Privacy Policy

1. Introduction

Welcome to Oikyo.ai ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication service, console application, and related services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

Sovereign AI clarification: Oikyo is designed so that model training and inference can run entirely within your own infrastructure boundary. The console and authentication service necessarily collect limited personal and operational data (such as account information and usage metadata) to operate the Service. This policy describes that processing; it does not authorize Oikyo to use your training data or fine‑tuned models for our own model training.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information when you use our Service:

• Name and contact information (email address)
• Job title and company information
• Professional profile information (LinkedIn profile, if provided)
• Authentication credentials from third-party providers (Google, GitHub)
• Usage data and service preferences

2.2 Automatically Collected Information

We automatically collect certain information when you access our Service:

• IP address and device information
• Browser type and version
• Access times and pages visited
• Referring website addresses
• Operating system information

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our authentication services
• Processing waitlist applications and user onboarding
• Communicating with you about your account and our services
• Improving our services and user experience
• Ensuring security and preventing fraud
• Complying with legal obligations
• Analyzing usage patterns to enhance our platform

3A. Legal Bases for Processing (GDPR)

Where the General Data Protection Regulation ("GDPR") or similar laws apply, we rely on one or more of the following legal bases to process personal information:

• Contract: Processing is necessary to provide the Service under our agreement with you or your organization.
• Legitimate Interests: Processing is necessary to operate, secure, and improve the Service in a way that does not override your rights and freedoms.
• Consent: In limited cases, where required by law (for example, certain marketing communications), we rely on your consent, which you may withdraw at any time.

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• Service Providers: We may share information with trusted third-party service providers who assist us in operating our Service
• Legal Requirements: When required to comply with applicable laws, regulations, or legal processes
• Business Transfers: In connection with any merger, acquisition, or sale of company assets
• Protection of Rights: To protect and defend our rights, property, or safety, or that of our users

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure authentication protocols, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

In the event of a personal data breach involving information we control, we will notify affected customers without undue delay and, where required by law, within 72 hours of becoming aware of the breach. We will provide information reasonably necessary to help you meet any applicable regulatory reporting obligations.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

As a guideline (subject to change based on operational needs and legal requirements):

• Email addresses and account identifiers are retained while your account is active and for a reasonable period thereafter for audit and security purposes.
• Access logs and security events are typically retained for up to 12–24 months.
• Support communications are retained as needed to resolve issues and maintain a record of interactions.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your personal information in a structured format
• Objection: Object to certain processing of your personal information
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

7A. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including the right to:

• Request to know what categories of personal information we collect and how we use and disclose it.
• Request deletion of certain personal information, subject to exceptions.
• Opt out of the "sale" or "sharing" of personal information, to the extent applicable (Oikyo does not sell personal information).
• Not be discriminated against for exercising your privacy rights.

To exercise these rights, contact us using the details in the "Contact Us" section and indicate that your request relates to CCPA/CPRA.

8. Third-Party Authentication

Our Service integrates with third-party authentication providers (Google, GitHub, Microsoft). When you choose to authenticate using these services, you are subject to their respective privacy policies and terms of service. We only receive the information necessary to provide our authentication services and do not have access to your passwords or full account information from these providers.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

10. Children's Privacy

Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. Where required by law, we will implement appropriate safeguards for such transfers, which may include standard contractual clauses or other mechanisms approved by relevant regulators. Details can be incorporated into a customer-specific Data Processing Agreement.

11A. Sub‑Processors

We use certain third‑party service providers (sub‑processors) to help operate the Service, such as infrastructure hosting, email delivery, and logging. A draft list of these providers and their roles is available at /subprocessors.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: