This Privacy Policy explains what information oddix collects, why we collect it, how we use and protect it, and the rights you have over your personal data. We aim to be straightforward — no legalese without a translation.
Effective
May 11, 2026
Last updated
May 11, 2026
Controller
oddix
01Who we are
oddix (“oddix,” “we,” “our,” or “us”) is the developer and data controller of the oddix application and related services (collectively, the “Service”). This policy applies to anyone who installs, accesses, or uses the Service.
If you have questions about this policy or how your data is handled, contact us at team@oddix.ai.
02Information we collect
We collect only the data needed to operate, secure, and improve the Service. The categories below describe what we collect and how it reaches us.
Information you provide directly
Account information — email address, username, password (stored as a salted hash), and optional profile details such as avatar or display name.
Authentication data — if you sign in via a third-party provider (Apple, Google), we receive the basic profile information that provider authorizes (typically name, email, and account identifier).
User content — any text, files, prompts, conversations, or media you submit while using the Service.
Communications — messages you send to our support team, feedback, and survey responses.
Information collected automatically
Device & technical data — device model, operating system version, language settings, time zone, app version, and a unique device or installation identifier.
Usage data — features you interact with, in-app events, session duration, crash reports, and performance diagnostics.
Network data — IP address (used to derive approximate region) and basic connection metadata for security and abuse prevention.
Cookies & similar technologies — on our web surfaces, we use essential cookies for session management. We do not use third-party advertising cookies.
Information from third parties
Payment processors — if you purchase a subscription, our payment provider (e.g. Apple App Store, Google Play, or Stripe) confirms the transaction status. We do not receive or store your full card number.
Analytics & crash-reporting providers — aggregated diagnostic information used to identify bugs and improve stability.
03How we use information
Each category of data is used only for the purposes outlined below.
Data
Purpose
Retention
Account & profile
Create and maintain your account, authenticate you, personalize the Service.
Until account deletion
User content
Provide the core features of the Service, sync across your devices, respond to your requests.
Until you delete it
Usage & device data
Diagnose problems, improve performance, understand which features are useful.
Up to 24 months
Network & IP data
Prevent abuse, fraud, and unauthorized access; comply with legal obligations.
Up to 12 months
Communications
Respond to your inquiries and improve our support.
Up to 36 months
Payment metadata
Process subscriptions, issue receipts, comply with tax and accounting law.
As required by law (typically 5–7 years)
What we don't do
We do not sell your personal data. We do not use your content to build advertising profiles. We do not share your content with third parties except as described in Section 05.
04Legal bases (GDPR)
If you are in the European Economic Area, the United Kingdom, or another region with similar laws, we process your personal data under the following legal bases:
Performance of a contract — to provide the Service you signed up for.
Legitimate interests — to secure the Service, prevent fraud, and improve the product, balanced against your rights.
Consent — for any processing that requires it (e.g. optional analytics in some jurisdictions). You may withdraw consent at any time.
Legal obligation — to comply with applicable laws, including tax, accounting, and law-enforcement requirements.
05Sharing & disclosure
We share personal data only in the limited circumstances below:
Service providers (processors) — cloud hosting, payment processors, analytics, and crash-reporting vendors that act on our instructions and are bound by data-processing agreements.
Legal requirements — when required by law, court order, or to protect the rights, property, or safety of oddix, our users, or the public.
Business transfers — if oddix is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to this policy and any applicable notification requirements.
With your consent — for any sharing not covered above, we will ask you first.
06International data transfers
oddix operates globally. Your data may be processed in countries other than the one you live in, including jurisdictions whose data-protection laws differ from yours.
When we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms.
07Data retention
We retain personal data only for as long as is necessary for the purposes outlined in Section 03, or as required by law. When you delete your account, we remove your personal data from production systems within 30 days, and backup copies are purged within up to 90 days through normal rotation.
We use industry-standard technical and organizational measures to protect your data, including:
Encryption in transit (TLS) for all network traffic between your device and our servers.
Encryption at rest for stored user data and backups.
Hashed and salted password storage — we never see your plaintext password.
Access controls and audit logging for internal systems.
Regular security reviews and dependency updates.
No system can be guaranteed 100% secure. If you believe your account has been compromised, please contact us immediately.
09Your rights
Depending on where you live, you may have some or all of the following rights regarding your personal data:
Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate or incomplete information.
Erasure — ask us to delete your account and associated data.
Restriction — ask us to limit how we process your data in certain situations.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent.
Lodge a complaint — with your local data-protection authority.
To exercise any of these rights, email team@oddix.ai. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
For California residents (CCPA / CPRA)
California residents have additional rights including the right to know, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of personal information. oddix does not sell or share personal information as those terms are defined under California law.
10Children's privacy
The Service is not directed to children under the age of 13 (or under the age of 16 in the EEA, or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children below that age. If you believe a child has provided us with personal information, please contact us and we will delete it.
11Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make material changes, we will notify you through the Service or by email before they take effect.
The “Last updated” date at the top of this page indicates when the policy was last revised.
12Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:
Get in touch with the oddix team
We respond to privacy inquiries within 2 business days.