Oxaide
Home/Legal/Privacy Policy
Legal

Privacy Policy

This page explains what information Oxaide handles, why we handle it, and how to contact us about privacy requests.

Effective: November 27, 2025Request-based deletion supportOn-premise deployment options available

Privacy contact

Questions or data requests?

Direct privacy requests, deletion questions, and contract-specific data handling reviews to the team below.

Privacy contact

privacy@oxaide.com

Legal entity

Rocketship Pte. Ltd. (trading as Oxaide)

Privacy at a Glance

We Do Not Sell Your Data

Your personal information is never sold, rented, or traded to third parties.

Encryption in Transit and At Rest

All data is encrypted in transit and at rest using industry-standard protocols.

You Control Your Data

You can request access, export, correction, or deletion through our team.

Service-specific retention

Retention depends on the service, contract, and support requirements described below.

Legal Entity: Rocketship Pte. Ltd. (trading as Oxaide)

1Information We Collect

1.1 Personal Data You Provide

Account Information:Name, email address, company name, billing address, and payment information
Profile Data:User preferences, account settings, and subscription details
Diagnostic Data:Telemetry files, BMS logs, equipment datasheets, and asset data you submit for forensic analysis
Interaction Data:Platform queries, diagnostic run requests, and report access logs

1.2 Automatically Collected Data

Usage Data:Platform interactions, feature usage, session duration, and performance metrics
Technical Data:IP address, browser type, device information, operating system, and referring URLs
Analytics Data:Audit run statistics, diagnostic model performance metrics, service utilization patterns
Geolocation Data:Approximate location based on IP address (country, city, timezone)
Cookies:Session cookies, preference cookies, and analytics tracking data

1.3 Third-Party Integrations

SCADA / Historian:Time-series telemetry and operational data from equipment historians you authorize us to process
OEM Integrations:Equipment datasheets and asset specifications from manufacturer portals you connect
API Integrations:Data from energy management systems, dispatch platforms, and grid operator APIs you connect

2How We Use Your Information

2.1 Service Provision

  • Execute BESS forensic audits and generate diagnostic reports
  • Process telemetry and BMS data for signal anomaly detection
  • Deliver Verify Reports and Horizon monitoring outputs to authorised contacts
  • Provide asset performance benchmarks and analytics

2.2 Diagnostic Model Refinement

  • Refine physics-informed signal detection models using aggregated, anonymised benchmark data (Standard Cloud only)
  • Improve anomaly pattern libraries through post-audit findings analysis
  • Develop new fault detection signatures from confirmed diagnostic cases
  • Horizon edge nodes process all signal data locally, so raw telemetry is never uploaded to cloud infrastructure

2.3 Business Operations

  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Send service updates, security alerts, and administrative communications
  • Comply with legal obligations and enforce our Terms of Service

3Legal Basis for Processing (GDPR & PDPA)

Legal Basis
Contract Performance
Purpose
Processing necessary to provide our Services under our Terms of Service
Regulation
GDPR / PDPA
Legal Basis
Legitimate Interests
Purpose
Platform improvement, security, fraud prevention, and customer support
Regulation
GDPR / PDPA
Legal Basis
Consent
Purpose
Marketing communications and optional data processing features
Regulation
GDPR / PDPA
Legal Basis
Legal Compliance
Purpose
Compliance with applicable laws and regulations
Regulation
GDPR / PDPA
Legal Basis
Vital Interests
Purpose
Protection of vital interests of individuals in emergency situations
Regulation
PDPA

PDPA Note: Under Singapore's Personal Data Protection Act, we collect, use, and disclose your personal data only for purposes you have consented to, or as otherwise permitted by law. You may withdraw consent at any time by contacting our privacy team.

4Data Sharing and Disclosure

4.1 Service Providers

We share data with third-party vendors who provide essential services:

โ˜๏ธ
Cloud Infrastructure

Secure hosting and data storage

๐Ÿงช
Diagnostics Processing

Approved compute and document-processing services used to deliver the agreed workflow

๐Ÿ’ณ
Billing Operations

Approved billing and invoicing partners when required

๐Ÿ“Š
Analytics

Performance monitoring

4.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

4.3 Legal Requirements

We may disclose information when required by law, legal process, or to protect rights, property, or safety.

5Data Security and Storage

5.1 Security Measures

  • End-to-end encryption for data transmission and storage
  • Multi-factor authentication and access controls
  • Security review, vulnerability handling, and monitored change processes
  • Employee security training and access limitation protocols

5.2 Data Location

Standard Cloud

Managed services may use Singapore or other approved hosting regions depending on the workflow and contract.

Customer-controlled or geo-scoped deployments

Some deployments are scoped to specific jurisdictions or customer infrastructure. The exact data path depends on the deployment model agreed in contract.

Air-Gapped / On-Premise

Data may be stored entirely on customer-controlled infrastructure. In those deployments, the customer remains responsible for local security, backup, and access administration unless otherwise agreed.

5.3 Data Retention

Data Type
Account data
Retention Period
Active subscription + 90 days
Data Type
Interaction logs
Retention Period
Until deletion requested
Data Type
Uploaded review materials
Retention Period
According to the agreed workflow, contract terms, and deletion requests
Data Type
Analytics data
Retention Period
Aggregated indefinitely

6Your Privacy Rights

EU6.1 GDPR Rights (European Users)

Right to Access:Request copies of your personal data
Right to Rectification:Correct inaccurate personal data
Right to Erasure:Request deletion of personal data
Right to Restrict:Limit how we process your data
Right to Portability:Receive your data in a portable format
Right to Object:Object to processing based on legitimate interests

CA6.2 CCPA Rights (California Users)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Non-Discrimination: Equal service regardless of privacy choices

SG6.3 PDPA Rights (Singapore Users)

Right to Access:Request access to your personal data held by us
Right to Correction:Request correction of errors or omissions in your data
Right to Withdraw Consent:Withdraw consent for data collection, use, or disclosure
Right to Data Portability:Request data in a commonly used format (effective Dec 2025)
Right to be Informed:Know how your personal data is being used

Note: Withdrawal of consent may affect our ability to provide certain services. We will inform you of the consequences before processing your withdrawal request.

6.4 Exercising Your Rights

Contact us at privacy@oxaide.com to exercise your privacy rights. We will respond within 30 days and may require identity verification.

7Cookies and Tracking Technologies

Required
Essential Cookies

Required for platform functionality and security

Optional
Analytics Cookies

Used to improve user experience and platform performance

Optional
Preference Cookies

Store your settings and customizations

You can manage cookie preferences through your browser settings, though disabling essential cookies may affect platform functionality.

8International Data Transfers

Where international transfers are required, we use contractual, technical, and operational safeguards appropriate to the deployment model and applicable law.

9Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

10Data Breach Notification

10.1 Our Commitment

In the event of a data breach that affects your personal data, we are committed to transparency and timely notification in accordance with GDPR, PDPA, and other applicable regulations.

10.2 Notification Timeline

EU

GDPR (European Union)

Notification to supervisory authority within 72 hours of becoming aware, and to affected individuals without undue delay when high risk.

SG
PDPA (Singapore)

Notification to PDPC within 3 calendar days if breach causes significant harm; affected individuals notified as soon as practicable.

10.3 What You Will Be Told

  • Nature of the breach and types of data affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Steps you can take to protect yourself
  • Contact details for our privacy team

11Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notifications at least 30 days before taking effect. Continued use of our Services constitutes acceptance of the updated policy.

12Contact Information

Data Controller

Rocketship Pte. Ltd.

Trading as Oxaide

Registered Address

21 Collyer Quay

Singapore 049320

Privacy contact

Email: privacy@oxaide.com

For privacy-related inquiries, data requests, or contract-specific questions, please contact us directly.

Privacy Inquiries

privacy@oxaide.com

General Support

support@oxaide.com

If you believe your privacy concern has not been addressed, you may also contact the relevant supervisory or data protection authority in your jurisdiction.

By using Oxaide's Services, you acknowledge that you have read and understood this Privacy Policy.

Version 3.0
โ€ขEffective: November 27, 2025