Skip to main content

Privacy Policy

Last Updated: January 21, 2026

1. Introduction

Oasis Auto Konnect LLC ("OAK," "Company," "we," "us," or "our") is committed to protecting your privacy and the privacy of individuals whose information you process through our Service. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you use our AI-powered customer relationship management platform, including but not limited to the Weaver AI conversational intelligence system, SMS and messaging capabilities, mobile applications, and all related services (collectively, the "Service").

This Privacy Policy applies to information we collect from:

  • Visitors to our website and users of our Service ("Customers" or "you");
  • Individuals whose contact information is uploaded or processed by our Customers through the Service ("End Users");
  • Individuals who communicate with us directly.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms of Service.

2. Data Controller and Processor Roles

Depending on your jurisdiction and usage, privacy laws may distinguish between a "controller" (or "business") and a "processor" (or "service provider"). Understanding these roles is important for determining responsibilities under applicable data protection laws.

2.1 When OAK Acts as a Data Controller

OAK acts as the data controller (or business) with respect to:

  • Information we collect directly from you when you create an account, visit our website, or communicate with us;
  • Information about how you use our Service (usage analytics);
  • Information collected for our own business purposes (marketing, billing, support).

2.2 When OAK Acts as a Data Processor

OAK generally acts as a service provider or data processor with respect to Customer Data (including End User information) that you upload to or process through the Service. In this capacity, we process such information solely to provide the Service on your behalf, consistent with your configurations, instructions, and authorizations.

You (the Customer) act as the data controller or business with respect to:

  • End User contact information, lead data, and messaging content;
  • Messaging recipients, targeting, and campaign purposes;
  • Consent and opt-in/opt-out practices and compliance decisions;
  • SMS programs, messaging operations, and communication frequency;
  • Calendar scheduling decisions and event content;
  • Any personal data you choose to upload or process through the Service.

2.3 Customer Data Separation

Data stored in our Service by our Customers (Customer Data) is subject to the Customers' privacy policies, not ours. If you are an End User whose information has been provided to our Service by a Customer, please contact that Customer directly regarding your privacy rights and any questions about how your data is processed.

2.4 Individual Record Access

Individual records within Customer Data may at times be viewed or accessed by OAK only for the purpose of resolving a problem, support issue, or suspected violation of the Terms of Service, or as may be required by law.

3. Information We Collect

3.1 Information You Provide to Us

We collect information you provide directly to us, including:

Account Information: When you register for an account, we collect your name, email address, phone number, business name, business address, and payment information (processed by our third-party payment processor).

Business and Compliance Information: We may collect business and legal-entity information needed for messaging registration, vetting, or compliance processes, including:

  • Company legal name and DBA information;
  • Entity type (e.g., LLC, corporation);
  • Business address and contact information;
  • Authorized representative information;
  • Website URLs and brand descriptors;
  • Use case descriptions, sample messages, opt-in language, opt-out language, and disclosures;
  • EIN or tax identification numbers;
  • Any other information reasonably requested by Messaging Providers, carriers, or registries (such as The Campaign Registry).

Customer Data: Information you upload or input about your leads, contacts, and clients, including names, phone numbers, email addresses, and other contact information.

Communications Content: Messages you send through our platform, including SMS conversations facilitated by Weaver AI, and the content of those messages.

User Configuration Data: Prompts, instructions, workflows, decision logic, rebuttals, Q&A structures, scripts, and other configurations you provide to customize AI behavior.

Support Requests: Information you provide when contacting our support team, including the content of your communications with us.

Feedback and Surveys: Information you provide when responding to surveys or providing feedback about our Service.

3.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

Usage Data: Information about how you interact with our platform, including features used, actions taken, time spent, pages visited, and click patterns.

Device Information: Browser type and version, operating system, device type, device identifiers, screen resolution, and language preferences.

Log Data: IP address, access times, referring URLs, and other standard log information.

Mobile Identifiers: We may collect mobile station integrated services digital network numbers (MSISDN), device identifiers, and other mobile-specific information necessary to provide SMS and voice services.

Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information and enhance your experience. See Section 12 (Cookies and Tracking Technologies) for more details.

3.3 Information from Third-Party Sources

We may obtain information about you from other sources, including:

  • Identity verification services;
  • Business information providers;
  • Publicly available sources;
  • Third-party integrations you authorize (such as Google Calendar);
  • Messaging Providers, carriers, and registries (for compliance and deliverability purposes).

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing and Improving the Service

  • To provide, operate, maintain, and improve the Service;
  • To process transactions, manage your account, and send related information;
  • To facilitate AI-powered conversations through Weaver AI;
  • To deliver messages on your behalf through Messaging Providers and carriers;
  • To process brand and campaign registrations;
  • To provide customer support and respond to your requests;
  • To develop new features, products, and services.

4.2 Communications

  • To send you technical notices, updates, security alerts, and administrative messages;
  • To respond to your comments, questions, and support requests;
  • To send you marketing communications (with your consent where required);
  • To notify you about changes to our Service or policies.

4.3 Analytics and Research

  • To monitor and analyze trends, usage, and activities;
  • To measure the effectiveness of our Service and features;
  • To conduct research and analysis to improve our Service;
  • To generate aggregated, anonymized analytics and insights.

4.4 Safety, Security, and Compliance

  • To detect, investigate, and prevent fraudulent transactions, abuse, and other harmful activities;
  • To protect the rights, property, and safety of OAK, our users, and others;
  • To comply with legal obligations, including responding to lawful requests from public authorities;
  • To enforce our Terms of Service and other agreements;
  • To comply with carrier, Messaging Provider, and registry requirements.

4.5 AI and Automated Processing

The Service uses artificial intelligence and automated systems to generate responses and manage workflows based on User Configuration Data. You acknowledge that:

  • AI-generated outputs may be inaccurate, incomplete, misleading, offensive, or inappropriate;
  • AI outputs are probabilistic in nature and depend materially on your inputs and configuration;
  • AI-generated messages are generated and sent on your behalf and are treated as your statements;
  • We do not review, approve, or monitor every individual message generated by AI.

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers and Sub-Processors

We share data with third-party vendors, service providers, and sub-processors who perform services on our behalf, including:

  • Messaging Providers: For SMS and voice message routing and delivery (e.g., Twilio, LC Phone);
  • Cloud Infrastructure Providers: For data hosting, storage, and processing (e.g., Amazon Web Services, Google Cloud);
  • AI Service Providers: For AI-powered features and natural language processing (e.g., OpenAI);
  • CRM Platform Providers: For underlying platform infrastructure (e.g., GoHighLevel);
  • Payment Processors: For billing and payment processing;
  • Analytics Providers: For usage analysis and Service improvement;
  • Customer Support Tools: For managing support requests;
  • Email Service Providers: For transactional and marketing emails;
  • Identity Verification Services: For fraud prevention and compliance.

These service providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.

5.2 Messaging Providers, Carriers, and Registries

For SMS and related messaging, we route messages through one or more third-party connectivity providers, carriers, aggregators, and intermediaries ("Messaging Providers"). Certain Messaging Providers may be undisclosed for security, contractual, or operational reasons.

You acknowledge that Messaging Providers may:

  • Impose policies and vetting requirements;
  • Interface with carriers and registries;
  • Apply filtering, throttling, blocking, or enforcement actions;
  • Require additional information to maintain deliverability;
  • Access message content and metadata for compliance and delivery purposes.

5.3 Business Transfers

In connection with a merger, acquisition, corporate reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

5.4 Legal Compliance and Protection

We may disclose information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or governmental requests;
  • Enforce our Terms of Service or other agreements;
  • Protect the rights, property, or safety of OAK, our users, or others;
  • Detect, prevent, or address fraud, security, or technical issues;
  • Respond to claims that any content violates the rights of third parties.

5.5 With Your Consent

We may share information for any other purpose with your explicit consent.

5.6 No Sale of Personal Information

We do not sell your personal information to third parties. We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.

6. Mobile Opt-In Data Protection

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of information described in this Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, except as required to provide the messaging service or as required by law.

This protection applies to phone numbers, consent records, opt-in timestamps, and any other information collected specifically for the purpose of SMS consent and messaging program enrollment.

7. Data Retention

7.1 Retention Periods

We will retain your personal information for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

Specifically, we retain information:

  • For as long as your account is active;
  • As needed to provide you services;
  • As necessary to comply with our legal obligations;
  • To resolve disputes;
  • To enforce our agreements.

7.2 Maximum Retention Period

No purpose in this Privacy Policy will require us to keep your personal information for longer than twenty-four (24) months past the termination of your account, unless required by law or for the establishment, exercise, or defense of legal claims.

7.3 Deletion and Anonymization

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if deletion is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

7.4 Post-Termination Data

Upon termination of your account (other than for breach), you may request a copy of your Customer Data within 30 days. After 30 days, we may delete your Customer Data and have no obligation to retain it.

8. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

8.1 Technical Measures

  • Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for data in transit;
  • Encryption of sensitive data at rest;
  • User authentication with unique usernames and encrypted passwords;
  • Session management using advanced security methods;
  • Firewalls and intrusion detection systems;
  • Regular security assessments and vulnerability testing.

8.2 Organizational Measures

  • Access controls limiting data access to authorized personnel;
  • Employee training on data protection and security;
  • Confidentiality obligations for employees and contractors;
  • Incident response procedures.

8.3 Infrastructure Security

  • Data stored on secure, redundant infrastructure;
  • Regular data backups;
  • Databases not directly accessible from the public internet.

8.4 No Guarantee of Security

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. You acknowledge that you provide your information at your own risk.

8.5 Unencrypted Transmission Warning

You acknowledge that SMS text messages and voice communications are transmitted unencrypted over telecommunications networks and that interception of communications by third parties is possible. We recommend that sensitive and valuable information be communicated by protected and/or encrypted methods.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We will respond to requests to access, correct, update, or delete your personal information within the timeframes required by applicable law (typically thirty (30) to forty-five (45) days, depending on your jurisdiction). See the state-specific sections below for applicable response timelines.

9.1 Access and Portability

You may request access to the personal information we hold about you and, where applicable, request a copy in a structured, commonly used, machine-readable format.

9.2 Correction

You may request that we correct inaccurate or incomplete personal information.

9.3 Deletion

You may request that we delete your personal information, subject to certain exceptions (such as compliance with legal obligations or defense of legal claims).

9.4 Restriction

You may request that we restrict the processing of your personal information in certain circumstances.

9.5 Objection

You may object to the processing of your personal information in certain circumstances, including processing for direct marketing purposes.

9.6 Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails or by contacting us. Please note that you may still receive transactional or administrative communications.

9.7 Account Information

You may update, correct, or delete your account information at any time by logging into your account settings or by contacting us.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at Legal Email. We may need to verify your identity before processing your request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

10.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers: Name, email address, phone number, IP address, account name;
  • Customer Records: Name, address, telephone number, payment information;
  • Commercial Information: Products or services purchased, purchasing history;
  • Internet/Network Activity: Browsing history, search history, interaction with our website and Service;
  • Geolocation Data: General location based on IP address;
  • Professional Information: Business name, job title;
  • Inferences: Preferences and characteristics drawn from information collected.

10.2 Your California Privacy Rights

As a California resident, you have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it;
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions;
  • Right to Correct: Request correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising;
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.

10.3 OAK as a Service Provider

With respect to Customer Data (including End User information), OAK acts as a "service provider" under the CCPA. We process such information solely on behalf of our Customers and do not retain, use, or disclose it except as necessary to provide the Service or as otherwise permitted by the CCPA. We do not sell personal information received from our Customers.

10.4 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest you will receive different treatment for exercising your rights.

10.5 California "Shine the Light" Disclosure

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information we share with affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties.

If you are a California resident and would like a copy of this notice, please submit a written request to: Legal Email.

10.6 How to Submit a Request

To submit a request to exercise your California privacy rights, please contact us at Legal Email or call us at (813) 515-3550. You may also designate an authorized agent to make a request on your behalf.

10.7 Response Timeline

Upon receiving a verifiable consumer request, we will respond within forty-five (45) days. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

10.8 Verification

We will verify your identity before processing your request. Verification may require you to provide information that matches information we have on file.

10.9 "Do Not Sell or Share My Personal Information"

Although we do not sell or share personal information for cross-context behavioral advertising, California residents may exercise their rights by visiting the "Do Not Sell or Share My Personal Information" link on our website footer or by contacting us at Legal Email.

10.10 Sensitive Personal Information

We do not collect sensitive personal information as defined by the CPRA, including social security numbers, driver's license numbers, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric data, health information, or sexual orientation data, except to the extent you voluntarily provide such information in Customer Data you upload. If you upload sensitive personal information, you are solely responsible for compliance with applicable laws governing such information.

11. Virginia Privacy Rights (VCDPA)

If you are a Virginia resident, you have specific rights under the Virginia Consumer Data Protection Act (VCDPA).

11.1 Definitions

"Consumer" means a natural person who is a resident of the Commonwealth of Virginia acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

11.2 Your Virginia Privacy Rights

As a Virginia consumer, you have the right to:

  • Confirm whether or not we are processing your personal data;
  • Access your personal data;
  • Correct inaccuracies in your personal data;
  • Delete your personal data;
  • Obtain a copy of your personal data in a portable format;
  • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling.

11.3 Response Timeline

Upon receiving your request, we will respond without undue delay, but in all cases within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary, with notice to you.

11.4 Right to Appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning. If you wish to appeal our decision, please email us at Legal Email. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for our decision.

If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint.

11A. Colorado Privacy Rights (CPA)

If you are a Colorado resident, you have specific rights under the Colorado Privacy Act (CPA).

11A.1 Your Colorado Privacy Rights

As a Colorado consumer, you have the right to:

  • Confirm whether or not we are processing your personal data and access such data;
  • Correct inaccuracies in your personal data;
  • Delete your personal data;
  • Obtain a copy of your personal data in a portable format;
  • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects.

11A.2 Response Timeline

Upon receiving your request, we will respond within forty-five (45) days. The response period may be extended once by forty-five (45) additional days when reasonably necessary, with notice to you.

11A.3 Right to Appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning. If you wish to appeal our decision, please email us at Legal Email. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal. If your appeal is denied, you may contact the Colorado Attorney General to submit a complaint.

11B. Connecticut Privacy Rights (CTDPA)

If you are a Connecticut resident, you have specific rights under the Connecticut Data Privacy Act (CTDPA).

11B.1 Your Connecticut Privacy Rights

As a Connecticut consumer, you have the right to:

  • Confirm whether or not we are processing your personal data and access such data;
  • Correct inaccuracies in your personal data;
  • Delete your personal data;
  • Obtain a copy of your personal data in a portable format;
  • Opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects.

11B.2 Response Timeline

Upon receiving your request, we will respond within forty-five (45) days. The response period may be extended once by forty-five (45) additional days when reasonably necessary, with notice to you.

11B.3 Right to Appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning. If you wish to appeal our decision, please email us at Legal Email. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal. If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint.

12. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect information about your use of our Service and to enhance your experience.

12.1 Types of Cookies We Use

Essential/Session Cookies: Required to use the Service. These cookies:

  • Contain encrypted, unique identifiers tied to your account;
  • Allow us to process your online transactions and requests;
  • Maintain your session state;
  • Disappear when you close your browser.

Functional/Persistent Cookies: Used to identify returning visitors and remember your preferences. These cookies:

  • Do not store account numbers or passwords;
  • Help us provide personalized service;
  • May persist for a defined period after your browser session ends;
  • Can be blocked via browser settings.

Analytics Cookies: Help us understand how visitors interact with our website and Service, allowing us to improve functionality and user experience.

Marketing Cookies: May be used to deliver relevant advertisements and track the effectiveness of our marketing campaigns (with your consent where required).

12.2 Do Not Track

We do not place persistent cookies on any computer where the browser provides a "Do Not Track" signal. Session cookies are required for Service functionality, and we do not recognize Do Not Track requests with respect to session cookies necessary for the operation of the Service.

12.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set. Please note that if you disable or refuse cookies, some features of the Service may not function properly.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

13. International Data Transfers

OAK is based in the United States. Your information may be processed and stored in the United States or other countries where our service providers maintain facilities.

13.1 Transfers Outside Your Jurisdiction

If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States. Data protection laws in the United States may differ from those in your jurisdiction.

13.2 Safeguards for International Transfers

Where required by applicable law, we implement appropriate safeguards for international data transfers, including:

  • Standard Contractual Clauses approved by relevant authorities;
  • Data processing agreements with appropriate data protection provisions;
  • Other lawful transfer mechanisms as appropriate.

13.3 EU-U.S. Data Transfers

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms as described above. If we certify under the EU-U.S. Data Privacy Framework in the future, we will update this Privacy Policy accordingly.

14. European Economic Area and United Kingdom Privacy Rights

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have specific rights under the General Data Protection Regulation (GDPR) and UK GDPR.

14.1 Legal Basis for Processing

We process your personal information on one or more of the following legal bases:

  • Contract: As necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our Service to you, to respond to requests from you, or to provide customer support;
  • Legitimate Interests: Where we have a legitimate interest that is not overridden by your data protection rights, such as improving our Service, preventing fraud, and ensuring security;
  • Legal Obligation: As necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders;
  • Consent: Where you have given us your explicit consent to process your personal information for a specific purpose.

14.2 Your GDPR Rights

Subject to applicable law, you have the right to:

  • Access: Request information about whether we hold personal information about you and request copies of such information;
  • Rectification: Request that inaccurate personal information be corrected;
  • Erasure: Request deletion of personal information that is no longer necessary for the purposes for which it was collected, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
  • Restriction: Request that we restrict the processing of personal information where the processing is inappropriate;
  • Objection: Object to the processing of personal data;
  • Data Portability: Request portability of personal information that you have provided to us, where processing is based on consent or contract and carried out by automated means;
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time (this will not affect the lawfulness of processing before withdrawal);
  • Lodge a Complaint: Lodge a complaint with a supervisory authority.

14.3 Transfers Outside the EEA/UK

When we transfer your personal information outside the EEA or UK, we do so in accordance with the terms of this Privacy Policy and applicable data protection law. This may include the transfer of data in accordance with Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

14.4 Contact for EEA/UK Residents

If you are located in the EEA or UK and have questions about our privacy practices or wish to exercise your rights, please contact us at Legal Email.

14.5 Geographic Limitations

IMPORTANT: The Service is intended for use within the United States. We do not intentionally offer the Service to, market to, or collect personal information from individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland. If we discover that a user is located in the EEA, UK, or Switzerland, we reserve the right to terminate their account and delete their data. Individuals located in the EEA, UK, or Switzerland should not use the Service.

If OAK expands its services to the EEA or UK in the future, we will appoint appropriate representatives under GDPR Article 27 and UK GDPR Article 27, and update this Privacy Policy accordingly.

15. Anonymized and Aggregated Data

"Anonymized & Aggregated Usage Data" means analytics, metrics, statistics, trends, patterns, system performance data, model learnings, and other derived information generated from operation of the Service in aggregated and irreversibly anonymized form such that it cannot reasonably identify any individual, account, phone number, calendar event, recipient, or specific message.

OAK exclusively owns all Anonymized & Aggregated Usage Data. Such data:

  • Does not constitute Personal Data;
  • Falls outside the scope of GDPR, CCPA/CPRA, and similar privacy laws governing Personal Data;
  • May be used, commercialized, licensed, sold, transferred, disclosed, or otherwise exploited for any lawful purpose.

We do not attempt to re-identify such data.

15.1 AI Model Training

We may use Anonymized & Aggregated Usage Data to improve our AI models and Service functionality. We do not use identifiable Customer Data (including message content, contact information, or User Configuration Data) to train AI models without your explicit consent. Any AI improvements derived from anonymized data are designed to benefit all users and do not contain information that could identify you or your contacts.

16. Sensitive Information

We do not intentionally collect or process sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or biometric data) unless you voluntarily provide it or it is included in Customer Data you upload.

16.1 Biometric Information

We do not collect biometric information (including fingerprints, voiceprints, facial geometry, retina or iris scans, or any other biological characteristics that could be used to identify an individual). The Service does not use facial recognition, voice authentication, or any biometric identification technology.

16.2 Healthcare and Regulated Data

If you operate in industries that may involve sensitive personal information (such as healthcare or insurance), you are solely responsible for compliance with applicable laws governing the collection and processing of such information. OAK is not designed to be a HIPAA-compliant service and should not be used to process Protected Health Information (PHI) without a separate Business Associate Agreement.

17. SMS and Messaging

Our Service facilitates SMS and other communications between you and your leads, contacts, and clients. This section addresses privacy considerations specific to our messaging features.

17.1 Message Content Storage

We store message content to provide the Service, maintain conversation history, enable AI-generated responses, and comply with legal and regulatory requirements. Message content may be retained in accordance with our data retention policies.

17.2 Carrier Fees Disclosure

Standard message and data rates charged by mobile carriers may apply to recipients of your messages. OAK does not control carrier fees charged to message recipients.

17.3 Your Responsibilities

As described in our Terms of Service, you are responsible for:

  • Obtaining proper consent from message recipients;
  • Complying with all applicable messaging laws (TCPA, CAN-SPAM, state laws);
  • Honoring opt-out requests;
  • Providing appropriate privacy notices to your End Users.

18. Google API Services

If you choose to sign in or connect your Google Account to our Service, we may request access to certain Google-provided data, including:

  • Calendar access (to view, add, edit, or delete calendar events for appointment booking);
  • Basic profile information (e.g., name and email) via Google SSO.

We use Google-provided data only to provide the services you explicitly request. We do not use Google-provided data for advertising, selling, or any purposes unrelated to the operation of the Service.

OAK's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

18.1 Google Data Retention and Deletion

We retain Google-derived data only for as long as it is necessary to deliver and support the Service. Once you disconnect your Google Account, cancel your OAK account, or request deletion, we will permanently delete all data obtained from your Google Account (unless required by law to retain certain information).

19. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to third-party services, and we are not responsible for the data collection, use, or disclosure practices of any third party.

20. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.

If we learn we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information.

By using the Service, you represent that you are at least 18 years of age, or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Service.

21. Regulated Industries

If you use the Service in regulated industries (e.g., healthcare, finance, insurance, legal, political communications, telecommunications), you are solely responsible for compliance with applicable laws and regulations governing data privacy in your industry.

The Service is not designed to ensure regulatory compliance (including HIPAA, FINRA, SEC, state insurance regulations, or similar requirements), and we disclaim liability arising from regulated-industry use.

If you require specific compliance features or certifications, please contact us to discuss your requirements.

22. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected individuals and relevant authorities as required by applicable law. Our notification will include:

  • The nature of the breach;
  • The categories of data affected;
  • The likely consequences of the breach;
  • The measures we have taken or propose to take to address the breach.

We maintain incident response procedures to detect, respond to, and recover from security incidents.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

We will notify you of material changes by:

  • Posting the new Privacy Policy on this page;
  • Updating the "Last Updated" date at the top of this page;
  • Sending an email notification to the primary account holder (for material changes);
  • Providing a prominent notice within the Service (for significant changes).

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page. Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

23A. Dispute Resolution

Any disputes arising out of or relating to this Privacy Policy, your privacy rights, or our data practices shall be resolved in accordance with the dispute resolution and arbitration provisions set forth in our Terms of Service, which are incorporated herein by reference.

This includes the binding arbitration agreement, class action waiver, and one-year statute of limitations contained in the Terms of Service.

24. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us at:

Oasis Auto Konnect LLC
27524 Cashford Circle Suite 102
Wesley Chapel, Florida 33544

Legal Address:
30 N Gould Street Suite R
Sheridan, WY 82801

Privacy/Legal Inquiries: Legal Email
General Support: Support Email
Phone: (813) 515-3550

When contacting us, please include your name, contact information, and a detailed description of your request or concern. We will respond to your inquiry within a reasonable timeframe.

25. Additional Disclosures

25.1 Sub-Processor List

A list of our sub-processors who process Customer Data on our behalf is available upon request. Please contact Legal Email to request the current sub-processor list.

25.2 Data Processing Addendum

For Customers who require a Data Processing Addendum (DPA) for GDPR or other data protection compliance, please contact us at Legal Email.

25.3 Questions About End User Data

If you are an End User (a contact or lead whose information has been uploaded to our Service by one of our Customers), and you have questions about how your data is processed, please contact the Customer (business) that uploaded your information. OAK processes End User data on behalf of our Customers and may not be able to respond directly to End User requests without the Customer's authorization.