publish on the Google Play Store under the developer name “Omnivia Apps”. You can reach us at omniviaapps@gmail.com.

2. What data our apps collect

The data each app handles depends on the app’s purpose. The following is exhaustive:

2.1 Data you create in the app

Documents and notes — text you type, photos you take, voice notes you record, journal entries, contact information, scanned documents, and similar user-generated content.
App settings — your preferences, toggles, and configuration.

This data is stored on your device, in the app’s private storage area (Android’s SharedPreferences and the app’s documents directory). It is not uploaded to any Omnivia server. We do not operate a cloud backend for user content.

2.2 Data accessed via Google services (only if you connect Google)

If you choose to sign in with Google in OmniaLife, we request access to specific Google services using OAuth 2.0. The current scopes are:

Scope (URL form)	What it reads	Why we need it
`https://www.googleapis.com/auth/userinfo.email`	Your primary Google Account email address	To identify the signed-in user inside the app and route content to the right Google account.
`https://www.googleapis.com/auth/calendar.events`	Read and write events on your calendars	To show upcoming events alongside your reminders, and to create calendar events from voice commands and meeting notes you save.
`https://www.googleapis.com/auth/contacts`	Read, create, and update Google Contacts	To show contact details when names appear in your notes (e.g. “meeting with Dave” resolves to Dave’s contact card), and to create new contacts you add inside the app. We never delete contacts — the codebase has no contact-deletion call.
`https://www.googleapis.com/auth/gmail.metadata`	Email message metadata only — sender, recipient, subject, date, labels, and the message snippet (~150-character preview). No body content. No attachments.	To list recent emails in OmniaLife’s Smart Inbox so you can triage them by sender and subject. To read full body content you tap "Open in Gmail" inside the app, which deep-links to the Gmail app on your device — OmniaLife never reads bodies directly.

2.3 Account data held on Firebase (apps with sign-in)

Apps that offer a paid subscription or cross-device sign-in — currently CaddieIQ — create an account record in Firebase Authentication when you sign in with Google or email + password. The record holds:

A Firebase user ID (a random opaque string we use to recognise you across devices)
Your email address
Your display name (from your Google profile, or the name you entered when creating an email account)
Your Google profile photo URL (if you signed in with Google)
Account creation date and last sign-in date
For email + password accounts: the password as a one-way hash. We never see your plaintext password.

The app also writes a single Firestore document at users/{your-id} with the same fields plus your subscription tier (Starter / Plus / Pro / Tour) and tier expiry date. This is how the app knows which premium features to unlock when you sign in on a new device.

That’s the entire footprint. No rounds, no shots, no GPS history, no swing videos, no health data, no analytics — all of that stays on your device.

You can delete this account record at any time from inside the app: Settings → Account → Delete Account. This permanently removes the Firebase Authentication record and the Firestore users/{your-id} document. Local data on the device is unaffected by Delete Account — use the separate Remove All Data option in Settings if you want that too.

2.4 Data we do NOT collect

We do not collect device location, IP address, advertising ID, or any analytics about your behaviour.
We do not run third-party analytics SDKs (no Firebase Analytics, no Crashlytics that captures user data, no Facebook SDK, no AdMob).
We do not collect financial information except where you explicitly enter it as a record in the app, and that data stays on your device.

3. How we use the data

3.1 To provide the app’s features

Data is used solely to make the app’s features work: showing your notes, ringing reminders, displaying calendar events, etc.

3.2 AI processing via Google Gemini

OmniaLife uses Google’s Gemini 2.5 Flash AI model (via Google’s Generative Language API) to:

Transcribe voice notes you record
Classify the intent of voice commands (note / task / meeting / reminder / email / query)
Extract structured information from photos of documents and from email previews you scan
Generate optional AI coaching tips inside the app

When AI processing happens, the relevant audio/image/text is sent to Google’s Gemini API endpoint, processed, and the response returned to your device. The audio file is then immediately deleted from your device’s storage. Per Google’s API terms, data sent to Gemini is not used to train Google’s AI models on user data and is not retained beyond the request.

3.3 Limited Use of Google User Data (verbatim disclosure)

Limited Use disclosure (per Google API Services User Data Policy):

OmniaLife’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

OmniaLife uses access to Google user data only to provide or improve user-facing features that are prominent in the requesting application.
OmniaLife does not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable laws, or as part of a merger, acquisition, or sale of assets with notice to users.
OmniaLife does not use Google user data for advertising purposes.
OmniaLife does not allow humans to read Google user data unless we have the user’s affirmative consent for specific messages, are doing so for security purposes such as investigating abuse, are required to for legal compliance, or where the data has been aggregated and anonymized.

4. How data is stored and secured

4.1 On-device storage

All app content (your notes, photos, voice recordings before deletion, calendar caches, etc.) is stored in the app’s private storage area on your device. Other apps cannot read it. We do not back it up to our servers.

4.2 Sensitive fields

For fields you mark as sensitive (passwords, account numbers, etc.), the value is encoded before being written to local storage. The reveal action requires you to authenticate with your device biometric (fingerprint or face). Note: this is a privacy obfuscation measure layered on top of Android’s app-private storage; the underlying security boundary is your device’s biometric lock and Android’s app sandbox.

4.3 Voice notes

When you record a voice note, the audio file is saved to a temporary location on your device only as long as needed to send it to the Gemini API for transcription. As soon as transcription completes, the audio file is immediately deleted. The transcribed text becomes part of your filing item. We do not retain raw audio.

4.4 In transit

All network communication (to Gemini, to Google APIs, to anywhere else) uses HTTPS/TLS.

5. Data sharing

5.1 With Google

When you use a feature that involves Google (Calendar, Contacts, Gmail metadata, Gemini AI), data flows between the app and Google’s servers. Google’s own Privacy Policy applies to that flow. We use only the OAuth scopes listed in section 2.2.

5.2 With third parties

We do not share your data with any third party. We do not sell, rent, or trade user data. We do not use third-party advertising networks or analytics SDKs.

5.3 Legal disclosures

If we receive a valid legal demand (subpoena, court order, regulatory request), we will comply — but as the data lives on your device, we do not generally hold copies that we could disclose.

6. Data retention

App data is retained for as long as the app is installed on your device. Uninstalling the app removes all locally stored data. Audio files (voice notes) are deleted as soon as Gemini processing completes — usually within seconds.

7. Your rights

Because most of your data is on your device:

Delete local data: uninstall the app to remove all locally stored content, or use the in-app Remove All Data option where available.
Delete your account (CaddieIQ): open Settings → Account → Delete Account. This permanently removes your Firebase Authentication record and the users/{your-id} Firestore document. You will be signed out immediately and the account cannot be recovered.
Disconnect Google: revoke the app’s access to your Google account at any time at myaccount.google.com/permissions.
Cancel a subscription: manage or cancel any paid subscription at play.google.com/store/account/subscriptions. Cancellation takes effect at the end of the current billing period. The 7-day free trial can be cancelled at any time before it ends to avoid being charged.
Export: in-app settings include export options where applicable.

Under UK GDPR you also have rights of access, rectification, erasure, and to object to processing. Email omniviaapps@gmail.com for any privacy-related request.

8. Children

Our apps are not directed at children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be notified in-app on next launch.

10. Contact

For privacy-related questions, requests, or concerns:

Email: omniviaapps@gmail.com
Subject line: please include “Privacy” for prompt routing

11. Per-app specifics

OmniaLife

OmniaLife uses all four scopes listed in section 2.2 (email, calendar.events, contacts, gmail.metadata) plus the Gemini API for AI features. See the OmniaLife app page for a feature overview.

CaddieIQ

CaddieIQ is an AI golf caddie. It uses:

Device GPS for course distances, shot tracking, and round mapping. GPS data is processed on-device and stored locally with your round history — it is not uploaded to any Omnivia server.
Firebase Authentication for sign-in via Google or email + password. See section 2.3 for the data held in your account record.
Cloud Firestore for a single per-user document storing email, name, profile photo URL, subscription tier, and tier expiry. No round data, shot data, or any other in-app content is stored in Firestore.
Google Play Billing for the optional paid subscription tiers (Plus, Pro, Tour) and the 7-day free trial. Payment processing is handled by Google Play; we never see your card details. Manage or cancel at play.google.com/store/account/subscriptions.
RevenueCat as our subscription-management layer between the app and Google Play. RevenueCat receives your Firebase user ID and your purchase events so it can grant the right tier to your account. RevenueCat’s privacy policy applies to that data flow.
iGolf (a third-party golf-data provider) for course names, layouts, GPS yardages, and scorecards. When you select a course, an anonymised request is sent to iGolf for that course’s data, which is then cached on your device. iGolf does not receive your name, email, or any other identifying information — only the course you asked for.
OpenStreetMap as a fallback for courses not in the iGolf database. The fallback request includes only the rough geographic area of the course.
Google Gemini AI (Gemini 2.5 Flash) for the Ask CaddieIQ voice assistant, AI swing analysis, AI practice plans, and AI round analysis on Pro and Tour tiers. The relevant audio, video frame, or text is sent to Google’s Gemini API, processed, and discarded per Google’s API terms (see section 3.2).

CaddieIQ does NOT use Gmail, Contacts, or Calendar scopes. It does not access photos outside the in-app camera capture for swing analysis. It does not run third-party analytics SDKs.

You can delete your CaddieIQ account at any time from Settings → Account → Delete Account. See section 7 for what that removes. See the CaddieIQ page for a feature overview.

Omnia Voice

Omnia Voice is a voice-first meeting and dictation assistant. It uses the device microphone (with your explicit permission) for: (a) the always-listening "Hey Omnia" wake-word detector, which runs ENTIRELY ON DEVICE using a pre-trained ONNX model bundled in the app — no audio leaves your phone for the wake-word step; and (b) recording your dictated voice notes and meetings.

When you dictate a note or record a meeting, Omnia Voice sends the audio file to Google's Gemini AI API for transcription and intent classification. Audio bytes traverse the network only for that processing step; once the AI returns the transcript, the audio file is deleted from your device. Video recordings (for video meetings) are stored locally and not uploaded — only the audio track is processed for transcription.

Omnia Voice does NOT use any Google OAuth scopes (no Gmail, Calendar, Contacts, Drive). It does not require Google Sign-In. All your meetings, transcripts, action items, voice notes, tasks and reminders are stored on your device using a local Isar database — there is no cloud sync, no developer account on our servers, and no analytics SDKs.

Optional features: Omnia Voice can apply a biometric lock (fingerprint or face unlock) to gate access to the app, and a 4-digit PIN as a fallback. These are local-only; the PIN is hashed (SHA-256) before being stored on the device.

If you provide your own Google AI Studio API key in Settings, Omnia Voice uses your key for the Gemini calls; otherwise it uses a shared key. Either way, the Gemini API's terms apply to that traffic — see Google's API Services User Data Policy. Per Google's terms, data sent to the Gemini API is not used to train Google's AI models on user data.

Other Omnivia apps

Other apps (e.g. Stillness, Neurovexa, MicroHabits, Drive Smart UK) typically operate fully on-device with no Google API integrations beyond optional Google Sign-In for cross-device sync. Apps that send any data to Google's Gemini API (e.g. for AI features) state so on their respective product pages and follow the Limited Use disclosure in section 3.3 above.