Privacy Policy
Last updated: 19 June 2026
This Privacy Policy explains how Oswol ("we", "us") collects, uses, and protects personal data when you use oswol.com and the Oswol terminal (the "Service"). We aim to comply with applicable data-protection laws, including Bahrain's Personal Data Protection Law (PDPL), Saudi Arabia's PDPL, and the EU/UK GDPR where they apply.
1. Data we collect
- Account data you provide at registration: name, email, phone (optional), password (stored only as a salted bcrypt hash — never in plain text), country, city, profession, company, and date of birth (optional).
- Authentication data: if you sign in with Google, your Google account email and basic profile.
- Usage data: pages viewed, watchlists, preferences, and feature interactions.
- Technical data: IP address, browser/user-agent, timezone, and language, collected for security and an audit trail.
2. How we use your data
- To create and operate your account and authenticate you.
- To personalise your brief, alerts, and copilot.
- To send the daily Oswol Brief and product updates where you have opted in.
- To secure the Service, prevent abuse, and maintain an audit trail.
- To comply with legal obligations.
3. Legal bases for processing
Where GDPR or a PDPL applies, we process personal data on the bases of: performance of our contract with you (operating your account), your consent (marketing email — which you can withdraw at any time), and our legitimate interests (security, fraud prevention, and improving the Service).
4. Marketing and your choices
Marketing email is opt-in. You can unsubscribe at any time from the email footer or in Settings. Turning off marketing does not affect essential service messages such as security or account notices.
5. Sharing and processors
We do not sell your personal data. We share it only with service providers who process it on our behalf — including Supabase (database and authentication), Google (OAuth sign-in), and Vercel (hosting) — and with market-data providers solely to deliver the data you request. These providers may process data outside your country; where required, we rely on appropriate safeguards.
6. Cookies
We use strictly necessary cookies for authentication and to remember your language preference (the oswol.lang cookie). We do not use advertising cookies.
7. Data retention
We keep account data for as long as your account is active and as needed to comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion as described below.
8. Security
We protect your data with measures including password hashing (bcrypt), access controls, and encrypted transport (HTTPS). No system is perfectly secure, and we cannot guarantee absolute security.
9. Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data; object to or restrict certain processing; withdraw consent; and request portability. To exercise these rights, contact privacy@oswol.com. You may also lodge a complaint with your local data-protection authority.
10. Children
The Service is not directed to children under 18, and we do not knowingly collect their personal data.
11. International users
The Service is operated from the Kingdom of Bahrain. By using it, you understand that your data may be processed in Bahrain and in other countries where our processors operate.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be shown by updating the date above.
13. Contact
Privacy questions or data requests: privacy@oswol.com.