Skip to content
OMNI Platform

Privacy Policy

Privacy Policy

Effective date: May 28, 2026  ·  Last updated: May 28, 2026

OMNI Platforms ("OMNI," "we," "us," or "our") operates the OMNI web platform and the Omni Companion iOS application (collectively, the "Services"). We are deeply committed to protecting your privacy and the security of your personal and health data. This Privacy Policy explains what information we collect, how we use and share it, and the rights available to you under applicable law—including the FTC Health Breach Notification Rule, the California Consumer Privacy Act (CCPA), and the Washington My Health My Data Act (WMHMDA).

By registering for or using the Services, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Account & Identity Data

When you create an account we collect your username, email address, password hash, preferred language, unit system, and role (user, monitor, doctor, or personal trainer).

1.2 Consumer Health Data

The OMNI platform is a health-tracking service. We collect and process a broad range of consumer health data, including:

  • Biomarkers (blood work, lab results, biometric measurements such as height, weight, body composition)
  • Physical fitness data (workouts, activities, personal records, exercise logs)
  • Nutritional data (food logs, macronutrients, fasting periods)
  • Supplement and medication logs
  • Medical history (conditions, allergies, surgeries, hospitalizations)
  • Family medical history
  • Hormonal health data
  • Sleep and mental health self-assessments
  • Genomic profile data (if submitted)
  • Journal entries and experiment tracking data
  • Data imported from connected health devices and apps (e.g., Apple Health, Fitbit, Withings)

1.3 Device & Usage Data

We automatically collect IP address, browser/device type, operating system, referring URLs, pages visited, and session duration. On mobile devices this includes device identifiers and OS version.

1.4 Communications

We retain emails and in-app messages you send or receive through the platform.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and personalize the Services
  • Generate health insights, protocol recommendations, and the Human System Profile Index (HSPI)
  • Facilitate care coordination between users and linked health professionals
  • Send transactional emails (registration confirmation, password reset, login verification codes)
  • Send operational notifications and weekly health summaries
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information or consumer health data to third parties. We do not use your health data for advertising purposes.

3. How We Share Your Information

  • Linked professionals. If you provide a link code during registration, your health data will be visible to the linked doctor, personal trainer, or monitor you designate.
  • Service providers. We share data with vendors who help us operate the Services (cloud hosting, transactional email) under confidentiality agreements that prohibit them from using your data for any other purpose.
  • Legal compliance. We may disclose information when required by law, subpoena, court order, or government regulation, or to protect the rights and safety of OMNI, our users, or the public.
  • Business transfers. In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you via email or a prominent notice on the Services before your data is transferred and becomes subject to a different privacy policy.

4. FTC Health Breach Notification Rule (16 CFR Part 318)

As a vendor of personal health records, OMNI complies with the FTC Health Breach Notification Rule. In the event of a breach of security of individually identifiable health information maintained in unsecured form, we will:

  • Notify each affected individual without unreasonable delay and no later than 60 calendar days after discovery of the breach.
  • Notify the Federal Trade Commission (FTC) as required.
  • In cases involving more than 500 residents of a state, notify prominent media outlets serving that state.

Breach notifications will include: (a) a description of the breach; (b) the types of information involved; (c) steps you can take to protect yourself; (d) what OMNI is doing to investigate and mitigate the breach; and (e) contact information for questions.

5. California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the following rights under the CCPA and the California Privacy Rights Act (CPRA):

Right to Know

You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the business or commercial purpose for collection, and the categories of third parties with whom we share it.

Right to Delete

You may request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.

Right to Correct

You may request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale or Sharing

We do not sell or share (for cross-context behavioral advertising) your personal information. You do not need to take any action to exercise this right.

Right to Limit Use of Sensitive Personal Information

We use sensitive personal information (including health data) only to provide the Services you requested. We do not use it for additional purposes without your consent.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

How to Exercise Your California Rights

Submit requests by email to privacy@core-dynamics.io or through your account profile. We will respond within 45 days. We may verify your identity before processing requests.

6. Washington My Health My Data Act (WMHMDA)

The Washington My Health My Data Act (SB 1155, effective March 31, 2024 for regulated entities) applies to consumer health data of Washington State residents. OMNI collects consumer health data as defined by the WMHMDA, including health conditions, diagnoses, biometric data, physical activity, sleep, nutritional data, and other health-related information.

Consent

We obtain your consent before collecting consumer health data that is not strictly necessary to provide the Services you have requested. You may withdraw consent at any time by contacting us (see Section 9 below). Withdrawal of consent will not affect the lawfulness of processing before withdrawal.

No Sale of Consumer Health Data

We do not sell consumer health data as defined by the WMHMDA. We do not share consumer health data with third parties for advertising purposes.

Washington Consumer Health Data Rights

If you are a Washington resident, you have the right to:

  • Confirm and access whether we collect, share, or sell your consumer health data and obtain a list of third parties with whom we have shared it.
  • Withdraw consent for our collection and sharing of your consumer health data.
  • Delete consumer health data collected about you from our records and direct our processors to delete it.

How to Exercise Your Washington Rights

Submit requests to privacy@core-dynamics.io. We will respond within 45 days (extendable by an additional 45 days with notice). We will not require you to create an account solely to exercise your rights.

Appeals

If we decline to take action on your request, we will inform you of the reason and explain how to appeal the decision. You may submit an appeal to privacy@core-dynamics.io with "WMHMDA Appeal" in the subject line.

7. Data Retention

We retain your account and health data for as long as your account is active or as needed to provide the Services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or necessary to resolve disputes.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including password hashing, encrypted communications (TLS), end-to-end encrypted messaging, access controls, and new-country login alerts. No security system is impenetrable; we cannot guarantee that information may not be accessed, disclosed, altered, or destroyed in a breach.

9. Contact Us

For privacy-related questions, requests, or complaints, contact us at:

OMNI Platforms

Privacy & Data Protection

Email: privacy@core-dynamics.io

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Services at least 30 days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the revised policy.