Privacy Policy for Oasis OS

This Privacy Policy describes how PAPANIS TRADING S.R.L. (hereinafter referred to as "we," "us," or "our"), CUI: 47521552, Registration Number: J2023001433406, EUID: ROONRC.J2023001433406, collects, uses, and protects your personal data when you use the Oasis OS platform. Oasis OS is an artificial intelligence-based platform designed for the automation of legal and administrative documents. PAPANIS TRADING S.R.L., a company registered in Romania, is the data controller responsible for processing your personal data. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Romanian law.

1. Types of Data Collected

We collect and process the following types of data:

Personal Identification Data: Information that can identify you, such as your name, email address, and other contact details provided by you.
Authentication Credentials: To ensure secure access to your account, we collect and store hashed passwords or OAuth tokens.
Uploaded Documents: The documents you upload (PDF, DOCX, etc.) are processed temporarily and then deleted immediately. They are not stored permanently.
Metadata: We automatically collect IP address, browser information, and device type.
Analytics Data: Similar technologies may collect data about how you navigate the platform to help us improve the experience.

2. Purpose of Data Processing

Data is collected and processed for the following purposes:

Providing Services: To operate the platform and its functionalities and to fulfill our contractual obligations.
Platform Security: To prevent unauthorized access or use, by implementing technical protection measures.
Improving User Experience: To analyze usage and provide personalized technical support.
Compliance with the Law: To respond to legal requests and prevent fraud.

3. Legal Basis for Processing

Our legal basis for processing your personal data is as follows, in accordance with Article 6 of the GDPR:

Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party (Art. 6(1)(b) GDPR).
Legitimate Interest: To ensure platform security and improve services (Art. 6(1)(f) GDPR).
User Consent: We will obtain your consent where required by law (Art. 6(1)(a) GDPR). This can be withdrawn at any time.
Legal Obligation: To comply with applicable legal obligations (Art. 6(1)(c) GDPR).

4. Data Retention Policy

We retain your personal data only for as long as is necessary for the purposes mentioned:

Identification and Authentication Data: Retained as long as the account is active. If it becomes inactive, we will delete the data after notification.
Uploaded Documents: Not stored permanently. They are deleted immediately after processing.
Metadata and Analytics Data: Retained for a maximum of 12 months for analysis and improvement.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your data to third parties for marketing purposes. We may share personal data only in the following cases:

Legal Compliance: To comply with laws, regulations, or official requests.
Service Providers: We collaborate with third parties who are contractually obligated to protect your data.
Explicit Consent: We may share data only with your explicit consent.

6. International Data Transfers

We process your data primarily within the EEA. If we transfer data outside the EEA, we will apply measures such as:

Standard Contractual Clauses (SCC): Signed with recipients to ensure compliance with GDPR.
Other Legal Mechanisms: We will apply recognized legal alternatives where applicable.

Upon request, we can provide you with details about the protection measures implemented.

7. User Rights under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access: You can request access to your data and how it is processed.
Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
Right to Erasure: You can request the deletion of data under certain conditions ("right to be forgotten").
Right to Restriction: You can request the restriction of processing, for example, if you dispute the accuracy of the data.
Right to Data Portability: You can receive the data in a structured format and transfer it to another controller.
Right to Object: You can object to processing in certain situations, including direct marketing.
Right to Lodge a Complaint: With the ANSPDCP (Romanian Data Protection Authority) if you believe your rights have been violated.

To exercise these rights, contact us using the information below. We will respond within a maximum of one month, with the possibility of extending it by two months in complex cases.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data:

Encryption: Data is protected both in transit and at rest.
Secure Servers: We host the infrastructure in data centers with controlled access.
No Document Storage: Documents are not retained after processing.
Access Control: Only authorized personnel have access to personal data.

Although we constantly update our security measures, no method is 100% secure. We cannot guarantee the absolute security of the data.

9. Children's Data

Oasis OS is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent and believe that such data has been transmitted to us, please contact us.

10. Policy Changes

The policy may be updated periodically. Any changes will be published on the platform along with the revision date. Continued use of the platform constitutes acceptance of the updated version.

11. Contact Information

For questions or requests regarding the policy or your rights:

PAPANIS TRADING S.R.L., CUI: 47521552, Nr. înregistrare: J2023001433406, EUID: ROONRC.J2023001433406
Bdul. Basarabia 14, Et. 1 CAM. 1
Bucharest, Romania
E-mail: contact@oasisos.ai

We are committed to responding promptly and professionally to your requests.