Privacy Policy
Last Updated: February 10, 2026
1. Introduction
Welcome to Osmium. We understand privacy policies can be dense, so we've worked to make this as clear as possible while covering everything you need to know.
This Privacy Policy explains how Osmium ("we," "us," or "our") collects, uses, and protects your personal information when you use our messaging platform (the "Service"). By using Osmium, you agree to the collection and use of information as described in this policy.
Contact us: [email protected]
2. Information We Collect
2.1 Information You Provide to Us
Account and Profile Information: When you create and use your Osmium account, you provide information such as your email address, username, password, and any optional profile details you choose to add (like display name, profile photo, or status message).
Your Content: To provide the Service, we store the messages, files, images, voice messages, and other content you share through Osmium.
Voice and Video Calls: Audio and video calls are transmitted in real-time using encrypted connections. We do not record or store the content of your calls. Some call metadata (participants, duration, time) may be included in associated messages.
Payment Information: When you purchase Premium subscriptions, payment details are transmitted securely to our payment providers. We do not directly store, manage, or handle your payment information.
2.2 Information Collected Automatically
Technical Information: IP address, device type, operating system, browser type and version, language preferences, and general location (country/region level) necessary for service operation and security.
Cookies and Similar Technologies: We use strictly necessary cookies to maintain your session and enable core functionality. We do not use cookies for advertising, tracking across websites, or building advertising profiles.
3. How We Use Your Information
We process your personal information based on the following legal grounds under GDPR:
3.1 To Provide and Improve the Service (Contract Performance)
- Creating and maintaining your account
- Enabling messaging, voice/video calls, and server communities
- Storing and delivering your content to intended recipients
- Processing subscriptions and managing billing
- Providing customer support and responding to your requests
- Improving features, performance, and user experience
- Developing new features and services
3.2 For Platform Security and Safety (Legitimate Interest)
- Detecting and preventing fraud, spam, and abuse
- Enforcing our Terms of Service and Community Guidelines
- Maintaining platform safety and security
- Preventing harassment and protecting user safety
- Troubleshooting technical issues and bugs
- Conducting security assessments and audits
3.3 With Your Consent
- Sending promotional emails and service updates (you can opt out anytime)
- Connecting and displaying third-party account information
- Optional analytics to improve your experience
You can withdraw your consent at any time through your account settings or by contacting us. Withdrawal won't affect the lawfulness of processing before withdrawal.
3.4 To Comply with Legal Obligations
- Responding to legal requests and court orders
- Complying with applicable laws and regulations
- Protecting our legal rights and interests
4. How We Share Your Information
We do not sell your personal data. We share information only in the following limited circumstances:
With Other Users
Your profile information, messages, and content are visible to other users according to your privacy settings and the nature of the Service. For example:
- Messages you send in communities are visible to community members
- Your profile is visible to users who share communities or chat with you
- Direct messages are visible only to message participants
Payment Processors
We use trusted third-party payment processors to handle Premium subscriptions securely. These providers are contractually obligated to protect your data and can only use it to provide payment services to us.
All other data is managed exclusively by Osmium. We operate our own infrastructure and do not share your data with other third-party service providers for analytics or other purposes.
International Data Transfers
Osmium operates regional servers. You're assigned to a region based on your location. If you communicate with users in a different region, your messages and basic profile information are transferred to that region's servers to deliver the Service.
We implement appropriate safeguards for international transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption in transit and at rest
- Security assessments of data transfer mechanisms
Legal Requirements
We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:
- Comply with legal obligations, court orders, or government requests
- Protect against legal liability
- Protect the rights, property, or safety of Osmium, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
- Enforce our Terms of Service
5. Data Retention
Active Accounts: We retain your data while your account is active and for as long as necessary to provide the Service.
Inactive Accounts: Accounts with no login activity for two (2) consecutive years will be automatically scheduled for deletion. We will send notice to your registered email address before deletion, giving you an opportunity to keep your account active.
Deleted Accounts: When you delete your account:
- Your account data is retained for up to thirty (30) days to allow account recovery if you change your mind.
- After thirty (30) days, your personal data is permanently deleted or irreversibly anonymized from our production systems.
Messages: Messages you delete are removed from active systems without undue delay. In communities where Delete Protection is enabled, deleted channels and their content may be retained for up to forty-eight (48) hours before permanent removal.
Backups: Deleted account data may persist in backups for up to 90 days after deletion before being permanently purged.
6. Your Privacy Rights
Under GDPR and other data protection laws, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Correct any inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances.
Right to Restrict Processing: Request that we limit how we use your data in certain situations.
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transfer it to another service.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw consent at any time where we rely on consent as the legal basis for processing.
Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your privacy rights.
To exercise these rights, contact us at [email protected]. We'll respond within 30 days. We may need to verify your identity before fulfilling your request.
You can also manage many privacy settings directly in your account:
- Download your data
- Delete your account
- Manage connected accounts
- Control who can message you
- Adjust privacy and safety settings
7. Security
We take the protection of your data seriously and implement reasonable technical and organizational measures to help safeguard it. These measures include:
- Encryption in transit: TLS/SSL encryption is used to protect data while it is transmitted.
- Encryption at rest: Sensitive data in our databases and file storage is encrypted using industry-standard methods.
- Access controls: We maintain policies and authentication requirements to limit access to personal data to authorized personnel only.
- Security monitoring: We monitor our systems for potential security threats and vulnerabilities.
- Periodic reviews: We conduct security assessments and testing to help identify risks and improve our practices.
- Incident response: We have processes in place to detect, respond to, and remediate security incidents.
Important Limitation: Osmium does not currently provide end-to-end encryption for messages. We encrypt data in transit and at rest, but message content is processed on our servers. While we have technical access to message content, we do not proactively access, read, or monitor your messages. Message content is only accessed when: (1) you report content for review, (2) we receive a valid legal request or court order, or (3) as described in Section 9. If end-to-end encryption is essential for you, you may wish to use a service that offers this feature.
8. Age Restrictions
You must meet the minimum age requirements to use Osmium:
- European Union: 16 years or older
- Other jurisdictions: You must meet the minimum age of digital consent in your country
If you are under the age of digital consent in your jurisdiction, you must have permission from a parent or legal guardian to use the Service.
We do not knowingly collect personal information from anyone below the applicable minimum age. If you're a parent or guardian and believe your child has provided us with personal information without meeting age requirements, please contact us immediately at [email protected]. We will delete such information promptly.
If we discover we've inadvertently collected data from someone below the minimum age, we will delete it as soon as possible.
Important: Misrepresenting your age or providing false information may result in account suspension or termination as outlined in our Terms of Service.
9. Automated Decision-Making
We use automated systems for:
Content Moderation: We use automated hash-matching technology to compare uploaded files against known child sexual abuse material (CSAM) hashes provided by trusted organizations. We do not scan or analyze the contents of messages or files beyond this.
Anti-Abuse Measures: Automated systems such as rate limiting, spam detection, and suspicious activity monitoring to prevent abuse, fraud, and service disruption.
These automated systems may result in temporary restrictions (rate limits, temporary suspensions) or content removal. You have the right to request human review of any automated decision that significantly affects you. Contact [email protected] to request manual review.
10. Marketing Communications
Promotional Emails: We send promotional emails only if you opt in during registration or in your account settings. These include feature announcements, tips, and special offers.
Service Communications: We send service-related emails necessary for your account, including:
- Security alerts and password changes
- Payment confirmations and billing issues
- Important policy or service changes
- Account activity notifications
You can opt out of promotional emails anytime by:
- Clicking the unsubscribe link in any promotional email
- Adjusting email preferences in your account settings
Note: You cannot opt out of essential service communications as they're necessary for account security and service delivery.
11. Third-Party Services
Connected Accounts
When you connect third-party services (Steam, Spotify, etc.), those services may share information with Osmium according to their own privacy policies and your permission settings. We recommend reviewing their privacy policies.
Links to Other Sites
Osmium may contain links to third-party websites or services we don't operate. This Privacy Policy doesn't apply to those services. We're not responsible for third-party privacy practices and encourage you to read their privacy policies.
Third-Party Integrations
If you use third-party bots, integrations, or applications within Osmium, those developers may have access to certain information you share. Review their permissions carefully.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make material changes, we will notify you by email or through the Service (such as in-app notices or banners), and we will update the "Last Updated" date at the top of this policy.
We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes become effective constitutes your acceptance of the updated policy.
For significant changes that affect your rights, we'll provide at least 30 days' notice and may require your affirmative consent.
13. International Users
Osmium operates globally, and by using the Service, you acknowledge that your information may be transferred to and processed in countries with different data protection laws. For users in the EEA, UK, and Switzerland, we maintain appropriate safeguards, including Standard Contractual Clauses, to protect your data. For more details, see Section 4: International Data Transfers.
14. Data Controller
For GDPR purposes, the data controller responsible for your personal information is:
Email: [email protected]
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Email: [email protected]
We'll respond to all inquiries within 30 days.
16. Data Protection Authority
You have the right to lodge a complaint with your local supervisory authority if you believe we've violated your privacy rights.
For EU/EEA users: Find your local data protection authority at https://edpb.europa.eu/about-edpb/board/members_en
For UK users: Information Commissioner's Office (ICO) at https://ico.org.uk