Home/Legal/Privacy Policy
Legal

Privacy Policy

This policy explains how Oxaide Research handles account data, private research content, usage records, and privacy requests.

Effective: July 12, 2026Private by defaultSharing is opt-in

Privacy contact

Questions or data requests?

Contact us about access, correction, deletion, portability, consent, or any concern about how your data is handled.

Privacy contact

privacy@oxaide.com

Data controller

Rocketship Pte. Ltd., UEN 201806463W, trading as Oxaide

Privacy at a glance

Private research

Conversations, files, saved theses, watchlists, and monitoring results are private to the workspace unless an authorised user chooses to share them.

No data sale

We do not sell or rent personal data, and we do not use private research content for third-party advertising.

Service providers

Data is processed by the infrastructure, payment, model, communications, and research providers needed to operate the Service.

No trading secrets

Do not submit passwords, seed phrases, private keys, or write-enabled exchange, broker, wallet, or trading credentials.

1Information We Collect

1.1 Information you provide

Account and profile data:Name, email address, workspace and team membership, preferences, and account settings.
Billing data:Plan, subscription status, Stripe customer and transaction references, invoices, billing contact details, and limited payment metadata. Stripe processes full payment card details.
Research content:Questions, conversations, prompts, files, notes, source references, saved theses, watchlists, positions or assumptions you choose to include, generated responses, and evidence-monitoring instructions and results.
Sharing and collaboration data:Workspace permissions, invited members, sharing choices, share-link records, and actions taken by authorised workspace users.
Communications:Support requests, feedback, privacy requests, and other messages you send to us.

1.2 Information collected through use

Usage and entitlement data:Completed turns, trial and plan limits, feature use, timestamps, workspace activity, and subscription entitlements.
Runtime and tool records:Request identifiers, tool activity, source retrievals, errors, performance information, and operational logs needed to run, protect, and troubleshoot the Service.
Device and network data:IP address, browser and device type, operating system, referring page, approximate location derived from IP, and security signals.
Cookie data:Session, security, preference, and analytics information described in Section 9.

1.3 Information you should not submit

Oxaide Research does not need your passwords, seed phrases, wallet private keys, or write-enabled credentials for an exchange, broker, wallet, bank, or trading system. Do not place those secrets in conversations, files, saved theses, watchlists, or support messages. If you submit them accidentally, contact us promptly and rotate or revoke them with the relevant provider.

2How We Use Information

2.1 Provide Oxaide Research

  • Authenticate users, maintain workspaces, and apply member permissions
  • Process questions and files, retrieve sources, produce research responses, and preserve research history
  • Save theses and watchlists and run requested evidence-change monitoring
  • Create and manage opt-in sharing features selected by authorised users
  • Measure completed turns, enforce trial and subscription limits, and protect against uncapped runtime spend

2.2 Operate and protect the Service

  • Process subscriptions, payments, invoices, cancellations, and account administration
  • Provide support and send transactional, security, billing, and monitoring communications
  • Detect abuse, investigate incidents, debug failures, maintain reliability, and enforce our Terms
  • Understand feature use and improve product quality using feedback, service telemetry, and aggregated or deidentified information where reasonably possible
  • Comply with law, respond to lawful requests, and establish, exercise, or defend legal claims

The legal basis depends on the information, purpose, and jurisdiction. Where laws such as the GDPR or Singapore PDPA apply, we rely on the following bases as appropriate:

Basis
Contract
Typical purpose
Creating accounts, providing research features, enforcing limits, billing, and support.
Basis
Legitimate interests
Typical purpose
Security, fraud prevention, reliability, product improvement, and business administration, balanced against your rights.
Basis
Consent
Typical purpose
Optional marketing, optional sharing, and other processing where consent is requested. Consent may be withdrawn.
Basis
Legal obligation
Typical purpose
Tax, accounting, regulatory, court, and lawful government requirements.

Under the Singapore PDPA, we collect, use, and disclose personal data with consent or another basis permitted by law. Withdrawing consent may limit features that require the affected data.

4Providers and Sharing

4.1 Service providers

We disclose information to vendors acting for us when needed to operate the Service. Their role, location, and data access depend on the feature you use. Core provider categories currently include:

Provider or category
Supabase
Purpose
Account authentication, workspace records, databases, and storage.
Provider or category
Cloudflare
Purpose
Website delivery, network protection, edge services, and parts of application hosting.
Provider or category
Microsoft Azure and model providers
Purpose
Model inference and related processing needed to produce research responses.
Provider or category
Stripe
Purpose
Subscription checkout, payment processing, invoices, and billing administration.
Provider or category
Communications and operations providers
Purpose
Transactional email, support, error reporting, and service monitoring.
Provider or category
Research and tool providers
Purpose
Retrieving public, licensed, or user-directed sources and running tools requested through the Service.

Providers and subprocessors may change as the Service changes. We require providers to handle data for the relevant service purpose and subject to their applicable contractual and legal obligations.

4.2 Other disclosures

  • With workspace owners, members, or administrators according to their permissions
  • With recipients you choose through an explicit share action or share link
  • With professional advisers, auditors, insurers, and authorities where reasonably necessary or legally required
  • To protect users, Oxaide, providers, or the public from fraud, abuse, security threats, or unlawful conduct
  • In connection with a financing, merger, acquisition, restructuring, or sale, subject to appropriate confidentiality and notice where required

4.3 Private by default and opt-in sharing

We do not make private research content public by default. An authorised user must take an affirmative sharing action before a memo or other supported item is shared outside the workspace. Users control what they share and are responsible for recipient access. Revoking a link cannot remove copies already downloaded, forwarded, indexed, or retained by a recipient.

5Research and Runtime Boundaries

  • Oxaide manages accounts, workspaces, subscriptions, plan entitlements, usage measurement, and the authority to start a paid research turn.
  • The research runtime and its model and tool providers process authorised prompts, files, source requests, conversations, and outputs to perform the requested research task.
  • Payment credentials, Stripe secrets, price configuration, and subscription mutation authority are not provided to the research runtime.
  • The Service does not require and must not receive passwords, seed phrases, private keys, or write-enabled trading credentials.
  • Oxaide does not use Customer Content to execute trades, take custody of assets, or manage an investment account.

6Security

We use administrative, technical, and organisational measures designed to protect information in light of its nature and the risks involved. Measures may include:

  • Encrypted network transport and storage protections supplied by our infrastructure providers
  • Authentication, workspace permissions, access restrictions, and separation of billing authority from research execution
  • Logging, monitoring, backups, updates, incident handling, and provider security controls where appropriate
  • Access limitation for personnel and service providers based on operational need

No online service is completely secure. You are responsible for protecting your sign-in methods, devices, workspace invitations, exported files, and share links, and for notifying us promptly of suspected unauthorised access.

7Retention and Deletion

We retain information for as long as reasonably necessary to provide the Service, maintain research history and requested monitoring, administer an active account, meet legal and accounting obligations, resolve disputes, enforce agreements, protect security, and support legitimate business operations.

  • Retention varies by data type, account status, workspace settings, provider systems, and legal requirements.
  • When information is no longer required, we delete it or anonymise it according to our operational processes, subject to lawful exceptions.
  • Deleted information may remain temporarily in backups, security logs, fraud-prevention records, or provider systems until ordinary deletion cycles complete.
  • Aggregated or deidentified information may be retained where it no longer reasonably identifies an individual.
  • You may request account or personal-data deletion at privacy@oxaide.com. We may verify identity and retain limited records where required or permitted by law.

8Your Rights and Choices

Depending on where you live, you may have rights concerning your personal data. These can include:

  • Accessing personal data and information about how it is used
  • Correcting inaccurate or incomplete personal data
  • Requesting deletion, restriction, or objection to certain processing
  • Receiving portable data where the right applies and the format is technically available
  • Withdrawing consent without affecting earlier lawful processing
  • Opting out of marketing communications through the message link or by contacting us
  • Complaining to the relevant privacy or data protection authority

Send requests to privacy@oxaide.com. We may ask for information needed to verify your identity, authority, workspace relationship, and jurisdiction. We will respond within the period required by applicable law. Certain rights are subject to legal exceptions.

9Cookies and Analytics

Essential cookies:Keep you signed in, maintain sessions, route requests, remember security state, and provide core features.
Preference storage:Remembers interface and account choices where available.
Analytics and performance:Helps us understand visits, feature use, errors, and service performance where enabled.

You can control cookies through browser settings and any controls we make available. Blocking essential cookies may prevent sign-in or other core features. Browser-based global privacy signals are honoured where required by applicable law and technically supported.

10International Transfers

Oxaide is based in Singapore, and our providers may process information in Singapore and other countries. Those countries may have different privacy laws. Where required, we use contractual or other recognised safeguards and take steps intended to provide a standard of protection comparable to applicable requirements.

11Children

The Service is for adults and is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can review and take appropriate action.

12Data Breaches

We investigate suspected personal-data breaches and take containment and remediation steps appropriate to the circumstances. When applicable law requires notification to an authority or affected person, we will provide it within the legally required period and include the information required by that law.

13Changes to This Policy

We may update this policy as the Service, providers, or law changes. We will post the updated policy with a new effective date and provide additional notice when required by law or when a change materially affects your rights. Your continued use after the effective date is subject to the updated policy.

14Contact

Data controller

Rocketship Pte. Ltd.

UEN 201806463W, trading as Oxaide

Registered address

21 Collyer Quay

Singapore 049320

Privacy and data protection

privacy@oxaide.com

General support

support@oxaide.com

If we do not resolve your concern, you may contact the Personal Data Protection Commission of Singapore or the competent privacy authority in your jurisdiction.

By using Oxaide Research, you acknowledge that you have read and understood this Privacy Policy.

Version 4.0
Effective: July 12, 2026