Privacy Policy

Oscillo — Watch Timegrapher App · Last updated: March 23, 2026

1. Overview

This Privacy Policy explains how Oscillo ("we", "us", "the App") collects, uses, and protects your personal data. We are committed to safeguarding your privacy in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address (Apple Sign-In, or Google Sign-In)
• Username (chosen by you)
• Display name (if provided by your sign-in provider)
• Profile photo URL (if provided by your sign-in provider)
• Authentication provider used

2.2 Watch Collection Data

When you use the App, we store:

• Watch details (brand, model, name, reference number, specifications)
• Timing measurements (rate, beat error, amplitude, beats per hour)
• Watch photos (original thumbnails captured by your camera)
• AI-generated stylised thumbnails
• Wrist log entries (dates you wore each watch)

2.3 Audio Data

The App accesses your device microphone to analyse mechanical watch tick sounds. Audio is processed locally on your device in real time and is not recorded, stored, or transmitted to any server.

2.4 Camera Data

The App accesses your device camera to capture watch photos for identification and collection purposes. Photos are stored locally and synchronised to your cloud account.

2.5 Social Features

If you use social features, we collect:

• Posts and post images
• Comments and interactions (likes)
• Follow relationships

2.6 Device Data

We collect:

• Device token for push notifications
• Basic device information required for app functionality

2.7 Subscription Data

If you subscribe, Apple processes your payment. We receive subscription status information from Apple but do not have access to your payment details.

3. How We Use Your Data

We use your data to:

• Provide and operate the App's core features
• Synchronise your watch collection across devices
• Deliver push notifications you have opted into
• Generate AI-stylised watch thumbnails
• Identify watch brands and models from photos
• Display social feed content
• Improve the App and fix bugs
• Communicate important service updates

4. Legal Basis for Processing

We process your data based on:

• Contract performance (Art. 6(1)(b) GDPR): To provide the services you have signed up for
• Legitimate interests (Art. 6(1)(f) GDPR): To improve the App and ensure security
• Consent (Art. 6(1)(a) GDPR): For push notifications and optional social features

5. Data Storage and Transfers

Your data is stored on servers provided by Supabase within the European Union. Watch photos and feed images are stored in cloud storage buckets.

We do not transfer your personal data outside the EU/EEA unless required by a third-party service provider, in which case appropriate safeguards (such as Standard Contractual Clauses) are in place.

6. Third-Party Services

The App uses the following third-party services:

• Supabase (authentication, database, storage, edge functions) — EU-hosted
• Apple Sign-In — subject to Apple's privacy policy
• Google Sign-In — subject to Google's privacy policy
• RevenueCat — subscription management
• Apple App Store — payment processing

Each provider processes data according to their own privacy policy.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• Account data is deleted immediately
• Watch collection data, measurements, and photos are deleted within 30 days
• Social feed content is removed immediately
• Backups containing your data are purged within 90 days

8. Your Rights

Under the GDPR, you have the right to:

• Access your personal data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Erase your data ("right to be forgotten") (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability — receive your data in a structured format (Art. 20 GDPR)
• Object to processing based on legitimate interests (Art. 21 GDPR)
• Withdraw consent at any time without affecting prior processing (Art. 7(3) GDPR)

To exercise these rights, contact us at hello@oscillo.app.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted data transmission (TLS/HTTPS)
• Row-level security on database tables
• Secure authentication with token-based access
• Regular security reviews

10. Children's Privacy

The App is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. The "Last updated" date at the top indicates the most recent revision.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority in Germany is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
https://www.bfdi.bund.de

13. Contact

For questions about this Privacy Policy or to exercise your data protection rights:

hello@oscillo.app