Privacy policy
Last updated: 31 March 2026. This policy explains how Omniscia collects, uses, stores, and protects your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller
Omniscia is operated by Omniscia Ltd, a company registered in England and Wales. For data protection enquiries, contact us at legal@omniscia.ai.
What We Collect
Account information — email address, name, and password (via Firebase Authentication)
Uploaded content — video ad creatives you upload for analysis. Encrypted at rest (AES-256-GCM)
Analysis results — scores, recommendations, transcripts, and frame-level data generated by our AI pipeline
Platform connections — OAuth tokens and read-only performance metrics from Meta, Google Ads, and TikTok (when you choose to connect). For Meta (paid plans), video creatives are also automatically downloaded and analysed through Lens
Usage data — page views and feature interactions via Firebase Analytics, only with your consent
Payment information — processed entirely by Stripe. We never see, store, or have access to your card details
Credit transactions — records of credit usage, top-ups, and bonuses within the platform
Lawful Basis for Processing
Under UK GDPR Article 6, we process your data on the following bases:
Contract performance — providing the service you signed up for: video analysis, creative scoring, ad publishing, Scia AI chat, Forge briefs, and all platform features
Legitimate interest — anonymised Cortex ML training (sharpening the model for all users), platform security, fraud prevention, and service reliability
Consent — Firebase Analytics cookies (you choose via the cookie banner) and optional marketing emails (you can unsubscribe at any time)
How We Use Your Data
Analysis pipeline — your videos are processed through frame extraction, AI vision analysis, audio transcription, and similarity scoring to generate creative quality reports
Cortex ML engine — when you link ad performance data to an analysis, Omniscia generates its own anonymised analytical outputs: creative classifications (e.g. "visual style: UGC") and aggregated performance metrics (e.g. average ROAS). These derived outputs are Omniscia's intelligence — not your personal data. They contain no video frames, audio, images, transcripts, filenames, or personal information and cannot be traced to any individual. As fully anonymised data under UK GDPR Recital 26, they fall outside the scope of personal data regulation and persist independently to maintain model accuracy for all users. Cortex training is integral to the platform's network-effect intelligence — every analysis contributes to a sharper model for all users
Meta auto-analyse — when you connect Meta (paid plans), we automatically download your video ad creatives via Meta's Graph API, analyse them through Lens, and link the results to your ad performance data. This trains your personal Cortex engine. Contribution is off by default. Opt in at any time if you want your anonymised outcomes to help calibrate the engine. We never train on your raw creatives, transcripts, or personal data. Only the structured scores and outcome signals you've explicitly contributed.
Platform sync — when you connect Meta, Google Ads, or TikTok, we read performance metrics (spend, CTR, ROAS) to correlate with your creative scores. We never modify your campaigns without explicit action
Email notifications — platform alerts, fatigue warnings, and monthly digests. You can opt out in Profile > Settings
Analytics — with your consent, we use Firebase Analytics to understand which features are used and improve the platform
Your Rights
Under UK GDPR, you have the following rights over your personal data:
Right of access (Art. 15) — download all your data in JSON format from Profile > Settings > Download My Data
Right to rectification (Art. 16) — update your name, email, and preferences in Profile > Settings
Right to erasure (Art. 17) — permanently delete your account and all associated personal data from Profile > Settings > Delete Account. Deletion is immediate and irreversible. Anonymised Cortex analytical outputs (which contain no personal information and cannot identify you) are retained as they constitute Omniscia's derived intelligence, not personal data under UK GDPR Recital 26
Right to data portability (Art. 20) — export your data in a structured, machine-readable JSON format via Download My Data
Right to restrict processing (Art. 18) — contact legal@omniscia.app to request restricted processing
Right to object (Art. 21) — unsubscribe from marketing emails via the one-click link in any email. Decline analytics cookies via the cookie banner or your browser settings
Rights related to automated decision-making (Art. 22) — Cortex scoring and creative recommendations are advisory tools to inform your decisions. They are not used to make automated decisions with legal or similarly significant effects on you
To exercise any of these rights, email legal@omniscia.app. We will respond within 30 days.
6. Third-Party Sub-Processors
We use the following sub-processors to deliver the service. Where data is transferred outside the UK, we rely on UK adequacy decisions and Standard Contractual Clauses.
Provider
Anthropic
OpenAI
Google (Gemini)
Google (Firebase)
Stripe
Railway
Vercel
Meta / GoogleAds / TikTok
Brave
Purpose
Claude Vision Analysis
Whisper Transcription
Summarisation, classification
Authentication, analytics
Payment Processing
Backend Hosting
Frontend Hosting
Ad platform sync
Web search for Scia AI
Data Sent
Video frames (base64 images only)
Audio files
Text content
Email, UID, events (with consent)
Billing details (we never see these)
All platform data (encrypted in transit)
Static assets only (no personal data)
OAuth tokens, performance metrics
Search queries (no personal data)
Location
US
US
US
US
US/EU
US
Global CDN
US
US
Retention
Zero — not stored or trained on
Zero — not stored or trained on
Zero — not stored
Account lifetime
Per Stripe's policy
Active subscription
N/A
Revocable by you
Per Brave's policy
AI providers (Anthropic, OpenAI, Google Gemini) operate on zero-retention APIs. Your content is processed and immediately discarded on their end — it is never stored, logged, or used to train their models.
7. International Data Transfers
Some of our sub-processors are based in the United States. For these transfers, we rely on the UK Government's adequacy regulations and, where applicable, Standard Contractual Clauses (SCCs) as approved by the ICO.
Critically, the AI providers we use (Anthropic, OpenAI, Google Gemini) operate zero-retention APIs — your content is processed in memory and never persisted. No personal data is stored in the US by these providers.
8. Data Retention
Account data — retained while your account is active. Deleted immediately and permanently when you delete your account
Analysis data — retained while your account is active. Deleted with your account
Uploaded videos — encrypted at rest (AES-256-GCM). Deleted with your account
Anonymised Cortex analytical outputs — these are Omniscia's derived intelligence: creative classifications and aggregated performance metrics generated by our AI pipeline. They contain no video frames, audio, images, transcripts, filenames, or personal information and cannot be traced to any individual. As fully anonymised, non-personal data (UK GDPR Recital 26), they persist after account deletion to maintain model accuracy for all platform users
Read notifications — automatically deleted after 90 days
Resolved platform errors — automatically deleted after 30 days
Signal intelligence articles — automatically deleted after 6 months
Payment records — retained by Stripe per their retention policy. We do not store payment details
9. Cookies and Tracking
Essential cookies — Firebase Authentication session token. Required for login. Cannot be disabled while using the service
Analytics cookies — Firebase Analytics. Tracks page views and feature usage to improve the platform. Only activated with your explicit consent via the cookie banner. You can change your preference at any time by clearing your browser data
We do not use any third-party advertising cookies, retargeting pixels, or tracking scripts. We do not sell or share analytics data with advertisers.
10. Data Security
All data in transit is encrypted via TLS 1.3
Uploaded videos are encrypted at rest using AES-256-GCM with per-user encryption keys
OAuth tokens for connected platforms (Meta, Google Ads, TikTok) are encrypted at rest using AES-256-GCM with a master key stored separately from the database
API rate limiting and DDoS protection (3-layer: IP rate limiting, request size limits, per-key limits)
No Omniscia staff can view your uploaded videos or analysis reports
For more details on our security architecture, see our Trust & Security page.
11. Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users via email within 72 hours of confirming the breach, as required by UK GDPR Article 33.
Where required, we will also report the breach to the Information Commissioner's Office (ICO) within the same timeframe.
12. Children's Data
Omniscia is a business tool for advertising professionals. Our service is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact legal@omniscia.ai and we will delete it immediately.
13. Supervisory Authority
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email and an in-app notification before they take effect. The “last updated” date at the top of this page will always reflect the most recent version.
15. Contact
For any questions about this privacy policy, your data, or to exercise your rights, contact us at legal@omniscia.ai.
Launching June 2nd
14-day trial, No card, First 100 lock launch pricing for life