Oido Systems (“Oido”, “we”, “our”) operates Oido Studio, a cloud-based AI agent platform. This Privacy Policy explains what data we collect, how we use it, and the controls you have over your information.
1. Who This Applies To
This policy applies to all users of the Oido Studio cloud platform, including members of organisations that access Oido through a team subscription. If your employer has provided you access, their organisation agreement governs data handling at the workspace level.
2. Data We Collect
Account data — collected at registration:
- Name and email address
- Hashed password (we never store plaintext passwords)
- Organisation name, slug, and billing tier
Platform data — generated while using Oido:
- Agent configurations, names, and instructions you create
- Conversation history between users and agents
- Session identifiers and tab/agent routing data
- Channel connection settings (Telegram, Discord, etc.)
- Extension and MCP server configurations
- Skill definitions created within your organisation
Credentials — stored with encryption:
- AI provider API keys (AES-256-GCM encrypted at rest)
- Integration credentials (encrypted, scoped per organisation)
- Channel tokens (encrypted, never exposed in plaintext in responses)
Usage data — for reliability and improvement:
- Request logs (method, path, status, latency — no request bodies)
- Error traces for debugging (no user content)
- Feature usage aggregates for product decisions
3. Data We Do Not Collect
- We do not track you across other websites
- We do not sell or rent your data to any third party
- We do not use your conversation data to train AI models
- We do not store billing card details (handled by Stripe)
- We do not read your agent conversations for advertising purposes
4. How Data Flows to Third Parties
Oido connects your agents to AI providers and tools that you configure. Data flows only to services you explicitly connect:
- AI providers (OpenAI, Gemini, DeepSeek, OpenRouter, etc.) — your conversation data is sent to whichever provider you configure. Each provider's privacy policy applies to data they receive.
- Channel integrations (Telegram, Discord, WeChat, DingTalk) — messages are routed through the channel platform's API. Their terms of service apply.
- MCP tool servers and n8n workflows — data passed through your configured integrations is subject to those services' policies. You configure these; we route them.
- Stripe — billing information is handled by Stripe. We store only the subscription status, not card details.
No data is shared with Oido partners, advertisers, or data brokers.
5. Organisation Data Isolation
All data — agents, sessions, credentials, conversations, extensions — is stored isolated per organisation. One organisation cannot access another's data. We enforce this at the database layer with organisation-scoped queries and at the execution layer with per-org sandboxed environments.
6. Data Retention
- Active accounts: data retained for the life of the account
- Deleted accounts: data purged within 30 days of deletion request
- Conversation history: retained until deleted by user or account closure
- Logs: system logs retained for 90 days for debugging, then deleted
- Backups: encrypted backups retained for 30 days, then rotated
7. Your Rights
Depending on your jurisdiction, you have rights including:
- Access — request a copy of all data we hold about you
- Correction — update inaccurate information
- Deletion — request full erasure of your account and data
- Portability — export your agent configurations and conversation data
- Restriction — object to specific processing activities
To exercise any of these rights, email privacy@oido.ai. We respond within 30 days.
8. Cookies and Tracking
Oido Studio uses only functional cookies required for authentication (session tokens). We do not use advertising cookies, analytics cookies from third-party providers, or pixel tracking. You can clear cookies at any time; you will be logged out.
9. Security Practices
See our Security page for a full description of the technical and organisational measures we use to protect your data, including encryption standards, access controls, and incident response procedures.
10. Changes to This Policy
We will notify you of material changes via email and in-app notice at least 14 days before changes take effect. Continued use after the effective date constitutes acceptance. We maintain a changelog of this policy on request.
11. Contact
For privacy questions or data requests: privacy@oido.ai
For general inquiries: hello@oido.ai