Oxaide
Home/Legal/Privacy Policy

Privacy Policy

Your privacy matters. Learn how we collect, use, and protect your information.

Effective: November 27, 2025GDPR CompliantCCPA CompliantPDPA Compliant (Singapore)

Privacy at a Glance

We Do Not Sell Your Data

Your personal information is never sold, rented, or traded to third parties.

Encryption in Transit and At Rest

All data is encrypted in transit and at rest using industry-standard protocols.

You Control Your Data

Access, export, or delete your data anytime through your account settings.

90-Day Data Retention

After account closure, your data is deleted within 90 days.

Legal Entity: Rocketship Pte. Ltd. (trading as Oxaide) • Address: 21 Collyer Quay, Singapore 049320

1Information We Collect

1.1 Personal Data You Provide

Account Information:Name, email address, company name, billing address, and payment information
Profile Data:User preferences, account settings, and subscription details
Content Data:Knowledge base documents, training materials, and AI configuration settings
Interaction Data:Queries, prompt inputs, and automated intake submissions

1.2 Automatically Collected Data

Usage Data:Platform interactions, feature usage, session duration, and performance metrics
Technical Data:IP address, browser type, device information, operating system, and referring URLs
Analytics Data:Conversation statistics, AI agent performance metrics, service utilization patterns
Geolocation Data:Approximate location based on IP address (country, city, timezone)
Cookies:Session cookies, preference cookies, and analytics tracking data

1.3 Third-Party Integrations

Website Scraping:Publicly available content from websites you authorize us to access
Google Workspace:Documents and spreadsheets you explicitly connect for training purposes
API Integrations:Data from CRM systems, calendar applications, and other business tools you connect

2How We Use Your Information

2.1 Service Provision

  • Operate and maintain the Secure Knowledge Engine
  • Process automated intake requests and validate data
  • Deliver enterprise search and retrieval results
  • Provide analytics and performance reporting

2.2 AI Model Training

  • Train AI models using your provided content to improve response accuracy
  • Enhance AI agent performance through interaction analysis
  • Develop new features and improve existing functionality
  • Create aggregated, anonymized insights for platform optimization

2.3 Business Operations

  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Send service updates, security alerts, and administrative communications
  • Comply with legal obligations and enforce our Terms of Service

3Legal Basis for Processing (GDPR & PDPA)

Legal BasisPurposeRegulation
Contract PerformanceProcessing necessary to provide our Services under our Terms of ServiceGDPR / PDPA
Legitimate InterestsPlatform improvement, security, fraud prevention, and customer supportGDPR / PDPA
ConsentMarketing communications and optional data processing featuresGDPR / PDPA
Legal ComplianceCompliance with applicable laws and regulationsGDPR / PDPA
Vital InterestsProtection of vital interests of individuals in emergency situationsPDPA

PDPA Note: Under Singapore's Personal Data Protection Act, we collect, use, and disclose your personal data only for purposes you have consented to, or as permitted by law. You may withdraw consent at any time by contacting our Data Protection Officer.

4Data Sharing and Disclosure

4.1 Service Providers

We share data with third-party vendors who provide essential services:

☁️
Cloud Infrastructure

Secure hosting and data storage

🤖
AI Processing

Natural language processing services

💳
Payment Processing

Stripe for secure payments

📊
Analytics

Performance monitoring

4.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

4.3 Legal Requirements

We may disclose information when required by law, legal process, or to protect rights, property, or safety.

5Data Security and Storage

5.1 Security Measures

  • End-to-end encryption for data transmission and storage
  • Multi-factor authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee security training and access limitation protocols

5.2 Data Location

Standard Cloud

Data is stored in Singapore (primary) or Tier-1 secure regions with appropriate safeguards for international transfers.

Sovereign Edition (Singapore Geo-Pinned)

All Customer Data and AI Model Weights are strictly geo-pinned to Singapore. Infrastructure is managed by Oxaide within Singapore data centers. No data egress to the United States or other jurisdictions occurs.

Air-Gapped / On-Premise

Data is stored entirely on Customer-controlled infrastructure with no network connectivity to Oxaide systems. Customer maintains full custody and responsibility for data security, backup, and compliance. Oxaide has no access to Customer Data unless explicitly granted for support purposes.

5.3 Data Retention

Data TypeRetention Period
Account dataActive subscription + 90 days
Interaction logsUntil deletion requested
Training dataWhile AI agents remain active
Analytics dataAggregated indefinitely

6Your Privacy Rights

EU6.1 GDPR Rights (European Users)

Right to Access:Request copies of your personal data
Right to Rectification:Correct inaccurate personal data
Right to Erasure:Request deletion of personal data
Right to Restrict:Limit how we process your data
Right to Portability:Receive your data in a portable format
Right to Object:Object to processing based on legitimate interests

CA6.2 CCPA Rights (California Users)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Non-Discrimination: Equal service regardless of privacy choices

SG6.3 PDPA Rights (Singapore Users)

Right to Access:Request access to your personal data held by us
Right to Correction:Request correction of errors or omissions in your data
Right to Withdraw Consent:Withdraw consent for data collection, use, or disclosure
Right to Data Portability:Request data in a commonly used format (effective Dec 2025)
Right to be Informed:Know how your personal data is being used

Note: Withdrawal of consent may affect our ability to provide certain services. We will inform you of the consequences before processing your withdrawal request.

6.4 Exercising Your Rights

Contact us at privacy@oxaide.com to exercise your privacy rights. We will respond within 30 days and may require identity verification.

7Cookies and Tracking Technologies

Required
Essential Cookies

Required for platform functionality and security

Optional
Analytics Cookies

Used to improve user experience and platform performance

Optional
Preference Cookies

Store your settings and customizations

You can manage cookie preferences through your browser settings, though disabling essential cookies may affect platform functionality.

8International Data Transfers

We transfer data internationally using Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure adequate protection for your personal data.

9Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

10Data Breach Notification

10.1 Our Commitment

In the event of a data breach that affects your personal data, we are committed to transparency and timely notification in accordance with GDPR, PDPA, and other applicable regulations.

10.2 Notification Timeline

EU

GDPR (European Union)

Notification to supervisory authority within 72 hours of becoming aware, and to affected individuals without undue delay when high risk.

SG
PDPA (Singapore)

Notification to PDPC within 3 calendar days if breach causes significant harm; affected individuals notified as soon as practicable.

10.3 What You Will Be Told

  • Nature of the breach and types of data affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Steps you can take to protect yourself
  • Contact details for our Data Protection Officer

11Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notifications at least 30 days before taking effect. Continued use of our Services constitutes acceptance of the updated policy.

12Contact Information

Data Controller

Rocketship Pte. Ltd.

Trading as Oxaide

Registered Address

21 Collyer Quay

Singapore 049320

Data Protection Officer (DPO)

Name: Lee Wen Jie

Email: privacy@oxaide.com

Status: Registered with the Personal Data Protection Commission (PDPC) of Singapore

For all PDPA, GDPR, and privacy-related inquiries, please contact our DPO directly.

Privacy Inquiries

privacy@oxaide.com

General Support

support@oxaide.com

EU Users: For GDPR-related concerns, you may also lodge a complaint with your local data protection authority.

Singapore Users: For PDPA-related concerns, you may contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.

By using Oxaide's Services, you acknowledge that you have read and understood this Privacy Policy.

Version 3.0Effective: December 1, 2025PDPA/GDPR/CCPA
GDPR/PDPA Compliant
AES-256 encryption
High availability
Business-grade security