Privacy Policy — OXYGENE

← Back to home

Short version: we collect the absolute minimum needed to deliver and protect the Application. Your files, photos, passwords and scan results never leave your Mac. All analyses run locally. We do not sell your data.

Who we are
Data we collect
Purposes and legal bases
Sharing with third parties
Data retention
International transfers
Your rights (GDPR / PDPA / CCPA)
Cookies
Security
Minors
Changes
Contact

Who we are

This Privacy Policy describes how Aether Innovations Pte. Ltd. ("we", "us", "Aether"), a Singapore-incorporated company, processes the personal data of users of the OXYGENE application and the oxygene-app.com website.

Data controller: Aether Innovations Pte. Ltd.
Registered office: 2 Venture Drive #19-21, Vision Exchange, Singapore
Privacy contact: privacy@oxygene-app.com

Data we collect

Data you provide

Purchase information (via Stripe): email address, country, billing details. We never receive your card number — it is processed directly by Stripe.
Support correspondence: content of emails you send us, sender email address, any attachments.

Data collected automatically

License verification: anonymous machine identifier (hash), license key, verification timestamp. Sent only at activation and during periodic checks.
Update checks: current OXYGENE version, macOS version, architecture (Apple Silicon / Intel).
Server logs: IP address, user agent, timestamp of requests to the above endpoints (kept for security purposes).

Data we NEVER collect

Content of your files, photos, documents or downloads.
Content of your Keychain or your passwords.
Results of scans performed by OXYGENE.
Browsing history, emails, messages.

All analyses performed by OXYGENE (duplicate detection, photo organization, system monitor, etc.) run exclusively locally on your Mac.

Anonymous telemetry (optional, opt-in)

If, and only if, you explicitly enable it during onboarding or under Technician Mode → Privacy, OXYGENE may transmit strictly anonymous information to our servers to help us improve the application:

Anonymous identifier (random UUID generated on your Mac, not linked to your email or license).
Mac model (e.g. "MacBook Pro 14-inch (M3, 2023)"), macOS version, app version, language, RAM size.
Two-letter country code (e.g. "US", "FR"), derived from your IP address but without storing the IP itself.
Usage events: onboarding steps reached, tabs opened, cleanings or scans performed, approximate session duration.
Daily ping (heartbeat) to distinguish active installations from uninstalls.

This data contains no identifying information (no name, email, serial number or content) and is used only in aggregate, to fix bugs and prioritize the most useful features. You can disable telemetry at any time under Technician Mode → Privacy; no further pings will be sent after disabling.

Purposes and legal bases

We process your data for the following purposes, on the legal bases indicated (GDPR Article 6 for EU users):

Performance of the contract (Art. 6.1.b): license activation and verification, software updates, payment processing, support response.
Legitimate interest (Art. 6.1.f): service security, fraud prevention, product improvement based on aggregated and anonymous statistics.
Legal obligation (Art. 6.1.c): retention of invoices (statutory period), responses to lawful requests from competent authorities.
Consent (Art. 6.1.a): sending marketing emails if you have consented (you may withdraw consent at any time).

Sharing with third parties

We never sell your data. We share it only with subcontractors strictly necessary to operate the service:

Stripe (payments) — Stripe Privacy Policy
Hostinger (web hosting) — Hostinger Privacy Policy
Google Fonts (web fonts) — Google Privacy Policy

Each subcontractor is bound by a contract compliant with GDPR Article 28 and processes data in line with our instructions.

Data retention

License data: for the duration of your license + 3 years for support and proof.
Invoices and accounting data: 10 years (statutory obligation).
Support correspondence: 3 years from the last exchange.
Server logs: 12 months maximum.
Marketing data: 3 years from last active contact.

International transfers

Aether Innovations is established in Singapore. Some subcontractors (Stripe, Google) are established in the United States. For users in the European Union, these transfers are governed by:

the Standard Contractual Clauses of the European Commission (decision 2021/914);
or adequacy decisions when applicable (e.g. EU-US Data Privacy Framework for certified providers).

Your rights

Depending on your jurisdiction, you have the following rights:

GDPR (European Union)

Right of access: obtain a copy of the data we hold about you.
Right to rectification: correct inaccurate data.
Right to erasure ("right to be forgotten"): request deletion of your data.
Right to restriction: restrict processing in certain cases.
Right to portability: receive your data in a structured, machine-readable format.
Right to object: object to processing based on legitimate interest.
Right to withdraw consent at any time when consent is the basis for processing.
Right to lodge a complaint with a supervisory authority (in France: CNIL — cnil.fr).

PDPA (Singapore)

Under Singapore's Personal Data Protection Act (PDPA), you have the right to access and correct your personal data, and to withdraw your consent to its collection, use or disclosure. Requests should be sent to privacy@oxygene-app.com.

CCPA / CPRA (California, USA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights regarding your personal information:

Right to know what categories of personal information we collect, the purposes, and the categories of recipients.
Right to access the specific personal information we have collected about you.
Right to delete personal information we have collected, subject to certain exceptions.
Right to correct inaccurate personal information.
Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information within the meaning of the CCPA/CPRA.
Right to limit use of sensitive personal information (we do not collect sensitive personal information beyond what is strictly needed for the service).
Right to non-discrimination for exercising any of these rights.

To exercise any of these rights, send an email to privacy@oxygene-app.com with the subject line "CCPA request". We will respond within 45 days.

To exercise any of these rights regardless of jurisdiction, write to privacy@oxygene-app.com. We respond within 30 days (45 days for CCPA).

Cookies

The oxygene-app.com site uses a minimum of cookies:

Technical cookies strictly necessary for site operation (no consent required).
Language preference cookie (oxy_lang) — stores your selected language for 1 year so the site stays in your preferred language across visits.

The OXYGENE application itself does not use any cookies.

Security

We implement appropriate technical and organizational measures to protect your data: TLS encryption in transit, system access controls, hosting in secure data centers, Apple notarization of the application, and minimization of collected data.

In the event of a data breach likely to result in a risk to your rights and freedoms, we will inform you and notify the competent authorities within 72 hours, as required by GDPR Article 33.

Minors

OXYGENE is not intended for persons under the age of 16 (or under 13 for US residents). We do not knowingly collect data about minors. If you are a parent or guardian and believe your child has provided us with data, please contact us so we can delete it.

Changes

We may update this Privacy Policy. The "Last updated" date at the top of this page reflects the latest revision. In case of material changes, we will notify affected users by email or in-app.

Contact

For any question about your data or this policy:

Email: privacy@oxygene-app.com
Mail: Aether Innovations Pte. Ltd., 2 Venture Drive #19-21, Vision Exchange, Singapore

PrivacyPolicy

Table of contents