# Privacy Policy Effective Date: 2026-05-01 This Privacy Policy describes how Oyomi, operated by Ari Hein ("Operator"), collects, uses, and protects information from users of the Oyomi service ("Service"). ## 1. Information We Collect We collect the following information: your email address, provided at account creation; your password, stored in hashed form by Supabase and never accessible to the Operator in plaintext; your search queries, retained temporarily for rate limiting and abuse prevention; and token usage data, used to enforce monthly usage limits. ## 2. How We Use Your Information We use collected information solely to: authenticate your account; enforce rate limits and usage caps; process payments through Stripe; and improve Service reliability. We do not use your data for advertising, profiling, or sale to third parties. ## 3. Third-Party Services Oyomi uses the following third-party services, each bound by their own privacy policies: - [Supabase](https://supabase.com/privacy) — authentication and database storage - [Anthropic Claude API](https://www.anthropic.com/privacy) — AI query processing and event extraction - [Stripe](https://stripe.com/privacy) — payment processing - [Cloudflare](https://www.cloudflare.com/privacypolicy/) — hosting, network security, and CAPTCHA verification Search queries are transmitted to Anthropic for processing. We do not control their data retention practices. ## 4. Data Retention and Deletion Account data is retained until you request deletion or your account is terminated. To request deletion of your data, contact us at arihein2024@outlook.com. We will process deletion requests within 30 days. ## 5. Children's Privacy Oyomi does not collect personal information from users under 13 years of age. Users are required to confirm they are 13 or older at account creation. If we discover an account belongs to a user under 13, we will delete it and all associated data immediately. ## 6. California Residents (CCPA) California residents have the right to: know what personal information is collected; request deletion of personal information; opt out of the sale of personal information (Oyomi does not sell personal information). To exercise these rights, contact arihein2024@outlook.com. ## 7. Security We use industry-standard security practices including encrypted connections (TLS), hashed password storage, and access-controlled databases. No method of transmission or storage is 100% secure. We cannot guarantee absolute security. ## 8. Changes to This Policy We may update this Privacy Policy at any time. Continued use of the Service after changes are posted constitutes acceptance. ## 9. Contact arihein2024@outlook.com ## 10. Access Code Attempt Logging When a user attempts to verify an access code, the system automatically logs the following information: the UTC timestamp of the attempt, the client IP address, and the access code entered in plaintext. This data is stored in a secured database accessible only to authorized operators of the Service. It is used solely for abuse prevention, brute-force detection, and security monitoring. Logs are retained indefinitely unless a deletion request is submitted to arihein2024@outlook.com.