Privacy Policy

Last Updated: 2 May 2025

Version: 1.4

1. About This Policy

At OskarOS, we value simplicity and trust. This Privacy Policy explains how OskarOS Software GmbH collects, uses, and protects your personal information when you use our services, website, mobile apps, or social media (collectively called “our services”). We follow the General Data Protection Regulation (GDPR) and only use your data to provide great services, answer your questions, and improve your experience. For more about your agreement with us, see our Terms & Conditions.

2. Who We Are

Company: OskarOS Software GmbH

Address: Thiestraße 64, 58456 Witten, Germany

Contact: Tim Kahrmann

Email: tim@oskaros.com (general inquiries), privacy@oskaros.com (privacy questions)

Legal Notice: https://oskaros.com/legal-disclosure 

3. Our Role in Handling Your Data

We act as a data controller when we collect your information for things like marketing, customer support, or analytics. If you use OskarOS to manage your clients’ data (e.g., bookings), we act as a data processor, following your instructions. If you need a Data Processing Agreement (DPA) to comply with GDPR Article 28, email us at privacy@oskaros.com.

4. What Data We Collect and Why

Data We Collect

We may collect:

• Basic details (e.g., your name, address).
• Payment information (e.g., bank details, invoices).
• Contact info (e.g., email, phone number).
• Content you share (e.g., text, photos, videos).
• Contract details (e.g., service terms, customer type).
• Usage data (e.g., pages you visit, time spent).
• Technical data (e.g., device info, IP address).

Who We Collect Data From

• Customers.
• Potential customers.
• People we communicate with.
• Users of our services.
• Business partners.
• People in photos or videos (if shared)

Why We Use Your Data

We use your data to:

• Deliver our services and support you.
• Respond to your questions.
• Keep our services secure.
• Send marketing emails (if you agree).
• Understand how our website is used.
• Manage our office and records.
• Collect feedback to improve.
• Run our IT systems smoothly.

5. Our Legal Reasons for Using Your Data

We only use your data when allowed by GDPR:

• Your Consent: When you agree (e.g., to cookies or newsletters).
• Our Contract: To provide services you signed up for or answer your inquiries.
• Legal Duty: To follow laws (e.g., tax rules).
• Legitimate Interests: To improve our services or keep them secure, as long as it respects your rights.

We’ll explain specific reasons in each section if needed.

6. How We Keep Your Data Safe

We protect your data with:

• Secure encryption (https) for data sent online.
• Strict access controls to keep data private and safe.
• Privacy-focused choices when building or picking tools.
• Plans to handle data requests, deletions, or threats quickly.
• We store all user data securely on servers located in Germany.

7. Sharing Your Data

Within OskarOS

We may share data with our affiliated companies for internal tasks, but only if it’s necessary for our services or allowed by law.

With Trusted Partners

We share data with trusted service providers (e.g., for IT or payments) who follow GDPR rules and sign contracts to protect your data.

Outside the EU

If we send data outside the EU (e.g., to U.S. providers), we use safeguards like:

• Standard Contractual Clauses (SCCs).
• EU-US Data Privacy Framework (for certified providers).
• Other approved methods under GDPR Articles 44–49.

See “Our Service Providers” below for details.

8. How Long We Keep Your Data

We delete your data when it’s no longer needed or if you ask us to, unless we must keep it for legal reasons. We ensure our analytics tools (e.g., Hotjar, Matomo) delete or anonymize data to match these periods. Here’s how long we keep different types of data:

• User account data: Kept until you delete your account, plus 4 years for tax or legal purposes.
• Support messages: Kept for 3 years to resolve disputes.
• Analytics and logs: Kept up to 30 days to monitor performance and improve our services. Anonymous data, which can’t identify you, may be kept longer for statistical purposes and is not subject to GDPR.
• Newsletter subscriptions: Kept until you unsubscribe, plus 3 years to prove consent.
• Tax documents: Kept for 10 years as required by law.
• Business emails: Kept for 6 years as required by law.

If we keep data for legal reasons, we limit its use to those purposes.

9. Cookies

Cookies are small files that help our services work better, stay secure, and understand usage. We ask for your permission to use non-essential cookies through a consent tool, which saves your choice for 12 months. You can change your mind anytime via our website, your browser settings, or sites like https://optout.aboutads.info or https://www.youronlinechoices.com/.

• Session Cookies: Deleted when you close your browser.
• Permanent Cookies: Kept up to 2 years unless we say otherwise.

We use cookies with your consent (GDPR Article 6(1)(a)) or for essential functions (GDPR Article 6(1)(f)).

10. Protecting Children

Our services are not for anyone under 16. We don’t knowingly collect children’s data. If you think we have, please email privacy@oskaros.com.

11. U.S. Privacy Rights

If you live in California, you may have extra rights under the California Consumer Privacy Act (CCPA), like asking to see or delete your data. We follow these rules when they apply. Email privacy@oskaros.com for help.

12. Working with Customers and Partners

We use data from customers and business partners to provide services, manage contracts, and handle tasks like billing or taxes. We share data with third parties (e.g., payment or tax services) only when needed and with GDPR-compliant agreements.

Customer Accounts

You can create an account to use our services. We track IP addresses and login times to prevent misuse. If you close your account, we delete your data unless we need to keep it for legal reasons (see “How Long We Keep Your Data”).

Our Services

We use your data to run our platform, keep it secure, and make it better, based on our contract with you (GDPR Article 6(1)(b)) or our need to improve services (GDPR Article 6(1)(f)).

13. Our Service Providers

We work with trusted companies to run our services. They follow GDPR and sign agreements to protect your data. Here’s who we use:

• STRATO AG: Provides IT infrastructure like storage and computing. See https://www.strato.de/datenschutz.
• Sanity: Manages website content and delivery. See https://www.sanity.io/legal/privacy.
• Supabase: Runs our database. See https://supabase.com/privacy.
• Better Stack: Monitors server performance. See https://betterstack.com/dpa.
• SendGrid: Handles emails. See https://www.twilio.com/en-us/legal/privacy.
• AWS: Provides cloud services with SCCs and EU-US Data Privacy Framework certification. See https://aws.amazon.com/privacy.
• Amazon CloudFront: Speeds up content delivery with SCCs and EU-US Data Privacy Framework certification. See https://aws.amazon.com/privacy.
• Help Scout: Manages customer support with SCCs. See https://www.helpscout.com/company/legal/privacy/.
• HubSpot: Supports marketing and customer management with SCCs. See https://legal.hubspot.com/privacy-policy.
• Hotjar: Analyzes website usage. See https://www.hotjar.com/legal/policies/privacy.
• Matomo: Tracks website usage with SCCs. See https://matomo.org/privacy/.
• Sentry: Monitors app performance with SCCs. See https://sentry.io/privacy/.
• Stripe: Processes payments. See https://stripe.com/privacy.

14. Feedback Tools

We use Frill.co to collect your feedback and improve our services. Data like feedback, IP addresses, and device info is stored anonymously for up to 12 months unless you opt out. This is based on our need to improve (GDPR Article 6(1)(f)).

15. Contacting Us

When you contact us (e.g., via email, form, or phone), we use your data to respond. We use Help Scout and HubSpot for support, and Help Scout may load Google Fonts (with SCCs for U.S. transfers). This is based on our contract with you (GDPR Article 6(1)(b)) or our need to help (GDPR Article 6(1)(f)).

16. Newsletters

We send newsletters via Sendgrid if you sign up. You’ll get a confirmation email (double opt-in) to verify your subscription. We track opens and clicks with your consent (GDPR Article 6(1)(a)) and keep your email for 3 years after you unsubscribe to prove consent.

17. Social Media and Videos

We’re on Instagram, Facebook, LinkedIn, Twitter, and YouTube. Data may be processed outside the EU with SCCs or EU-US Data Privacy Framework safeguards. Check each platform’s privacy policy for opt-out options.

18. Social Login and Calendars

You can log in with Google or Microsoft accounts (GDPR Article 6(1)(b)) or sync Google/Microsoft calendars with your consent (GDPR Article 6(1)(a)). We only use this data for login or syncing.

19. Your Rights

Under GDPR, you can:

• See, fix, or delete your data.
• Limit or object to how we use your data.
• Move your data to another service.
• Withdraw your consent.
• Complain to a data protection authority, like Germany’s Federal Commissioner for Data Protection.

Email privacy@oskaros.com to use these rights.

20. Updates to This Policy

We’ll update this policy if our practices change and let you know if your action (e.g., consent) is needed. Check this page for the latest version.