Privacy Policy

1. Overview

Oscilot ("we," "our," or "us") is a communication platform currently in active development. This Privacy Policy describes how we collect, use, and protect information about you when you use our services, including our website at oscilot.com and any associated applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. We take your privacy seriously and are committed to being transparent about our practices.

2. Information We Collect

Information you provide directly:

• Account information such as your username, email address, and password when you register.
• Profile information you choose to add, including a display name or avatar.
• Messages, files, and other content you send or upload through the Service.
• Communications you send to us directly, such as support requests or feedback.

Information collected automatically:

• Log data including IP address, browser type, pages visited, and timestamps.
• Device information such as operating system and hardware identifiers.
• Usage data including features accessed and interactions with the Service.

Information from connected third-party services:

• If you connect a Spotify or Twitch account, we receive your account username and access tokens to display your activity. We do not store your Spotify or Twitch passwords.
• If you use the desktop app, we may collect the names of running processes on your device solely for the purpose of detecting active games to display as activity status. This data is not stored persistently.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service.
• Create and manage your account.
• Deliver messages and content between users as intended.
• Display activity status (games, music, streaming) to other users based on your privacy settings.
• Monitor for and respond to abuse, fraud, or security incidents.
• Communicate with you about updates, changes, or support matters.
• Comply with applicable legal obligations.

We do not sell your personal information to third parties.

4. Data Retention

We retain your account data for as long as your account is active. Message history and uploaded content are stored for the duration of the relevant server or channel's existence. You may request deletion of your account and associated data at any time by contacting us at [email protected].

As a beta product, we may reset or delete data at any time as part of development operations. We will make reasonable efforts to notify users in advance of any planned data resets.

5. Data Security

We implement industry-standard security measures to protect your information, including encrypted connections (TLS) for data in transit and access controls for data at rest. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Third-Party Services

The Service integrates with third-party services to provide certain functionality:

• LiveKit — real-time voice and video infrastructure. Audio and video streams are processed through LiveKit's servers.
• Cloudflare — CDN, DNS, and edge infrastructure. Cloudflare may process connection metadata per their privacy policy.
• Spotify — if you connect your Spotify account, we access your currently playing track to display listening activity. We do not access your listening history or playlists.
• Twitch — if you connect your Twitch account, we receive stream status events to display streaming activity. We do not access your stream content or subscriber data.
• Resend — transactional email delivery for account verification, password reset, and security alerts.

These providers process data only as necessary to deliver their services and are bound by their own privacy policies.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access. You may request a copy of the personal information we hold about you.
• Correction. You may request that we correct inaccurate or incomplete information. Many fields can be updated directly in your account settings.
• Deletion. You may request deletion of your account and associated personal data by contacting [email protected]. Some data may be retained to comply with legal obligations or resolve disputes.
• Opt-out of activity sharing. You can control what activity (games, music, streaming) is visible to others in your privacy settings at any time.
• Disconnect integrations. You may disconnect your Spotify or Twitch account at any time from your activity settings, which will stop activity sharing and remove your stored access tokens.

To exercise any of these rights, contact us at [email protected].

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know. You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete. You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct. You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing. We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm this.
• Right to Limit Use of Sensitive Personal Information. We do not use sensitive personal information beyond what is necessary to provide the Service.
• Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, contact us at [email protected]. We will respond within 45 days as required by law.

9. International Users and Data Transfers

Oscilot is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your information to the United States. We take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that we are currently in beta and not yet compliant with all requirements of the GDPR. We intend to address GDPR compliance prior to any broader commercial launch. If you have specific concerns about GDPR compliance, please contact us at [email protected].

10. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the new policy on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or your data, please reach out at [email protected].