← Back

Privacy Policy

Last updated: May 14, 2026

1. Introduction

OALO AI ("we", "us", "our") operates the OALO platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address. We use passwordless authentication — we do not store passwords.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We store your Stripe customer ID and subscription status to manage your account.

Application Data

When you use the Service to build applications, we store your application code, configurations, database records, uploaded files, and related content on our infrastructure. Each user's data is stored in an isolated database instance.

Usage Information

We track AI feature usage (token counts, request counts) for billing purposes. We collect basic server logs including IP addresses, request timestamps, and user agent strings for security and debugging.

Contact Form Submissions

When you submit the contact form, we collect your name, email address, message, and IP address. IP addresses are used solely for rate limiting and spam prevention.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process payments and manage subscriptions
  • To send transactional communications (login codes, billing receipts)
  • To respond to your inquiries and support requests
  • To monitor for abuse, fraud, and security threats
  • To calculate and bill usage-based charges
  • To comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising.

4. AI Processing

When you use AI-powered features, your prompts and relevant application context are sent to third-party AI providers (currently Anthropic) for processing. These providers process your data under their own data processing agreements and do not use your inputs to train their models.

We do not use your application code or data to train AI models.

5. Data Storage and Security

Your data is hosted on AWS infrastructure in the United States. Each user's application data is stored in an isolated PostgreSQL database within a dedicated container.

We implement industry-standard security measures including encrypted connections (TLS), isolated compute environments, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Sharing

We share your information only in the following circumstances:

  • Payment processing: Stripe receives necessary billing information
  • AI processing: Anthropic processes AI requests on our behalf
  • Infrastructure: AWS hosts our services and stores data
  • App distribution: Apple and Google receive app builds you choose to publish
  • Legal requirements: When required by law, court order, or governmental authority

7. Data Retention

We retain your account data for as long as your account is active. Upon account cancellation, your application data is retained for 30 days to allow for reactivation, after which it is permanently deleted.

Contact form submissions are retained for up to 12 months. Server logs are retained for up to 90 days.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your application data
  • Object to certain processing of your data
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at contact@oalo.ai.

9. Cookies and Tracking

We use minimal cookies strictly necessary for authentication (session tokens). We do not use analytics cookies, advertising trackers, or third-party tracking scripts on our marketing site or within the Service.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data is processed and stored in the United States. By using the Service, you consent to the transfer of your data to the United States. We take reasonable steps to ensure your data is treated securely and in accordance with this policy.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or through the Service. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact

For questions or concerns about this privacy policy or our data practices, contact us at contact@oalo.ai.