Privacy Policy

Last updated: 22 May 2026

Ome.gg is operated by Eastwood Media, a company incorporated in the Republic of South Africa ("we", "us", "our"). This Privacy Policy explains how we collect, use, share, and protect personal data when you access or use the website located at https://ome.gg and any associated services ("Service").

We've built Ome.gg to be anonymous by default: you can use the Service without providing your real name, and you can stop using it and delete your data at any time. This policy explains how that works and what choices you have.

This Privacy Policy forms part of our Terms of Service and should be read alongside our Community Guidelines and Cookie Policy.

1. Who we are and how to contact us

Data Controller: Eastwood Media, Republic of South Africa.

General privacy contact: [email protected]

Data Protection enquiries / requests under GDPR, UK GDPR, CCPA and similar laws: [email protected]

EU / UK data protection contact: For matters under the GDPR or UK GDPR, including any enquiry that would otherwise be directed to an Article 27 representative, contact us at [email protected].

You have the right to lodge a complaint with the supervisory authority in your country. In South Africa, that is the Information Regulator (South Africa) — inforegulator.org.za. EU users may complain to their local data protection authority.

2. What information we collect

2.1. Information you provide directly

  • Auto-generated handle and avatar. We generate these for you; no real name is required.
  • Email address (optional). Only if you choose to link an account to save your profile across sessions or devices.
  • Profile preferences. Gender, year of birth (for 18+ verification only — not stored as a date), interests/tags you select, language preference.
  • Content you transmit. Text messages sent in random chat and DMs. Voice is transmitted in real time and not recorded by default (see section 4).
  • Reports. When you report another User, we collect the report contents, the reason, and the related conversation context.
  • Support communications. Messages you send us via [email protected] or other channels.

2.2. Information we collect automatically

  • IP address. Used to derive approximate country (for matching and abuse prevention), enforce sanctions compliance, and detect abuse patterns. We do not derive precise location.
  • Device and connection data. Browser type, operating system, screen size, language settings, time zone, referring URL, pages visited, session duration. Used for service operation, security, and analytics.
  • Device fingerprint. A hashed signature derived from browser characteristics, used to detect ban evasion and abuse. We do not use this to identify you across other websites.
  • Cookies and similar technologies. See section 7.

2.3. Information about User Content (moderation)

  • Text content. Messages you send through random chat and DMs are processed by automated moderation systems in real time to detect prohibited content. Most messages are not stored beyond delivery; messages flagged by moderation systems or reports may be stored longer (see section 8).
  • Audio content. Voice calls are not recorded by default. If a call is reported, or if there is reasonable suspicion of a serious violation, audio may be transcribed and reviewed (see section 4).
  • Match metadata. We log the fact that two Users were matched, the duration, and the filters applied. This is used for abuse investigation and service operation.

2.4. Information from third parties

  • Authentication providers. If we add social or magic-link login, we receive the email address and basic profile information from the provider.
  • Payment processors (future). If we add paid features, payment processors will share transaction confirmations with us (but never card numbers).
  • Ad partners. If you click on an ad, we may receive the click event but not your activity on the advertiser's site.

3. Why we use your information and our legal basis

For Users in the EU, EEA, UK, or other GDPR-equivalent jurisdictions, we are required to identify a legal basis for each processing activity. The table below summarizes purposes and bases:

PurposeLegal basis (GDPR Art. 6)
Provide the Service: matching, chat, DMs, friendsContract (Art. 6(1)(b))
Maintain account, send service notificationsContract (Art. 6(1)(b))
Moderate content via automated systemsLegitimate interests (Art. 6(1)(f)) — protecting Users from harm
Review reports, suspend/ban UsersLegitimate interests (Art. 6(1)(f)) — community safety
Detect and prevent abuse, fraud, ban evasionLegitimate interests (Art. 6(1)(f)) — platform integrity
Comply with legal obligations (e.g. NCMEC reporting, law enforcement requests)Legal obligation (Art. 6(1)(c))
Analyze service usage in aggregateLegitimate interests (Art. 6(1)(f)) — improving the Service
Advertising via third-party partners (non-essential cookies)Consent (Art. 6(1)(a))
Optional features (e.g. email account linkage)Consent (Art. 6(1)(a))

Where we rely on consent, you can withdraw it at any time (see section 9). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4. Voice chat — what happens to your audio

Because voice chat involves higher privacy risk than text, we explain it separately.

  • Real-time transmission only. Audio is transmitted peer-to-peer via WebRTC between you and the User you're matched with. Our servers relay the call (via TURN) only when direct peer connection is not possible.
  • No default recording. We do not record voice calls. We do not retain audio after the call ends.
  • Conditional review of flagged calls. If you or another User reports a call, or if our automated systems flag a call for serious abuse (such as suspected child exploitation), we may transcribe and review the audio. Transcripts and any relevant audio are stored only as long as needed for the investigation and any resulting enforcement, and then deleted, except where preservation is legally required.
  • You may not record other Users. As stated in our Terms of Service, you are prohibited from recording, screenshotting, or otherwise capturing another User's audio without their consent. We will act on reports of unauthorized recording.
  • Two-party-consent jurisdictions. In some jurisdictions (including California, Florida, Illinois, and several other US states), recording another User without consent may be a criminal offense. By using voice chat you confirm that your participation is lawful in your jurisdiction.

5. Automated decision-making and AI moderation

We use automated systems (including AI classifiers) to:

  • Block messages that contain CSAM, threats, doxxing, or other prohibited content before they are delivered to other Users.
  • Flag conversations for human review.
  • Detect and limit accounts engaging in abuse patterns.

These automated systems can result in decisions that significantly affect you, including suspension or termination of your account. Under GDPR Article 22, you have the right to:

  • Request human review of an automated decision that affects you. Contact [email protected] with details of the decision and your account.
  • Express your point of view and contest the decision.
  • Receive an explanation of how the decision was made, to the extent we can provide one without compromising the integrity of the moderation system.

Our moderation classifier providers may include Anthropic (Claude), OpenAI, and similar providers. We share message content with these providers only for the purpose of moderation, under contractual data-protection terms.

6. Sharing your information

We share your information only as described below. We do not sell your personal information as defined by the California Consumer Privacy Act or similar laws.

6.1. Service providers (processors)

We share data with vendors who help us operate the Service. Each is contractually bound to use data only for the agreed purpose. Categories include:

CategoryExample providers (subject to change)
Hosting and infrastructureDigitalOcean, Cloudflare
Database and storageSelf-hosted on DigitalOcean
Email deliveryPostmark, SendGrid, or similar
Content moderationAnthropic (Claude), OpenAI moderation API
AnalyticsSelf-hosted or privacy-respecting (e.g. Plausible, Umami)
Error monitoringSentry or similar
AdvertisingEzoic, Google AdSense, or direct ad partners (only with your consent for non-essential cookies)

A current list of sub-processors is available at ome.gg/sub-processors and is updated when material changes occur.

6.2. Other Users

  • Your handle, avatar, gender (if selected), and online status are visible to Users you are matched with or who have added you as a friend.
  • Messages you send to a matched User or friend are obviously visible to that User.
  • We do not share your email, IP address, or other technical data with other Users.

6.3. Law enforcement, courts, and regulators

We may disclose information when we believe in good faith that disclosure is:

  • Required by law, subpoena, court order, or government request;
  • Necessary to investigate or prevent fraud, security incidents, or other illegal activity;
  • Necessary to protect the rights, property, or safety of Eastwood Media, our Users, or the public.

6.4. NCMEC and child safety organizations

If we detect or receive a credible report of child sexual abuse material (CSAM), child exploitation, or grooming behavior on the Service, we will:

  • Preserve the content and associated User data;
  • Report to the National Center for Missing & Exploited Children (NCMEC) in the United States and to applicable authorities in other jurisdictions;
  • Cooperate with subsequent law enforcement investigations.

This is a mandatory disclosure category and overrides anonymity protections in this Policy.

6.5. Business transfers

If we are involved in a merger, acquisition, financing, asset sale, or bankruptcy, your information may be transferred to the successor entity. We will notify Users of any such transfer involving material changes to data handling.

6.6. Aggregated and de-identified data

We may create and share aggregated or de-identified data that cannot reasonably be linked back to you (for example, total active users by country).

7. Cookies and similar technologies

We use cookies and similar technologies to:

  • Essential operation: keep you signed in to your anonymous session, remember filters, maintain security.
  • Analytics: understand aggregate usage patterns (only with consent in regions where required).
  • Advertising: show ads from our advertising partners (only with consent in regions where required).

You can control cookies through your browser settings. In the EU/UK, we display a cookie banner allowing you to consent to non-essential cookies separately. Disabling essential cookies may affect functionality.

A full list and detail of each cookie is in our Cookie Policy.

8. Data retention

We retain data only as long as necessary for the purposes described in this Policy. Specific retention periods:

Data typeRetention period
Anonymous session (handle, avatar, no email linked)Until session ends or 90 days of inactivity, whichever is sooner
Linked account (with email)Until you delete your account
Direct messages with friendsUntil you or your friend delete the conversation, or you delete your account
Random chat text contentNot retained beyond delivery, except when flagged by moderation or reports (retained 90 days for review)
Voice call audioNot retained, except for flagged/reported calls (retained 90 days for review)
Match metadata (who was matched, when, duration)12 months for abuse investigation
IP addresses and device fingerprints12 months for abuse prevention and ban enforcement
Reports and moderation actions24 months
Permanent ban records (fingerprint, IP subnet)Indefinitely, for ban enforcement
CSAM-related evidenceIndefinitely, as legally required, in a segregated preservation store accessible only to designated compliance personnel
Support communications24 months

When data reaches the end of its retention period, we delete it or anonymize it so it can no longer be linked to you.

9. Your rights

The specific rights you have depend on where you live. We will respond to all valid requests within the time required by law (typically 30 days under GDPR, 45 days under CCPA).

To exercise any of these rights, email [email protected] with details of your request. We may ask for information to verify your identity, especially for anonymous accounts.

9.1. If you are in the EU, EEA, UK, or Switzerland (GDPR / UK GDPR)

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate data.
  • Right to erasure ("right to be forgotten"): request deletion of your data. Note that some data (e.g. ban records, CSAM evidence) cannot be deleted due to legal obligations.
  • Right to restriction: request that we limit how we process your data in certain situations.
  • Right to data portability: request your data in a machine-readable format.
  • Right to object: object to processing based on our legitimate interests, including profiling.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent.
  • Right to human review of automated decisions: see section 5.
  • Right to lodge a complaint with your local data protection authority.

9.2. If you are in California (CCPA / CPRA)

  • Right to know what personal information we collect, the categories of sources, the business purposes, and the categories of third parties with whom we share.
  • Right to delete your personal information, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. We do not sell personal information, but we may share for cross-context behavioral advertising if you have consented to advertising cookies. You can opt out via cookie settings or by emailing [email protected].
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising these rights.

9.3. If you are in other US states (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, etc.)

You have rights substantially similar to California residents, including the right to access, delete, correct, port, and opt out of targeted advertising and sale. The specific rights and procedures vary by state. Contact [email protected] for state-specific assistance.

9.4. If you are elsewhere

Many other jurisdictions have similar rights. Even where law does not specifically require it, we will honor reasonable access and deletion requests on a best-efforts basis.

9.5. Self-service options

You can do the following directly from in-app Settings without contacting us:

  • Delete your account and associated data
  • Delete individual DMs or conversations
  • Unfriend or block other Users
  • Edit your profile preferences
  • Manage cookie consent (via the cookie banner)
  • Adjust your privacy filters

10. International data transfers

We are based in South Africa, and our infrastructure providers may be located in the EU, the United States, the United Kingdom, and other jurisdictions. When we transfer personal data outside the EEA/UK to a country not subject to an adequacy decision, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • UK International Data Transfer Agreement or UK Addendum to SCCs for UK data;
  • Other safeguards as appropriate.

For details about specific transfers, contact [email protected].

11. Security

We take reasonable technical and organizational measures to protect your information, including:

  • TLS encryption for all data in transit;
  • Encryption at rest for stored data including DMs;
  • Access controls and least-privilege principles for our personnel;
  • Regular security reviews and dependency updates;
  • Hashed storage of device fingerprints;
  • Isolated infrastructure for sensitive evidence preservation.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to minimize risk.

Data breach notification. If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours (as required under GDPR Article 33);
  • Notify affected Users without undue delay where the breach is likely to result in high risk to their rights and freedoms.

12. Children

The Service is strictly for Users aged 18 and over. We do not knowingly collect personal data from anyone under 18.

If we become aware that a User is under 18, we will:

  • Terminate the account immediately;
  • Delete any personal data we have collected from them, except where preservation is required for safety or legal reasons;
  • Cooperate with parents, guardians, and authorities investigating the matter.

If you are a parent or guardian and you believe your child has provided personal data to us, contact [email protected] immediately.

13. Do Not Track and Global Privacy Control

Our Service responds to the Global Privacy Control (GPC) signal where applicable. If you send a GPC signal, we will treat it as a request to opt out of any sale or sharing of personal information for advertising purposes.

The "Do Not Track" browser header is not a universal standard, and most websites do not honor it. We currently do not respond to DNT signals but do honor GPC.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be:

  • Notified by updating the "Last updated" date above;
  • Where reasonably practicable, by in-app notice or by email to Users who have linked an email;
  • Effective 14 days after posting, except where immediate effect is required by law.

For material changes that would expand our use of previously collected personal data, we will obtain consent where required by applicable law.

15. Contact

Privacy questions, requests, or complaints:

Eastwood Media
Republic of South Africa

Supervisory authority (South Africa): Information Regulator (South Africa) — inforegulator.org.za

Privacy Policy | Ome.gg