Privacy Policy
Last Updated: July 9, 2025
Welcome to Oshli, an online and mobile platform operated by Oshli, located at Portugal. We are dedicated to protecting your privacy and complying with the European Union’s General Data Protection Regulation (GDPR). This Privacy Policy outlines how we collect, process, share, and safeguard your personal information when you use our service (the “Service”). It also details your options for managing your data.
This policy applies to all users, including individuals, business clients, and visitors. Capitalized terms not defined here are explained in our Terms of Use.
Summary:
We explain how we handle your personal information, why we use it, who we share it with, and your rights to control it.
Oshli, based at Portugal, is the data controller responsible for your personal information, except when we process data on behalf of business clients (see Section 11). For inquiries or requests, please reach out to us at info@O.com or contact our Data Protection Officer at dpo@oshli.com.
Summary:
We are responsible for protecting your data, unless acting as a processor for clients.
We gather the following personal data to deliver and enhance the Service:
2.1. Information You Provide
- Account and Interactions: Full name, email, phone number, date of birth, occupation, workplace, postal address, messages (e.g., feedback, questions), and user-created content (e.g., forms, images).
- Purpose: To manage your account, provide the Service, address your inquiries, and enhance your experience.
2.2. Data from Third Parties
- Integrations: Data from platforms like Google or LinkedIn (e.g., user ID, public profile) when you link accounts.
- Social Media: Content shared on platforms like Instagram or profile details (e.g., job title, company) from LinkedIn.
- External Providers: Information from public sources or third parties (e.g., industry, seniority level) to customize communications.
2.3. Automatically Collected Data
- Usage: IP address, device type, operating system, pages visited, interactions (e.g., clicks).
- Tracking Technologies: Cookies, pixels, device identifiers (e.g., UUID, Android/iOS Advertising ID).
- Location: Approximate location (via IP) or precise location (if provided or obtained from partners).
- Server Logs: Data like URLs, browser type, and referring pages.
2.4. Account Content
- Forms, images, videos, documents, and metadata created or uploaded to the Service.
Summary:
We collect data you provide, data from third parties, automated data (e.g., cookies), and account content to operate the Service.
We process your data for the following purposes, based on GDPR legal grounds:
- Deliver the Service (Contractual Necessity): Create and manage accounts, process payments, provide forms, and resolve technical issues.
- Customize Experience (Legitimate Interest): Tailor the Service to your needs (e.g., suggest templates).
- Enhance the Service (Legitimate Interest): Analyze usage, conduct aggregate research, and train AI models (with consent, where needed).
- Marketing and Communication (Consent): Send updates, promotions, or survey invitations (opt-out available).
- Advertising (Consent): Show personalized ads on the Service or third-party platforms.
- Security (Legitimate Interest): Prevent fraud and monitor suspicious activities.
- Legal Compliance (Legal Obligation): Respond to authorities or meet tax obligations.
- Customer Support (Contractual Necessity): Analyze forms to fix errors or respond to inquiries.
Summary:
We use your data to provide, personalize, and improve the Service, communicate, advertise, ensure security, and comply with laws.
We share your data only in these situations:
4.1. Service Providers
Sub-processors (e.g., [AWS, Stripe]) assist with billing, hosting, analytics, or marketing, under GDPR-compliant agreements.
4.2. Public Content
Content you share publicly (e.g., public forms) may be accessed by others and persist in cached or archived copies.
4.3. Teams and Collaboration
Data in teams or shared forms is visible to team members or administrators, who may manage content.
4.4. Employers
If you use a work email, we may share your name and email with your employer (if a client). You can revoke this at [email@company.com].
4.5. Third-Party Integrations
Data may be shared with third-party apps (e.g., YouTube, Slack) if you authorize integration.
4.6. Mergers and Acquisitions
Data may be transferred during a merger or sale, with prior notice.
4.7. Authorities
We share data with legal authorities when required or to protect our rights.
4.8. Aggregated Data
Anonymized data may be shared for analytics purposes.
Summary:
We share data with sub-processors, teams, authorized third parties, authorities, or during mergers, with safeguards.
Your data is processed in the EU, US, and other countries where we or our sub-processors operate. For transfers outside the EEA, we use Standard Contractual Clauses to ensure GDPR compliance.{% endblocktrans.
Summary:
We transfer data globally with legal protections.
We use measures like encryption, secure authentication, and regular audits to protect your data. You are responsible for keeping your credentials confidential.
Summary:
We safeguard your data, but absolute security cannot be guaranteed.
Under GDPR, you have the right to:
- Access your data.
- Correct inaccurate data.
- Request deletion, subject to legal exceptions.
- Restrict processing.
- Request data portability.
- Object to processing (e.g., for marketing).
- Withdraw consent at any time.
Contact us at privacy@oshli.com to exercise these rights. We will respond within 30 days.
Summary:
You have rights over your data and can contact us to exercise them.
We use cookies and similar technologies to operate the Service, analyze usage, and display ads (with your consent). Visit our Cookie Policy to manage your preferences.
Summary:
Cookies improve the Service, but you can manage them.
We retain data while your account is active or as required by law. After account closure, we delete or anonymize data.
Summary:
We keep data only as long as necessary.
We will notify you of significant changes via email or on the Service. Please review this policy periodically.
Summary:
We inform you of major changes, but check this policy regularly.
- Controller/Processor: We are the data controller, except when processing data for clients (see Data Processing Agreement).
- Legal Bases: Contractual necessity, legitimate interest, consent, or legal obligation.
- International Transfers: We use safeguards for transfers outside the EEA.
Summary:
We comply with GDPR, acting as controller or processor, with clear legal bases and transfer protections.
For questions or requests, please contact:
- Email:
privacy@oshli.com
- DPO:
dpo@oshli.com
Summary:
We are available to address your privacy concerns.