Effective 21 June 2026
Omora is a personal home-inventory app. We store what you give us, process it to make the app work, and never sell or share your data with advertisers. On free accounts your inventory stays on your device unless you turn on backup & sync. This policy explains exactly what we collect, why, who else touches it, and what you can do about it.
Omora is operated by Philip Skinner ("we", "us"). Our contact details are at the bottom of this page. Our backend infrastructure (database, authentication, and file storage) is hosted in the EU.
| Data | Purpose | Linked to You |
|---|---|---|
| Email address | Account creation, sign-in, verification | Yes |
| Name | Account profile, claim documents | Yes |
| Product records | Inventory tracking, warranty & coverage reminders | Yes |
| Receipts, photos, documents | Proof storage, AI extraction | Yes |
| Forwarded receipt emails | Receipt extraction (only if you use your forwarding address) | Yes |
| Country & currency | Coverage rules, formatting | Yes |
| Purchase & coverage details | Coverage calculation, claims export | Yes |
| Product usage analytics | Feature usage & improvement (no personal content) | Yes (no PII) |
| Crash & performance data | Stability and performance monitoring | Pseudonymised ID only |
We do not ask for your phone number, postal address, or date of birth. We collect only the data above.
Omora prefers on-device processing wherever possible. When you scan a receipt with the camera or pick a photo, text recognition (OCR) runs locally using Apple's Vision framework, and only the resulting text is sent onward. Warranty and coverage reminders are scheduled as local notifications on your device. Extraction caches, pending uploads, and your reminder schedule stay on your device. Face ID / Touch ID unlock happens entirely on your device — we never receive your biometric data.
On free accounts your inventory is local-first: your product records, photos, and documents stay on your device and are only stored on our backend if you turn on backup & sync (included with Plus). Your account email and sign-in details always live on our backend, because they are how you log in.
Your account, and — when backup & sync is on — your product records, documents, photos, and profile are stored in our EU-hosted backend so they sync across your devices. Row-level security ensures you can only access your own data.
Omora can give you an optional personal @omora.app forwarding address so you can forward order-confirmation emails straight into your inbox of receipts. If you use it, those emails — including the message body and any attachments — are received by our email provider, passed to our backend, and stored there. Unlike camera scans, these are read and parsed on our servers (including extracting text from PDF attachments and sending the relevant text to our AI provider, described below), not on your device. You never have to use the forwarding address; if you don't, none of this happens.
After text is extracted — on your device for camera scans, or on our servers for forwarded emails — Omora may send the relevant text to a third-party AI provider (routed through our backend) to: structure receipt data into product records, suggest matching product names, and draft a damage description for a claim. Only the text needed for that specific feature is sent, and email addresses, links, and long tokens are stripped from it first. We never send your photos or documents to the AI as images — text only. The AI is limited to these specific Omora tasks; it is not a general-purpose chatbot, and Omora has no chat or "assistant" you can ask free-form questions.
For the "find a product manual" feature, we send only the product brand and model to a web-search provider and then fetch the manufacturer's page or PDF from our servers to verify the link — no personal data is sent.
AI provider API keys are managed server-side and are never stored in the app. Our AI provider processes text on servers outside the EU/EEA; we use a zero-data-retention configuration and strip identifiers before sending (see "International Transfers").
We record lightweight analytics about which features you use (for example "item added" or "paywall shown"). These events are sent to our own backend and to PostHog, an EU-hosted product analytics platform we use to understand how the app is used and improve it. PostHog operates under a data-processing agreement, is hosted in the EU (Frankfurt), and does not use your data for advertising or sell it. These events are tied to your account so we can honour your opt-out and include them in your data export and deletion, but they contain no personal content: no receipt text, no search queries, no names, and no document contents. You can turn analytics off any time in Settings → Privacy controls.
Passwords are validated locally for strength and checked against a public database of known breached passwords using k-anonymity. Only a short, partial hash (the first 5 characters) is sent, never the password itself.
We use a third-party diagnostics provider for crash and performance monitoring. It receives a pseudonymised user identifier (a hash of your account ID), crash data, and app performance metrics. It does not receive your email, name, product data, or documents, and diagnostic logs are scrubbed of personal data before they are sent. Default PII collection is disabled. You can turn crash reporting off in Settings → Privacy controls.
We do not sell your data. We do not share it with advertisers. Your data is only processed by a small number of sub-processors, each acting on our behalf under a data-processing agreement:
We list these recipients by their role rather than their brand. A current list of the specific providers we use is available on request at hello@omora.app.
Transferring an item to someone else. If you choose to use Item Transfer, Omora bundles that one item — its photos, documents, and any price or coverage details you decide to include — and uploads it behind a private, single-use link that expires. Only a person you give the link to can import it. Nothing is shared with anyone unless you start a transfer.
We keep your data for as long as your account is active. When you delete your account (Settings → open your account → Delete account, after verifying by email), we immediately remove from our backend:
A small amount of de-identified data may be retained because it is no longer linked to you: aggregated product-name corrections that improve recognition for everyone, de-identified rate-limiting counters, and operational logs of AI requests (timing, model, and status — never receipt content) with your identifier removed. Crash logs that contain your pseudonymised ID are retained by our diagnostics provider for up to 90 days per their retention policy.
Under GDPR and UK GDPR, you have the right to:
You may also lodge a complaint with your local data protection authority.
Omora is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it.
We protect your data with:
Our primary infrastructure is EU-hosted. Some sub-processors may process limited data outside the EU/EEA under standard contractual clauses or equivalent safeguards:
We may update this policy to reflect changes in the app or legal requirements. Material changes will be communicated through the app. The effective date at the top will always reflect the latest version.