Welcome to Omoggle, operated by Omoggle LLC. This Privacy Policy explains how we handle account, guest-session, gameplay, payment, analytics, moderation, Discord integration, and camera-check information for the Omoggle 1v1 Arena, Lab reports, leaderboard, private rooms, and related community features.
References to "Omoggle," "we," "us," or "our" in this Privacy Policy refer to Omoggle LLC and its authorized agents.
Omoggle uses MediaPipe WebAssembly for facial landmark tracking and facial analysis. Our approach is designed so the camera challenge and facial analysis run locally on your device rather than serving as a permanent identity record:
If you are a resident of Illinois, Texas, or Washington, please also see Section 7 ("Biometric Information Privacy Act") below for state-specific disclosures.
The 1v1 Arena connects users globally using live video feeds. It is imperative that our users understand how this media is handled during gameplay:
Where Omoggle elects to create or publish promotional assets from match content, we may retain those assets for as long as reasonably necessary for brand, marketing, archival, legal, or business record purposes, unless a shorter period is required by law.
To operate Omoggle, calculate your Elo rating, and maintain the Global Leaderboard, we store minimal account-level information including:
This non-biometric data is securely stored in our databases to provide you with the persistent ranking and progression features of the Omoggle platform.
Omoggle lets you enter as a guest so you can try the Arena without first creating a permanent account. A guest profile may have a temporary display name, rank, Elo, match history, private room activity, verification status, device/session identifiers, and anti-abuse logs associated with it.
Guest access is intended to be temporary. If you claim your rank with Google or another supported sign-in method, we link the guest profile data that is reasonably available in your current browser session to the claimed account. If you clear browser storage, use a different device, or wait too long, guest profile data may become unavailable and may not be recoverable.
Guest accounts are still subject to this Privacy Policy, the Terms of Service, and our safety systems. We may limit, suspend, or delete guest sessions to prevent abuse, enforce age and safety requirements, or keep the Service reliable.
We keep each category of data only as long as needed for the purpose it was collected. Verification and Arena face imagery are not written to our servers. Saved Lab reports may store one private final scan snapshot for report overlays, as described above. When you submit a moderation report with an attached screenshot, that screenshot is stored in a private bucket and is treated as sensitive personal information available only to our moderation team for review of the specific incident.
| Data Category | Where It Lives | Retention |
| --- | --- | --- |
| Face landmarks / mesh / template | Your device RAM only | Discarded on match/session end (seconds) |
| Live 1v1 video / audio | WebRTC/SFU transport (LiveKit) | Not recorded; dropped when call ends |
| Saved Lab report snapshot | Private Supabase Storage bucket scoped to your account/report | Until report/account deletion; removed during account deletion cleanup |
| Guest session profile | Supabase + browser storage | Until claimed, expired, deleted, or no longer needed for operations/safety |
| Verification status fields | Supabase profile fields including verified_at, verified_until, and age_acknowledged_at | Retained while your account exists; cleared on account deletion. |
| Moderation report evidence (screenshots) | Private moderation-evidence storage bucket and report evidence table (admin-only access) | Retained only as long as necessary to investigate abuse, appeals, legal claims, or safety incidents, then deleted or anonymized under a documented schedule. Evidence subject to a legal hold (for example, content reported to NCMEC under 18 U.S.C. §2258A) is preserved for at least one year as required by law and will not be deleted in response to an account-deletion request during that period. |
| Automated moderation samples (single representative frame per detection event) | Private moderation-evidence storage bucket (admin-only access); detection metadata in nsfw_detections table | 30 days, then deleted, unless flagged for ongoing investigation, subject to a legal hold, or covered by the §2258A 90-day preservation rule for suspected CSAM. Subsequent frames within the same match are not recorded — only the first frame per session that crosses the detection threshold. |
| CyberTipline submissions and chain-of-custody records | Private storage with restricted admin access | Preserved for at least one year per 18 U.S.C. §2258A(h) as amended by the REPORT Act of 2024; longer if law enforcement requests preservation. Storage follows the most recent NIST Cybersecurity Framework guidance. |
| Identity-verification reference (when third-party verification is used) | Provider-side (Stripe Identity / Persona / equivalent); Omoggle stores only a reference id and binary outcome | Verification reference retained while your account exists; provider follows its own retention policy. We do not retain the underlying ID image or selfie. |
| Account & username | Supabase | Until you delete your account |
| Elo, match history, leaderboard | Supabase | Until account deletion; then anonymized |
| Discord link (id, username, avatar hash) | Supabase | Until you disconnect Discord or delete your account |
| Payment metadata | Stripe + our DB (ids only) | Retained while subscription active; up to 7 years after for tax/accounting obligations |
| Stripe webhook event log | Supabase | Retained as part of our payment audit trail; periodically pruned once the events are no longer needed for reconciliation, dispute response, or tax/accounting purposes. |
| Analytics / rate-limit logs | Vercel / Redis | 30 days |
You may request earlier deletion at any time via the Account settings or by emailing privacy@omoggle.com.
If you reside in Illinois (BIPA, 740 ILCS 14), Texas (CUBI, Bus. & Com. Code §503.001), or Washington (HB 1493, RCW 19.375), the following applies to you:
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:
Our legal bases for processing are (a) your consent (camera check, marketing emails), (b) performance of a contract (gameplay, leaderboard, subscriptions), and (c) legitimate interests (fraud prevention, rate limiting). Contact privacy@omoggle.com to exercise any of these rights.
California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to limit the use of sensitive personal information, and to opt out of the "sale" or "sharing" of personal information as those terms are defined under the CCPA/CPRA. We do not use or disclose sensitive personal information (including biometric data) for purposes other than those permitted by §7027(m) of the CCPA regulations. You will not receive discriminatory treatment for exercising any CCPA right.
California residents may exercise their privacy rights through the Your California Privacy Choices link in our footer, by visiting /privacy/choices, or by emailing privacy@omoggle.com. We recognize Global Privacy Control (GPC) signals as valid requests to opt out of the sale or sharing of personal information. When we receive a GPC signal, we suppress analytics or advertising-relevant tags that are not strictly necessary, record the opt-out for the browser session, and persist it to your account when you are logged in. You may also use the Do Not Sell or Share My Personal Information and Limit the Use of My Sensitive Personal Information controls to opt out of sharing and limit non-essential uses of sensitive personal information.
To submit a request to know, delete, correct, port, or limit, email privacy@omoggle.com from the email address on your Omoggle account, or use the in-product Account > Delete Account flow for deletion. We verify requests by matching the requesting email to the authenticated account on file. We respond within 45 days as permitted by California Civil Code §1798.130(a)(2). You may designate an authorized agent to submit a request on your behalf; we may require the agent to provide proof of authorization and may require you to verify your identity directly.
In the preceding 12 months we have collected the categories described in Section 4 above (identifiers, account credentials managed by Supabase, internet/network activity, geolocation inferred from IP, commercial information related to subscriptions, and limited sensitive personal information consisting of short-lived in-browser facial landmark coordinates and saved Lab snapshot images). We disclose these categories to the service providers listed in Section 12 (International Transfers and Subprocessors) under written contracts that limit their use of the information to providing services to Omoggle. We do not sell personal information for monetary consideration and do not share personal information for cross-context behavioral advertising.
Users can report another player from the live match interface. Reports may include a screenshot of the reported user's video feed plus a category and description. Report evidence is stored in a private bucket accessible only to the moderation team and is treated as sensitive personal information under the CCPA/CPRA.
Omoggle is an "electronic communication service" under U.S. federal law. If we obtain actual knowledge of apparent child sexual abuse material (CSAM), child sexual exploitation, child sex trafficking, or enticement of a minor, we are required by 18 U.S.C. §2258A (as amended by the REPORT Act of 2024) to report to the National Center for Missing & Exploited Children (NCMEC) CyberTipline as soon as reasonably possible. We may voluntarily use NCMEC-provided hash lists and industry hash-matching tools (such as PhotoDNA and Thorn Safer) to identify known CSAM at upload paths before any human review. Reports submitted to NCMEC, and the underlying evidence, are preserved for at least one year (or longer if requested by law enforcement) and are not subject to user deletion requests during the preservation period.
In addition to hash-matching at upload paths, Omoggle uses an on-device classifier (NSFW.js, an open-source machine-learning model running in your browser) to analyze frames from broadcasting users during 1v1 matches and pre-match queues. One frame per second is evaluated locally; only when the model classifies content as explicit across three consecutive frames does Omoggle treat the moment as a detection event. On a detection event, a single representative frame and the model's confidence scores are sent to private moderation storage and the nsfw_detections audit log, accessible only to our trust-and-safety team. During the initial calibration period of this feature, detection events are logged but do not result in automated session termination or sanctions — this period allows us to validate classifier accuracy before enabling automated enforcement. Stored frames are retained for 30 days unless flagged for ongoing investigation, subject to a legal hold, or covered by the §2258A 90-day preservation rule for suspected CSAM.
Under the federal TAKE IT DOWN Act (Pub. L. 119-—, May 19 2025), Omoggle provides a clearly disclosed process for victims to request removal of nonconsensual intimate imagery (NCII), including AI-generated deepfakes intended to cause harm. To submit a takedown request, visit /takedown or email takedown@omoggle.com. Valid requests receive an action within 48 hours of receipt.
We respond to lawful government requests for user information consistent with applicable law. We require valid legal process appropriate to the type of information sought (for example, a subpoena for basic subscriber information, a court order for non-content records, and a warrant for content). Where permitted by law, we will notify affected users before disclosure. Emergency disclosure requests are handled on a case-by-case basis under 18 U.S.C. §2702(b)(8) standards. Send formal legal process to the legal contact in Section 16.
Omoggle maintains administrative, technical, and physical safeguards designed to protect personal information appropriate to its sensitivity, including encryption in transit, scoped database access controls, rate limiting and signature verification on payment webhooks, and isolated private storage buckets for biometric-adjacent media. No system is perfectly secure, and we do not guarantee that unauthorized access will never occur.
If we determine that an unauthorized acquisition of unencrypted personal information has occurred, we will provide notice to affected individuals and to the California Attorney General as required by California Civil Code §1798.82, in the form and within the timing required by law. To report a suspected security incident or vulnerability, contact security@omoggle.com.
Omoggle operates globally. Non-biometric data (account info, match metadata, payment metadata, and analytics events) may be processed on servers located outside your country, including the United States. Where EU/UK data is transferred, we rely on Standard Contractual Clauses with the subprocessors below.
Each subprocessor is engaged under a written agreement that restricts their use of personal information to providing services to Omoggle.
Omoggle is an 18+ service. The Arena involves live 1v1 video and is not designed for, marketed to, or directed at children under 18. Account creation, the camera challenge, and entry to the Arena require an explicit 18+ acknowledgment. We do not knowingly collect personal information from anyone under 18, and we do not knowingly process or sell the personal information of consumers under 16 years of age. If we learn that we have collected data from someone under 18, we will delete it promptly.
We have considered the California Age-Appropriate Design Code (AADC) and structured the Service to discourage minor access: the 18+ self-attestation, the live-camera entry gate, the absence of profile-based behavioral advertising, and our general prohibition on selling or sharing personal information. We continue to monitor whether the Service is likely to be accessed by children and will adjust controls if our analysis changes.
Parents or guardians who believe their child has submitted information to Omoggle should contact privacy@omoggle.com and we will delete the affected account and associated information.
We may update this Privacy Policy from time to time. Material changes will be announced via the app or by email. The "Last Updated" date at the top of this page reflects the most recent revision.
Omoggle LLC expressly prohibits the use of the Service — including its platform, API endpoints, match infrastructure, video feeds, avatar system, leaderboard data, Lab report engine, MediaPipe integration, and any associated content or output — for purposes that infringe upon the intellectual property rights of any third party. Without limiting the foregoing, the following are strictly prohibited:
Enterprise, business, or automated access to the Service for any of the above purposes is prohibited without a separate written agreement with Omoggle LLC. Violations may result in immediate account termination, IP-level blocking, and/or legal action.
Questions, concerns, or requests regarding this Privacy Policy or our data handling practices can be sent to privacy@omoggle.com. We respond to verifiable requests within 30 days (or 45 days for CCPA requests, as permitted by statute).