We’d rather earn trust than scrape data.

“Oasa” refers to the team behind the Oasa mobile and web apps, designed in Switzerland. We are a small, self-funded team — there are no investors pushing growth-hack metrics. Your work is not the product.

We collect only what we need to make the app work for you. Every category below maps to a concrete product feature. If a feature goes away, the data goes with it.

• Account & sign-in

  Email, display name, OAuth provider (Apple / Google), creation date. Used to log you in.

• Oases & Seeds

  The content you write yourself — titles, notes, due dates, status. Stored encrypted at rest.

• Focus sessions

  Start time, duration, whether you completed or ended early. Used to build your Garden and Insights.

• App usage events

  Anonymous screen names ("home", "garden") and action names ("plant_seed"). No content. No keystrokes.

• Device & version

  OS (iOS/Android), app version, language, platform. Used to debug crashes and ship fixes.

• Audit log

  Logins, password changes, account deletions — for your own security review.

• Your contacts, calendars, photos, microphone, camera or location.
• Keystrokes, screen content, or the actual text inside your Seeds (beyond what you yourself sync).
• Cross-site advertising identifiers, third-party trackers, or analytics pixels.
• Anything that leaves the European Union or Switzerland.

We do not use third-party advertising or analytics SDKs. There are no Facebook pixels, no Google Analytics tags, no Mixpanel, no Segment. Our analytics is first-party and reduced to event names & screen names — never your content.

• Hosting: Switzerland (primary) and Germany (secondary backups).
• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Jurisdiction: Swiss Federal Act on Data Protection (FADP) and EU GDPR.
• Transfer: We never transfer your personal data outside the EU / EFTA.

If you sign in with Apple or Google, we receive only the email address and display name you authorise. We never see your provider password. We use these identifiers to keep you signed in and to merge sessions across your devices.

Oasa is intended for users aged 13 and older. If you are a parent or guardian and believe your child has signed up without your consent, write to support@oasa.app and we will delete the account.

• Access — request a copy of everything we hold on you.
• Export — download your Oases, Seeds and Garden as JSON from Settings.
• Correction — change anything you wrote yourself, from inside the app.
• Deletion — delete your account in Settings → Account → Delete. Everything goes within 30 days.
• Objection / restriction — write to support@oasa.app with the specifics; we reply within 5 working days.

This marketing website (the one you’re reading) does not set any tracking cookies. We don’t use cookie banners because there’s nothing to consent to. The app itself uses only first-party session tokens — no advertising or cross-site cookies.

When we change anything material, we will update the “Last updated” date above and post a short note on the site. If the change affects what we collect or share, we’ll email signed-in users 14 days in advance.

Privacy questions, data requests, or just feedback: write to support@oasa.app. A human will reply.