← Back to OATH

Privacy Policy

Last updated: May 2026

The short version: we collect only what's necessary to run the app. We don't sell your data. We don't share it with advertisers. You can delete everything at any time.

1. Who we are

OATH (oathapp.tech) is an independent to-do app. For any privacy questions, contact us at: salsherbeeny@gmail.com

2. What data we collect

We do not collect your name, phone number, payment information, location, or any other personal data.

3. Why we collect it

Legal basis under GDPR: contractual necessity (Article 6(1)(b)) — we need this data to provide the service you signed up for.

4. Where your data is stored

Your data is stored in a PostgreSQL database hosted on Railway, located in US EAST.

If your host stores data outside the EU, ensure they are covered by an adequacy decision or Standard Contractual Clauses (SCCs). Check your hosting provider's data processing agreement.

5. How long we keep your data

Your data is kept for as long as your account exists. If you delete your account, all your data (email, password hash, and tasks) is permanently and immediately deleted from our database. We have no backups that would retain your data after deletion.

6. Your rights (GDPR)

As a user, you have the right to:

You also have the right to lodge a complaint with your national data protection authority. In France, that is the CNIL.

7. Cookies and local storage

We use:

We do not use advertising cookies, tracking pixels, or third-party analytics.

8. Third parties

We do not sell, rent, or share your personal data with any third parties. The only external service involved is our hosting provider, who processes data on our behalf under their own data processing agreement.

9. Changes to this policy

If we make significant changes to how we handle your data, we will update the date at the top of this page. For major changes, we will notify you via email.

10. Contact

For any privacy-related questions or requests: salsherbeeny@gmail.com