Privacy Policy

Effective date: April 7, 2026

Oscom ("we," "us," or "our") operates the website oscom.ai and the application at app.oscom.ai(collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service.

1. Information We Collect

1.1 Account Information

When you create an account we collect your name, email address, and billing information (processed securely through Stripe). We also store your profile information as provided during registration.

1.2 Information from Google APIs

With your explicit consent, we access certain data from Google services through OAuth 2.0 authorization. The specific scopes we request include:

  • Google Account Info: your name, email address, and profile picture (used for authentication and account display).
  • Google Search Console (readonly) : search performance data, keyword rankings, and indexing status (used to power SEO analytics within the platform).
  • Google Analytics (readonly) : website traffic and audience metrics (used to display unified analytics dashboards).
  • Gmail (readonly): email message metadata and content (used to surface daily operational summaries and outreach tracking).
  • Google Calendar (readonly) : calendar event data (used to display scheduling context within your dashboard).

We only request the minimum scopes necessary for each feature. You choose which integrations to enable, and you can revoke any integration at any time from your account settings or directly from your Google Account permissions page.

1.3 Usage Data

We automatically collect technical information such as IP address, browser type, device information, pages visited, features used, and interaction timestamps. This data helps us improve the Service and diagnose issues.

1.4 Cookies

We use essential cookies to maintain your session and authentication state. Analytics cookies help us understand how visitors interact with our website. You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Display analytics dashboards, SEO insights, and operational summaries using data from your connected integrations
  • Process transactions and send billing-related communications
  • Send service-related notices (e.g., security alerts, feature updates)
  • Improve, personalize, and expand the Service
  • Respond to support requests and customer service inquiries
  • Comply with legal obligations

3. Google API Services User Data Policy

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access Google user data that is necessary to provide the features you have enabled.
  • We do not use Google user data for serving advertisements or for any advertising-related purpose.
  • We do not sell, lease, or trade Google user data to third parties.
  • We do not use Google user data for purposes unrelated to providing or improving the user-facing features of the Service.
  • We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

4. Data Storage and Security

Your data is stored on secure, encrypted infrastructure. We implement the following measures to protect your information:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
  • Encryption at rest: Stored data, including OAuth tokens and cached Google API data, is encrypted using AES-256 encryption.
  • Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis.
  • Token security: OAuth refresh tokens are stored in encrypted form. We never store your Google account password.

5. Data Retention and Deletion

We retain your account data for as long as your account is active or as needed to provide the Service. Cached data from Google APIs is retained only for the duration necessary to deliver the relevant feature (typically refreshed at each session and not stored beyond 30 days).

When you delete your account or revoke a Google integration:

  • All associated OAuth tokens are immediately revoked and deleted from our systems.
  • Cached Google API data for that integration is deleted within 30 days.
  • Account data is deleted within 30 days, except where retention is required by law (e.g., billing records).

You may request immediate deletion of all your data by contacting us at hello@oscom.ai. We will process such requests within 30 days.

6. Third-Party Services

We use the following categories of third-party services to operate the platform:

  • Payment processing: Stripe processes your billing information. We do not store your full credit card number.
  • Cloud infrastructure: We use Vercel and AWS for hosting and data storage.
  • AI processing: Certain features use AI models to generate content and insights. Your data is processed per our agreements with these providers and is not used to train their models.
  • Analytics: We use privacy-focused analytics to understand Service usage patterns.

These providers have access only to the information necessary to perform their functions and are contractually obligated to maintain confidentiality.

7. Your Rights

You have the right to:

  • Access your personal data and request a copy of the information we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete your account and all associated data.
  • Revoke any Google integration at any time from your account settings or from your Google Account permissions page.
  • Export your data in a portable format.
  • Object to processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at hello@oscom.ai.

8. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • With your explicit consent.
  • With third-party service providers who assist in operating the Service (as described in Section 6), under strict confidentiality agreements.
  • To comply with legal obligations, enforce our terms, or protect the rights, property, or safety of Oscom, our users, or the public.
  • In connection with a merger, acquisition, or sale of assets, in which case affected users will be notified.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and revising the effective date. If changes are significant, we will also notify you via email or an in-app notification. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

For data protection inquiries specifically related to Google data, you may also reach us at hendrik@oscom.ai.