Oath Privacy Policy

Your browsing stays yours.

Oath blocks adult content on your device. We do not receive your browsing history, DNS requests, visited domains, or search history. This policy explains the limited data we do process.

Effective and last updated: 12 July 2026

1. Who is responsible

This policy applies to the Oath mobile app and the website at takeoath.app. The controller responsible for processing is:

Yasemin Basar, Einzelunternehmen
Oswald Redlich Straße 36
1210 Vienna
Austria
info@takeoath.app

2. What always stays on your device

Oath uses an on-device VPN service to filter DNS requests. The service checks requested domains against a local blocklist. It does not send your DNS traffic through an Oath server.

We do not collect or transmit:

  • browsing history, visited domains, or search history;
  • individual DNS requests or blocked-site attempts;
  • the personal reasons you enter for taking an Oath;
  • daily check-ins or mood entries; or
  • your onboarding answers about your personal experience.

These items remain on your device and are removed when you reset the app or uninstall it, subject to the normal behavior of your device backups.

3. Data we process

Account and authentication

Your email address, account identifier, one-time sign-in records, and authentication timestamps. We use these to create and secure your account and restore an active Oath after a reinstall or device change.

Legal basis: performance of our contract and steps requested before entering it.

Commitment information

Your chosen period and strictness, start and end dates, active, completed, or broken status, attempt number, and progress. We use this to provide, enforce, and restore the commitment you requested.

Legal basis: performance of our contract.

Purchase information

Product, purchase token, transaction status, country, and purchase time received from Google Play. We use this to verify access, restore purchases, prevent fraud, and meet accounting obligations. We do not receive your full card or bank details.

Legal basis: performance of our contract, compliance with legal obligations, and fraud prevention.

Protection and technical information

App version, operating system, request timestamps, IP address in server security logs, and limited protection events such as the cause and duration of an enforcement interruption. We do not attach browsing or DNS activity to these events.

Legal basis: performance of our contract and our legitimate interest in keeping Oath secure and reliable.

Support and voluntary reports

If you contact us or report a wrongly blocked domain, we process your email, the content of your request, and our response. Please do not include unnecessary intimate or health information.

Legal basis: responding to your request, performance of our contract, and our legitimate interest in improving support and blocklist accuracy. If a voluntary report includes health or sex-life information, it is processed only with the explicit consent requested at submission.

4. Website data

The website does not use advertising, analytics trackers, contact forms, or nonessential cookies. Fonts and images are served locally.

Our hosting provider may process your IP address, requested page, access time, browser information, and error data in short-lived server logs. This is necessary to deliver and protect the website. The legal basis is our legitimate interest in secure and reliable operation.

5. Service providers and disclosures

Supabase

Supabase provides authentication, database, and server infrastructure as our processor. The primary Oath project is hosted in the Central EU, Frankfurt region.

Google Play

Google Play distributes the Android app and processes purchases. Google acts under its own privacy terms for its store, account, payment, fraud-prevention, and platform data. Oath receives only the information needed to verify and restore your purchase.

Hosting, email, and professional advisers

Website hosting and email providers process technical or communication data on our behalf. We may disclose limited data to professional advisers, authorities, or courts when necessary to comply with law, protect rights and security, or establish and defend legal claims.

We do not sell personal information. We do not share it for cross-context behavioral advertising, use targeted advertising, or allow data brokers to access it.

6. International transfers

We use European processing locations where practical. Some providers or their support teams may process data outside the European Economic Area, the United Kingdom, or Switzerland. If required, we rely on an adequacy decision, the European Commission's Standard Contractual Clauses, the UK Addendum, or another legally recognized safeguard. You may request information about the safeguards by contacting us.

7. How long we keep data

  • Account and commitment data is kept while your account is active and deleted after a valid deletion request, unless a legal obligation requires limited data to be retained.
  • Purchase and accounting records are kept for the period required by tax, accounting, and consumer-protection law.
  • Support messages and blocklist reports are normally deleted within 12 months after the request is closed.
  • Website and backend security logs are normally deleted within 30 days, unless they are needed to investigate an incident.
  • Deleted data may remain in encrypted backups for up to 90 days before being overwritten.

8. Security

We limit collection, restrict access, use encrypted connections for data in transit, and use access controls provided by our service providers. No system is completely secure, but we use measures appropriate to the limited and sensitive nature of the service. Please contact us immediately if you believe your Oath account has been compromised.

9. Account deletion and your choices

You may request deletion of your Oath account and associated server-side data by emailing Delete my Oath account. We may ask you to verify control of the account email before acting on the request. Deleting an account does not require us to delete records that must be retained by law.

Deleting the app removes data stored only on that device, but does not delete the server-side account. Use the deletion request above for a complete account request.

10. Privacy rights

EEA, United Kingdom, and Switzerland

Depending on the circumstances, you may request access, correction, deletion, restriction, objection, or portability of your personal data. You may withdraw consent at any time for future processing based on consent. You may also complain to your local supervisory authority. In Austria, this is the Austrian Data Protection Authority.

United States

Depending on your state and whether its law applies to us, you may have rights to know, access, correct, delete, or obtain a copy of personal information, to appeal a denied request, and to receive equal service when exercising a privacy right. Oath does not sell personal information, share it for cross-context behavioral advertising, use it for targeted advertising, or profile you for decisions with legal or similarly significant effects. There is therefore no sale or targeted-advertising opt-out required for Oath's own processing.

We will consider reasonable access, correction, and deletion requests from users worldwide, even where a specific local law does not apply. Send requests to info@takeoath.app. We may verify your identity before disclosing or deleting data.

11. Children and teenagers

Oath is intended for people aged 16 and older and is not directed to children under 13. We do not knowingly collect personal information from anyone under 16. If you believe a person under 16 has provided personal information, contact us so we can investigate and delete it where required.

12. Automated processing

Oath automatically applies the local blocking rules and tracks the commitment period selected by you. These actions provide the service you requested. We do not use automated processing to make decisions about you that produce legal or similarly significant effects, and we do not create advertising profiles.

13. Changes and contact

We will update this policy before materially changing how we process personal data. The current effective date appears at the top. If a change materially affects an active account, we will provide an additional notice where required.

Questions, privacy requests, and complaints can be sent to info@takeoath.app.