Skip to content

Privacy Policy

Effective 2026-05-16 · Version 1.0 · Last updated 2026-05-16

GDPRCCPA/CPRAPIPL

1. Overview

We provide a multi-tenant SaaS that helps you monitor public online mentions (e.g., Reddit, X, Naver, Google, Threads), normalize them, and generate summaries and sentiment signals for your workspace. This policy applies to our website, product, and related communications.

2. Data We Collect

We may collect the following categories of data:

  • Account data: name, email address, authentication identifiers, and account settings you provide.
  • Workspace data: workspace name, membership/role information, invite status, and preferences.
  • Monitoring configuration: keywords you enter, source selections, alert rules (thresholds, cooldowns), tags, and related metadata.
  • Notification channel data: destination email addresses and messaging webhook URLs you configure (e.g., Slack incoming webhooks).
  • Service usage data: product actions, feature usage, timestamps, and diagnostic information needed to operate and secure the Service.
  • Device and log data: IP address, user agent, browser/device information, and security logs.
  • Public content processed for you: content snippets, URLs, timestamps, and related public metadata from third-party sources that match your keywords. This content may include personal data depending on what is publicly posted.
  • Billing data (if/when enabled): subscription status and limited transaction metadata from our payment provider. We do not store full card numbers.

3. How We Collect Data

  • Directly from you: when you sign up, log in, configure keywords, and set alert channels.
  • Automatically: through cookies and similar technologies used for authentication, security, and basic functionality.
  • From third-party sources: public content that matches your configured keywords, accessed via official APIs or authorized providers where available.

5. How We Use Data

We use data to:

  • Operate the Service (authentication, workspace access, keyword polling, and alert delivery).
  • Generate summaries, sentiment labels, and embeddings to organize mentions for you.
  • Provide customer support and respond to requests.
  • Monitor reliability, debug issues, and protect against fraud, abuse, and security incidents.
  • Comply with legal requirements and enforce our Terms.

6. Sharing & Third Parties

We share personal data only as needed to run the Service, including with vendors that process data on our behalf (processors/service providers). Examples may include:

  • Hosting and database providers (to store and serve your workspace data).
  • Email delivery providers (to send alert emails and system notices).
  • Messaging platforms you connect (e.g., Slack via webhook URL) to deliver alerts.
  • AI providers (to generate summaries/sentiment/embeddings where enabled).
  • Payment providers (if/when subscriptions are enabled).
  • Security and monitoring providers (to detect and respond to incidents).

We do not sell personal information. We also do not “share” personal information for cross-context behavioral advertising as defined by CPRA.

7. Cookies & Tracking

We use cookies and similar technologies primarily for authentication, session management, and security. These are generally necessary for the Service to function.

  • Essential cookies: sign-in, session persistence, and security protections.
  • Preference cookies: theme and basic UI preferences, where applicable.

You can control cookies through your browser settings. If you disable essential cookies, some features may not work.

8. Retention

We keep personal data only as long as necessary for the purposes described above:

  • Account and workspace data: for as long as your account is active.
  • Monitoring data (mentions, summaries, embeddings): retained while your workspace is active, and deleted or anonymized within a reasonable period after workspace deletion, unless retention is required by law.
  • Logs and security records: generally retained for a limited time for security and troubleshooting, then deleted or aggregated.
  • Billing records (if applicable): retained as required by tax/accounting laws.

9. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect your information, such as access controls, encryption in transit, and audit logging. No system is 100% secure, and we cannot guarantee absolute security.

10. International Transfers

We may process and store data in countries other than your own. Where required by law, we use safeguards for cross-border transfers, such as Standard Contractual Clauses (SCCs), the UK Addendum, or other lawful mechanisms recognized by applicable regulations.

11. Your Rights

Depending on your location, you may have rights regarding your personal data, including:

  • Access: request a copy of your personal data.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal exceptions.
  • Data portability: request transfer of certain data in a structured format.
  • Restriction/objection: object to certain processing or request restriction.
  • Withdraw consent: where processing is based on consent.

To exercise these rights, contact us using the details in the Contact section. We may need to verify your identity before fulfilling requests.

12. U.S. (CCPA/CPRA) Notice

If you are a California resident, you may have rights to know, delete, and correct personal information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.

Categories we may collect include identifiers (e.g., email), internet/network activity (e.g., logs), and professional or commercial information (e.g., subscription status if enabled).

You may exercise your rights by contacting us. You may also designate an authorized agent to submit a request on your behalf, subject to verification.

13. China (PIPL) Notice

If you are located in mainland China, we process personal information in accordance with the Personal Information Protection Law (PIPL). We will obtain separate consent where required, including for cross-border transfers and sensitive personal information, if applicable.

You may have rights to access, copy, correct, delete, and request explanation of processing rules. Contact us to exercise these rights.

14. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will provide a notice through the Service (for example, an in-app notice) and update the “Last updated” date. In some cases, we may also notify you via email.

15. Contact / DPO

If you have questions or requests about this policy or your personal data, contact our Data Protection Officer (or privacy contact) at:

  • Email: privacy@oswarld.com
  • Address: (add your business address here)