Privacy Policy

Last updated: March 13, 2026

1. Introduction

Yung Entertainment GmbH ("we", "us", "our") operates Omen ("the Platform") at omen.dog. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

We collect the following categories of data:

Account and Identity

  • Email address (if using email sign-in)
  • OAuth profile information from linked accounts (Discord, Twitter/X): username, email, profile image
  • Cryptocurrency wallet addresses (Solana public keys)
  • Wallet signature data for authentication (message signatures, not private keys)
  • Username, display name, avatar, bio
  • Session tokens and authentication state

Profile and Preferences

  • Profile theme, accent color, section ordering preferences
  • Mood/status text and emoji
  • Privacy settings (profile visibility, activity visibility, friend list visibility)
  • Notification preferences (push, email, per-category toggles)
  • Appearance preferences (dark mode, theme selection)
  • Anti-phishing security phrase and image

Creations and Content

  • Creation files, metadata (name, description, category, tags), icons, and screenshots
  • Publishing history and version data
  • Security scan results from automated content review
  • External URLs linked as external creations

Items and Inventory

  • Items owned, including rarity, metadata, visibility, and featured status
  • Item transfer history (sender, recipient, timestamps)
  • Redeem code usage

Social and Activity

  • Friend connections and block lists
  • Online/offline presence status and current activity (which creation you are viewing)
  • Activity events (items earned, creations published, friends added, stars given)
  • Star ratings and visit counts on creations
  • Multiplayer room participation (ephemeral; messages are not permanently stored)

Daemon Data

  • Daemon name, appearance, and equipped accessories
  • Activity statistics (sessions, publishes, build results, session duration)
  • Computed personality traits (derived from activity patterns over 90 days)
  • Earned badges and milestones
  • Daemon meeting records (profile visit interactions between daemons)

Virtual Currency

  • Omen Sparks balance, transaction history, and earnings
  • Purchase records (Sparks purchased with real money)
  • Spending records (Sparks spent in creations and the Omen Store)
  • Subscription status and history

Technical Data

  • Device and browser information for security and compatibility
  • IP address (used temporarily during wallet authentication, cleared after verification; also used for rate limiting and account creation limits)
  • Push notification device tokens

3. How We Use Your Data

Your data is used to:

  • Authenticate your identity and manage your account
  • Display your profile, creations, items, and daemon to other users in accordance with your privacy settings
  • Enable social features (friends, presence, activity feeds, multiplayer)
  • Process item transfers, redeem codes, and virtual currency transactions
  • Compute daemon traits, appearance evolution, and badge awards
  • Perform automated security scanning on published content
  • Enforce content moderation policies and the strike system
  • Deliver push notifications based on your notification preferences
  • Distribute Creator Fund earnings based on verified engagement
  • Prevent abuse (rate limiting, account creation limits, fraud detection)
  • Improve and maintain the Platform

4. Wallet Data

When you authenticate with a Solana wallet, we store your public wallet address. The signature process is read-only and does not grant us access to your private keys or funds. We never request or store private keys. IP addresses used during wallet authentication are cleared after verification is complete.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Discord and Twitter/X: OAuth authentication. We receive your username, email, and profile image as authorized by you.
  • Mailjet: Email delivery for magic link authentication and notifications.
  • Helius: Solana blockchain indexing for wallet verification and NFT lookups.
  • Anthropic (Claude): AI-assisted security review of published creation files. File contents are sent for analysis; no user identity data is included.
  • Stripe: Payment processing for Sparks purchases, subscriptions, and third-party app checkout. When you make a purchase, your email address and name are shared with Stripe to create or update your customer record. Payment card data is handled entirely by Stripe and never touches our servers. Purchases from third-party applications are processed through the app developer's Stripe connected account; transaction metadata (such as your user ID, product ID, and the app involved) is included in the checkout session.
  • Gumlet: Image CDN for avatar and creation image optimization.

We do not sell your personal data to third parties.

6. Third-Party Applications

When you authorize a third-party application built on Omen's API, that application may access your profile data, items, and other information as described on the authorization screen. Third-party applications may also:

  • Issue items to your inventory
  • Store per-user data associated with your account within their application
  • Receive webhook notifications about events involving your data (e.g., item transfers, purchases, subscription changes)
  • Offer products for purchase via Stripe checkout; when you buy from a third-party app, the developer receives confirmation of your purchase including your user ID and the product purchased
  • Send you notifications (subject to your notification preferences and rate limits)

You can revoke any application's access at any time from your account settings. Third-party applications are subject to their own privacy policies.

7. Children's Privacy

Omen provides additional privacy protections for child accounts:

  • Child accounts are created under a parent/guardian's family group.
  • Parental consent is required for child account creation.
  • Parents can view and manage their child's friends, inventory, activity, and spending.
  • Child-published creations undergo additional automated PII scanning to prevent accidental disclosure of personal information.
  • Friend requests, item transfers, and purchases involving child accounts may require parental approval.
  • Stricter Content Security Policies are applied to content published by child accounts.
  • Push notifications can be restricted by parents.

Parents may request access to or deletion of their child's data at any time by contacting us.

8. Data Storage and Security

Your data is stored on secure servers. We employ the following security measures:

  • All connections use HTTPS encryption.
  • Session tokens are encrypted and stored in our database.
  • Webhook payloads are signed with HMAC-SHA256 for verification.
  • Transfer intent tokens are cryptographically signed.
  • Published creations undergo three layers of security scanning before deployment.
  • Content Security Policy headers protect against cross-site scripting.
  • API rate limiting protects against abuse (100 req/min per session, 1,000 req/min server-to-server).

9. Data Retention

We retain your data for as long as your account is active. Specific retention periods:

  • Sessions: Active sessions persist until logout or expiration.
  • Email verification tokens: Expire shortly after issuance.
  • Transfer intents: Expire after 15 minutes (transfers) or 7 days (gifts).
  • Wallet auth nonces: Expire after 30 seconds.
  • Username reservations: Old usernames are reserved for 30 days after a change.
  • Daemon activity: Activity logs used for trait computation cover a rolling 90-day window.
  • Items: Expired items are soft-revoked (visible but unusable) and retained.
  • Creation versions: All published versions are retained for rollback capability.
  • Push notification logs: Delivery records are retained for troubleshooting.
  • Anonymous analytics: 90 days detailed, then aggregated into daily counts (no personal data).
  • Authenticated page views: 30 days detailed, then aggregated into weekly summaries.
  • Security logs: 12 months, then deleted.

When you delete your account, your personal data is removed. Some anonymized or aggregated data may be retained for platform analytics.

10. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data ("right to be forgotten"). You can delete your account from your settings at any time.
  • Restriction: Request restriction of processing of your data.
  • Objection: Object to processing of your data for specific purposes.
  • Portability: Request a machine-readable export of your data.

To exercise these rights, contact us at support@omen.dog or at the address listed in our Impressum. We will respond within 30 days.

11. Privacy Controls

You can control your privacy through your account settings:

  • Profile visibility: Set your profile to public, friends-only, or private.
  • Activity visibility: Control whether your activity appears in friends' feeds.
  • Friend list: Choose whether your friend list is visible to others.
  • Item visibility: Set individual items to public or private.
  • Online status: Control whether your presence status is shown to friends.
  • Notifications: Configure which notifications you receive and through which channels.
  • Application access: Review and revoke third-party application permissions.

12. Cookies and Local Storage

We use the following client-side storage:

  • Session cookie: An essential cookie for authentication and session management. Strictly necessary for the Platform to function.
  • Local storage: Used for appearance preferences (dark mode, theme), UI state (collapsed sections, dismissed notices), and email sign-in memory. No tracking or analytics data is stored.

We do not use advertising cookies, tracking pixels, or third-party analytics services that track users across websites.

13. Analytics

Omen collects anonymized, aggregated usage data to improve the platform. This data is:

  • Collected server-side (no tracking scripts in your browser)
  • Not tied to your identity for analytics purposes
  • Never shared with third parties
  • Never used for advertising
  • Stored on Omen's servers

We do not use cookies for analytics. The only cookie Omen sets is a functional session cookie required for login. No consent banner is required or displayed because our analytics are cookieless and do not process personal data for tracking purposes.

For anonymous visitors, we generate a daily-rotating hash from request metadata to count unique visits. This hash cannot be reversed to identify you and changes every day.

For logged-in users, we record page views tied to your account and track which features you discover for the first time. This data is used to understand which features are useful and which need better discoverability. Detailed page views are retained for 30 days, then aggregated into summary counts.

What Omen does NOT do

  • No third-party analytics (no Google Analytics, no Mixpanel)
  • No tracking cookies
  • No browser fingerprinting
  • No cross-site tracking
  • No advertising profiles
  • No selling or sharing data with third parties
  • No mouse movement or scroll tracking
  • No tracking pixels or web beacons
  • No third-party SDKs that phone home

14. Security Logging

We log security-related events (login attempts, account changes, rate limit violations) including IP addresses for the purpose of detecting and preventing unauthorized access. These logs are retained for 12 months and are only accessed for security investigations. This processing is based on GDPR's legitimate interest basis for security purposes.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or email. The revision date at the top of this page indicates when it was last updated.

16. Contact

For questions about this Privacy Policy or to exercise your data rights, contact Yung Entertainment GmbH at the address listed in our Impressum or email us at support@omen.dog.