Privacy Policy

Last updated: October 2025

Oath ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS mobile application.

Information We Collect

Account and Profile Information

When you create an account or use Oath, we collect:

  • Email address (if provided for account creation)
  • Authentication credentials (handled securely via Supabase)
  • Account preferences and settings

Task and Commitment Data

The core content you create in Oath:

  • Tasks, events, and commitments you create
  • Task titles, descriptions, notes, and scheduled times
  • Honor and miss tracking data (completion status)
  • Ledger metrics, streaks, and performance statistics
  • AI-generated insights and recommendations

Behavioral and Usage Data

Information about how you interact with Oath:

  • App usage patterns and feature interactions
  • Notification response times and patterns
  • AI notification complexity scores and scheduling data
  • Session duration and frequency
  • Navigation paths and user flows

Automatically Collected Technical Data

We automatically collect certain technical information:

  • Device type, model, and operating system version
  • App version and build information
  • IP address and general location (city/region level)
  • Crash reports, error logs, and performance data
  • Device identifiers (for analytics and crash reporting)

Contact Form and Communications

When you contact us through our website contact form or email us directly, we collect:

  • Your name and email address
  • Subject line and message content
  • Any attachments you send

We use this information solely to respond to your inquiry, provide customer support, and improve our services. Contact form submissions are retained for 2 years for support and legal compliance purposes.

How We Use Your Information

We use the information we collect to:

  • Provide Services: Deliver and maintain the Oath app functionality
  • AI Features: Power the AI notification scheduling system (Oath Keeper) and generate personalized insights
  • Data Sync: Sync your data across your devices via iCloud and Supabase
  • Product Improvement: Analyze usage patterns to improve app performance and develop new features
  • Customer Support: Respond to your inquiries and provide technical assistance
  • Security: Detect and prevent technical issues, fraudulent activity, and security threats
  • Marketing & Analytics: Understand user behavior, measure app effectiveness, and market our services
  • Research & Insights: Create aggregated, anonymized insights about productivity trends and user behavior

Data Storage and Security

Your task data is stored securely using:

  • Local Storage: Data is stored locally on your device
  • Cloud Sync: Synced via Supabase (PostgreSQL) and Apple's iCloud service for backup and multi-device access
  • Encryption: Data is encrypted in transit using industry-standard TLS/SSL protocols

We implement appropriate technical and organizational security measures to protect your information, including encryption, access controls, and secure third-party service providers. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Third-Party Services

Oath uses third-party services to provide, improve, and analyze our app. These services may collect information used to identify you. The third-party services we use include:

  • Supabase: Backend database and authentication services
  • OpenAI: Powers AI-driven features including notification scheduling (Oath Keeper) and insights generation
  • Apple Analytics: App performance and crash reporting
  • CloudKit: iCloud sync functionality

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

Data Sharing and Disclosure

What We Don't Do

We do not sell identifiable personal information (such as your name, email, or specific task content) to third parties.

Aggregated and Anonymized Data

We may aggregate and anonymize your usage data to create statistical insights that cannot identify you individually. This anonymized data may be used for:

  • Product improvement and feature development
  • Industry research and productivity insights
  • Marketing and advertising our services
  • Sharing with business partners, advertisers, or research institutions to better understand productivity trends

For example, we may share insights like "70% of users complete tasks scheduled in the morning" without revealing any individual user's data.

AI Model Training

What We Do: We use anonymized usage patterns to improve Oath's AI features. For example, we analyze patterns like "users typically schedule tasks 3 days in advance" or "morning tasks have higher completion rates" to make the Oath Keeper notification system smarter.

What We DON'T Do: We do NOT use your specific task titles, descriptions, or personal content to train general-purpose AI models. We do NOT share your task content with OpenAI or any third party for AI model training. Your tasks remain private.

Specifically: Anonymized metadata includes timing patterns, completion rates, notification response times, and feature usage statistics—never the actual content of your tasks or commitments.

Other Sharing Circumstances

We may share your information in the following circumstances:

  • With your consent: When you explicitly authorize us to share your data
  • Service providers: With third parties who assist in providing our services (as described in the Third-Party Services section)
  • Legal compliance: To comply with legal obligations, valid legal requests, or to protect our rights, property, or safety
  • Business transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business

Your Rights and Choices

Data Rights

You have the right to:

  • Access: Request access to the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Export your data in a portable format
  • Restrict Processing: Request that we limit how we use your data

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request details about what personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sharing of aggregated/anonymized data for advertising or analytics purposes
  • Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

How to Opt-Out of Data Sharing (CCPA)

California residents can opt out of data sharing for advertising and analytics purposes through two methods:

  • Email: Send a request to privacy@oath.app with "California Privacy Rights - Opt-Out" in the subject line. Include your name and email address associated with your Oath account.
  • Website: Visit our Do Not Sell My Personal Information page to submit an opt-out request.

We will process your request within 30 days and send you a confirmation email. Once opted out, we will not share your anonymized data with third parties for advertising or analytics purposes, though we may still use it internally to improve the app.

For all other California privacy rights requests, contact us at privacy@oath.app with "California Privacy Rights" in the subject line.

Exercising Your Rights

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days. Note that opting out of certain data collection may limit app functionality.

Data Retention and Deletion

How Long We Keep Your Data

We retain your personal data for as long as necessary to provide you with Oath's services and fulfill the purposes described in this Privacy Policy:

  • Active Account Data: Retained while your account is active and you continue to use Oath
  • After Account Deletion: Deleted from active systems within 30 days of account deletion request
  • Backup Systems: May remain in backup systems for up to 90 days, then permanently deleted
  • Anonymized Data: Aggregated, anonymized data (that cannot identify you) may be retained indefinitely for analytics and product improvement
  • Contact Form Data: Retained for 2 years after submission for support and legal compliance purposes
  • Legal Requirements: Data subject to legal holds, investigations, or required by law will be retained as necessary

How to Delete Your Data

You can request deletion of your data through multiple methods:

  • In-App: Delete your account through the app settings (Account → Delete Account)
  • Email: Send a request to privacy@oath.app with "Data Deletion Request" in the subject line

Upon receiving your deletion request, we will:

  1. Verify your identity to prevent unauthorized deletions
  2. Delete your data from active systems within 30 days
  3. Remove backups within 90 days
  4. Send you a confirmation email when deletion is complete

Important Note: Data deletion is permanent and cannot be undone. You will lose access to all tasks, commitments, and historical data. We recommend exporting your data before deletion if you want to keep a copy.

Children's Privacy

Oath is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. By using Oath, you consent to such transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Material Changes: If we make material changes that significantly affect your privacy rights or how we use your data, we will:

  • Notify you at least 30 days in advance via email (if provided) or in-app notification
  • Update the "Last updated" date at the top of this policy
  • Provide you an opportunity to opt-out before the changes take effect

Minor Changes: For non-material changes, we will update the policy and the "Last updated" date. Your continued use of Oath after changes become effective constitutes acceptance of the revised policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy, please contact us: