Privacy Policy
This policy explains how Oxaide Research handles account data, private research content, usage records, and privacy requests.
Privacy contact
Questions or data requests?
Contact us about access, correction, deletion, portability, consent, or any concern about how your data is handled.
Privacy contact
privacy@oxaide.comData controller
Rocketship Pte. Ltd., UEN 201806463W, trading as Oxaide
Privacy at a glance
Private research
Conversations, files, saved theses, watchlists, and monitoring results are private to the workspace unless an authorised user chooses to share them.
No data sale
We do not sell or rent personal data, and we do not use private research content for third-party advertising.
Service providers
Data is processed by the infrastructure, payment, model, communications, and research providers needed to operate the Service.
No trading secrets
Do not submit passwords, seed phrases, private keys, or write-enabled exchange, broker, wallet, or trading credentials.
1Information We Collect
1.1 Information you provide
1.2 Information collected through use
1.3 Information you should not submit
Oxaide Research does not need your passwords, seed phrases, wallet private keys, or write-enabled credentials for an exchange, broker, wallet, bank, or trading system. Do not place those secrets in conversations, files, saved theses, watchlists, or support messages. If you submit them accidentally, contact us promptly and rotate or revoke them with the relevant provider.
2How We Use Information
2.1 Provide Oxaide Research
- Authenticate users, maintain workspaces, and apply member permissions
- Process questions and files, retrieve sources, produce research responses, and preserve research history
- Save theses and watchlists and run requested evidence-change monitoring
- Create and manage opt-in sharing features selected by authorised users
- Measure completed turns, enforce trial and subscription limits, and protect against uncapped runtime spend
2.2 Operate and protect the Service
- Process subscriptions, payments, invoices, cancellations, and account administration
- Provide support and send transactional, security, billing, and monitoring communications
- Detect abuse, investigate incidents, debug failures, maintain reliability, and enforce our Terms
- Understand feature use and improve product quality using feedback, service telemetry, and aggregated or deidentified information where reasonably possible
- Comply with law, respond to lawful requests, and establish, exercise, or defend legal claims
3Legal Bases
The legal basis depends on the information, purpose, and jurisdiction. Where laws such as the GDPR or Singapore PDPA apply, we rely on the following bases as appropriate:
- Basis
- Contract
- Typical purpose
- Creating accounts, providing research features, enforcing limits, billing, and support.
- Basis
- Legitimate interests
- Typical purpose
- Security, fraud prevention, reliability, product improvement, and business administration, balanced against your rights.
- Basis
- Consent
- Typical purpose
- Optional marketing, optional sharing, and other processing where consent is requested. Consent may be withdrawn.
- Basis
- Legal obligation
- Typical purpose
- Tax, accounting, regulatory, court, and lawful government requirements.
| Basis | Typical purpose |
|---|---|
| Contract | Creating accounts, providing research features, enforcing limits, billing, and support. |
| Legitimate interests | Security, fraud prevention, reliability, product improvement, and business administration, balanced against your rights. |
| Consent | Optional marketing, optional sharing, and other processing where consent is requested. Consent may be withdrawn. |
| Legal obligation | Tax, accounting, regulatory, court, and lawful government requirements. |
Under the Singapore PDPA, we collect, use, and disclose personal data with consent or another basis permitted by law. Withdrawing consent may limit features that require the affected data.
4Providers and Sharing
4.1 Service providers
We disclose information to vendors acting for us when needed to operate the Service. Their role, location, and data access depend on the feature you use. Core provider categories currently include:
- Provider or category
- Supabase
- Purpose
- Account authentication, workspace records, databases, and storage.
- Provider or category
- Cloudflare
- Purpose
- Website delivery, network protection, edge services, and parts of application hosting.
- Provider or category
- Microsoft Azure and model providers
- Purpose
- Model inference and related processing needed to produce research responses.
- Provider or category
- Stripe
- Purpose
- Subscription checkout, payment processing, invoices, and billing administration.
- Provider or category
- Communications and operations providers
- Purpose
- Transactional email, support, error reporting, and service monitoring.
- Provider or category
- Research and tool providers
- Purpose
- Retrieving public, licensed, or user-directed sources and running tools requested through the Service.
| Provider or category | Purpose |
|---|---|
| Supabase | Account authentication, workspace records, databases, and storage. |
| Cloudflare | Website delivery, network protection, edge services, and parts of application hosting. |
| Microsoft Azure and model providers | Model inference and related processing needed to produce research responses. |
| Stripe | Subscription checkout, payment processing, invoices, and billing administration. |
| Communications and operations providers | Transactional email, support, error reporting, and service monitoring. |
| Research and tool providers | Retrieving public, licensed, or user-directed sources and running tools requested through the Service. |
Providers and subprocessors may change as the Service changes. We require providers to handle data for the relevant service purpose and subject to their applicable contractual and legal obligations.
4.2 Other disclosures
- With workspace owners, members, or administrators according to their permissions
- With recipients you choose through an explicit share action or share link
- With professional advisers, auditors, insurers, and authorities where reasonably necessary or legally required
- To protect users, Oxaide, providers, or the public from fraud, abuse, security threats, or unlawful conduct
- In connection with a financing, merger, acquisition, restructuring, or sale, subject to appropriate confidentiality and notice where required
4.3 Private by default and opt-in sharing
We do not make private research content public by default. An authorised user must take an affirmative sharing action before a memo or other supported item is shared outside the workspace. Users control what they share and are responsible for recipient access. Revoking a link cannot remove copies already downloaded, forwarded, indexed, or retained by a recipient.
5Research and Runtime Boundaries
- Oxaide manages accounts, workspaces, subscriptions, plan entitlements, usage measurement, and the authority to start a paid research turn.
- The research runtime and its model and tool providers process authorised prompts, files, source requests, conversations, and outputs to perform the requested research task.
- Payment credentials, Stripe secrets, price configuration, and subscription mutation authority are not provided to the research runtime.
- The Service does not require and must not receive passwords, seed phrases, private keys, or write-enabled trading credentials.
- Oxaide does not use Customer Content to execute trades, take custody of assets, or manage an investment account.
6Security
We use administrative, technical, and organisational measures designed to protect information in light of its nature and the risks involved. Measures may include:
- Encrypted network transport and storage protections supplied by our infrastructure providers
- Authentication, workspace permissions, access restrictions, and separation of billing authority from research execution
- Logging, monitoring, backups, updates, incident handling, and provider security controls where appropriate
- Access limitation for personnel and service providers based on operational need
No online service is completely secure. You are responsible for protecting your sign-in methods, devices, workspace invitations, exported files, and share links, and for notifying us promptly of suspected unauthorised access.
7Retention and Deletion
We retain information for as long as reasonably necessary to provide the Service, maintain research history and requested monitoring, administer an active account, meet legal and accounting obligations, resolve disputes, enforce agreements, protect security, and support legitimate business operations.
- Retention varies by data type, account status, workspace settings, provider systems, and legal requirements.
- When information is no longer required, we delete it or anonymise it according to our operational processes, subject to lawful exceptions.
- Deleted information may remain temporarily in backups, security logs, fraud-prevention records, or provider systems until ordinary deletion cycles complete.
- Aggregated or deidentified information may be retained where it no longer reasonably identifies an individual.
- You may request account or personal-data deletion at privacy@oxaide.com. We may verify identity and retain limited records where required or permitted by law.
8Your Rights and Choices
Depending on where you live, you may have rights concerning your personal data. These can include:
- Accessing personal data and information about how it is used
- Correcting inaccurate or incomplete personal data
- Requesting deletion, restriction, or objection to certain processing
- Receiving portable data where the right applies and the format is technically available
- Withdrawing consent without affecting earlier lawful processing
- Opting out of marketing communications through the message link or by contacting us
- Complaining to the relevant privacy or data protection authority
Send requests to privacy@oxaide.com. We may ask for information needed to verify your identity, authority, workspace relationship, and jurisdiction. We will respond within the period required by applicable law. Certain rights are subject to legal exceptions.
9Cookies and Analytics
You can control cookies through browser settings and any controls we make available. Blocking essential cookies may prevent sign-in or other core features. Browser-based global privacy signals are honoured where required by applicable law and technically supported.
10International Transfers
Oxaide is based in Singapore, and our providers may process information in Singapore and other countries. Those countries may have different privacy laws. Where required, we use contractual or other recognised safeguards and take steps intended to provide a standard of protection comparable to applicable requirements.
11Children
The Service is for adults and is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can review and take appropriate action.
12Data Breaches
We investigate suspected personal-data breaches and take containment and remediation steps appropriate to the circumstances. When applicable law requires notification to an authority or affected person, we will provide it within the legally required period and include the information required by that law.
13Changes to This Policy
We may update this policy as the Service, providers, or law changes. We will post the updated policy with a new effective date and provide additional notice when required by law or when a change materially affects your rights. Your continued use after the effective date is subject to the updated policy.
14Contact
Data controller
Rocketship Pte. Ltd.
UEN 201806463W, trading as Oxaide
Registered address
21 Collyer Quay
Singapore 049320
Privacy and data protection
privacy@oxaide.comGeneral support
support@oxaide.comIf we do not resolve your concern, you may contact the Personal Data Protection Commission of Singapore or the competent privacy authority in your jurisdiction.
By using Oxaide Research, you acknowledge that you have read and understood this Privacy Policy.