Privacy Policy
Effective Date: January 1, 2025
1. Introduction
Welcome to Oatmeet, a smart 1:1 learning and mentorship platform powered by Surfboard Pvt. Ltd. We respect your privacy and are committed to transparency about how we collect, use, share, and protect your information.
This Privacy Policy outlines how Oatmeet handles data in compliance with:
- •General Data Protection Regulation (GDPR)
- •California Consumer Privacy Act (CCPA)
- •Children's Online Privacy Protection Act (COPPA)
- •Indian Information Technology (IT) Act
- •Google API Services User Data Policy
By using Oatmeet, you agree to this Privacy Policy.
2. Scope of this Policy
This Privacy Policy applies to:
- •All users of Oatmeet web and mobile apps
- •Users who log in via Google or grant access to Google services (Calendar, Meet, or profile data)
- •Students, mentors, institutions, and visitors accessing Oatmeet features
- •Partners and collaborators using Oatmeet APIs or integrations
3. Information We Collect
A. Personal Identifiers (Required for Privacy Policy)
- •Name
- •Email address
- •Google ID (for authentication)
- •Unique user ID (system-generated)
- •Country and timezone
- •Contact information you save (name, email, phone, profession, timezone)
B. Google User Data (via OAuth Scopes)
When you connect Oatmeet with your Google Account, we may request access to the following scopes:
| Scope | What We Access | Purpose |
|---|---|---|
| userinfo.email | Your Google Account email | For account creation, login, and identity verification |
| userinfo.profile | Your name & profile picture | To display in your Oatmeet profile for identification |
| calendar.freebusy | Availability from Google Calendar | To check free/busy times and avoid scheduling conflicts |
| calendar.events | View/edit calendar events | To schedule, update, or cancel Oatmeet sessions |
| meetings.space.created | Google Meet conference links created by the app | To generate and attach Google Meet links to mentorship sessions |
C. Usage Information
- •Features used, pages visited
- •Session duration and activity logs
- •IP address, browser, and device details
D. Communication Records
- •Support requests (emails, chats, tickets)
- •Feedback, suggestions, and surveys
E. Device & Technical Data
- •Device model, operating system, app version
- •Crash logs and diagnostics
4. How We Use Google User Data
- Login & Authentication – verify and display your Google name/email.
- Scheduling – check free/busy availability to prevent double-booking.
- Calendar Sync – create, update, and cancel events on your Google Calendar.
- Meet Links – generate and attach Google Meet links to your mentorship sessions.
We do not use Google user data for advertising, profiling, or unrelated purposes.
5. Sharing, Transfer, or Disclosure of Google User Data
We do not sell, rent, or trade Google user data.
Data may be shared only in these cases:
| Purpose | Shared With | Safeguards |
|---|---|---|
| Calendar sync & meetings | Google APIs via OAuth | Secure OAuth 2.0 authorization |
| Hosting & notifications | Authorized cloud service providers | Encrypted storage, GDPR/CCPA contracts |
| Legal compliance | Regulators, courts, or authorities | Only if legally compelled |
| Business transition | Acquiring entity (e.g., merger) | Binding non-disclosure & privacy agreements |
All third parties must comply with GDPR, CCPA, and the Google API Services User Data Policy.
6. Data Protection Measures
Encryption
- •In transit → TLS/HTTPS
- •At rest → AES-256 standards
Access Controls
- •Role-based access for internal staff
- •OAuth 2.0 for Google integrations
- •MFA (Multi-Factor Authentication) for admin access
Monitoring & Audits
- •Regular vulnerability assessments & patching
- •Data backups and disaster recovery
- •Continuous monitoring for unauthorized access
7. Data Retention & Deletion
We retain your personal and Google user data only as long as necessary to deliver services or comply with law.
- Disconnect Google Account: Calendar/Meet access is immediately revoked and deleted.
- Delete Oatmeet Account: All personal and Google-linked data is deleted within 30 days.
- Manual Deletion Request: Email [email protected] → processed within 15 business days.
8. Children's Privacy
- •Oatmeet is for users 13 years and older.
- •Users under 18 require parental or institutional consent.
- •We comply with COPPA, FERPA, and Indian IT Act Section 43A regarding minor protection.
9. Your Rights & Choices
Depending on your region, you may request to:
- •Access and receive a copy of your data
- •Correct, update, or delete your information
- •Export your data in portable format
- •Restrict or object to processing
- •Withdraw consent at any time
Contact: [email protected]
10. International Data Transfers
Your data may be processed or stored in:
- •India
- •Other regions with adequate safeguards
We ensure compliance with GDPR Standard Contractual Clauses (SCCs), CCPA rules, and APEC frameworks for international transfers.
11. Changes to This Privacy Policy
We may update this policy to reflect:
- •Legal or regulatory changes
- •Product improvements
- •Security enhancements
You will be notified via in-app banners or email alerts.
12. Contact Us
If you have questions or concerns regarding this Privacy Policy or your Google data:
Address
Surfboard Pvt. Ltd, Virar, India