Privacy Policy

Effective: April 13, 2026

1. Information We Collect

We collect the following types of information:

• Account information: email address, name, and authentication credentials when you register
• Approval data: details of approval requests including action type, agent identifier, timestamps, and your approve/deny decisions
• Device information: push notification tokens for delivering approval alerts to your devices
• Usage data: API call logs, dashboard access patterns, and feature usage for service improvement

2. How We Use Your Information

We use your information to:

• Operate the approval flow — delivering notifications and recording decisions
• Maintain audit logs of all approval requests and responses
• Send you alerts via push notifications or Telegram
• Improve and maintain the Service
• Communicate important updates about your account or the Service

3. Data Storage and Retention

Approval requests, decisions, and audit logs are persisted in PostgreSQL. Pending requests are held open for up to five minutes while awaiting your decision; if no decision is received within that window, the request is recorded as timed out and the underlying action is denied. We retain audit data for as long as your account is active, or as required by law.

4. Data Sharing

We do not sell your personal information. We may share data with:

• Infrastructure providers: for hosting and delivering the Service, including our cloud database provider, the Telegram Bot API (when you link a Telegram account for approvals), and your browser's push service (when you enable web push notifications)
• Legal requirements: when required by law, legal process, or to protect our rights

5. Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), secure credential storage, and separated authentication for service and user access. Invalid device tokens are immediately removed to prevent misdelivery.

6. Your Rights

You may:

• Access and export your approval history via the API or dashboard
• Request deletion of your account and associated data
• Revoke device tokens at any time
• Update your account information

7. Cookies

We use minimal cookies for authentication and theme preferences. We do not use third-party tracking cookies.

8. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

9. Contact

Questions about this policy? Reach us at contact@oked.ai.