Privacy Policy

Oscar  ·  Last updated: March 24, 2026

Oscar ("we", "our", or "us") is a personal AI assistant app for iOS. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Account information — a display name and, depending on your sign-in method, an email address. This is stored and managed by Firebase Authentication on our behalf.
• Chat messages — the text, photos, and audio you send to Oscar, stored to maintain conversation history and provide AI responses.
• AI-derived memory — Oscar periodically extracts a short summary of relevant facts from your conversations (such as your preferences or context you have shared) to personalise future responses. This summary is stored alongside your account data.
• Usage data — reminders you create, onboarding responses, and app preferences.
• Subscription status — purchase and entitlement information to unlock premium features, handled via RevenueCat.
• Crash and diagnostic data — crash reports and basic diagnostic information collected automatically via Firebase Crashlytics to help us fix bugs.
• Beta testing data — if you are a TestFlight beta tester, Apple automatically collects crash logs, usage statistics, and device information on our behalf. See Apple's TestFlight privacy information.

2. How We Use Your Data

• To provide and improve the Oscar app and AI assistant experience.
• To authenticate your account and maintain your session securely.
• To process your messages through AI models and return responses.
• To maintain a personalised memory summary to improve the relevance of AI responses over time.
• To send reminders you have set up.
• To manage your subscription and billing.
• To diagnose crashes and improve app stability.

3. Third-Party Services

We use the following third-party services, each with their own privacy practices:

• Firebase Authentication & Crashlytics (Google) — account management and crash reporting. Firebase Privacy.
• xAI (Grok) — your text chat messages are transmitted to xAI's servers for AI processing and response generation. xAI Privacy Policy.
• Google Gemini — your photo and audio inputs are transmitted to Google's servers for AI processing and response generation. Gemini API Terms.
• RevenueCat — manages in-app subscriptions and purchase verification. RevenueCat Privacy Policy.
• Apple TestFlight — distributes beta builds and collects beta usage data on our behalf.

Each third-party service is required to handle your data in accordance with applicable privacy laws and their own published privacy policies.

4. Data Retention

We retain your data for as long as your account is active. Chat history is stored to provide conversational context to the AI. You can request deletion of your account and all associated data at any time (see section 6).

5. Data Security

All data is transmitted over HTTPS. Your account is protected by Firebase Authentication. We do not sell your personal data to third parties.

6. Your Rights

If you are located in the EU/EEA or another jurisdiction with applicable data protection laws, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your account and all associated data.
• Restriction — request that we limit how we process your data in certain circumstances.
• Data portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@heyoscar.chat. We will respond within 30 days.

7. EU/EEA Users and GDPR

Our backend infrastructure is hosted within the EU (Hetzner). However, some third-party services we use (Google, xAI, RevenueCat) may process your data outside the EU/EEA. Where this occurs, we rely on standard contractual clauses or other appropriate transfer mechanisms.

Our legal bases for processing your personal data are:

• Contract performance — processing necessary to provide the Oscar service to you.
• Legitimate interests — crash reporting and app stability improvements, where these interests are not overridden by your rights.

8. Children

Oscar is not directed at children. In the EU/EEA, we do not knowingly collect personal data from users under the age of 16. Outside the EU/EEA, the minimum age is 13.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the latest revision. We will notify you of material changes via the app or by email.

---

Questions? Contact us at hello@heyoscar.chat.