Privacy Policy
1. Operator and Contact
OZmate is operated by RootPilot AI.
2. Scope
This Privacy Policy applies to the OZmate mobile application ("App") and the OZmate website at https://ozmate.app ("Website"). By using the Service, you acknowledge that you have read and understood this policy.
3. Information We Collect
3.1 Account Information — Service-generated user ID, email address, authentication provider information associated with your sign-in method, and password (handled securely by our authentication provider and never stored in plaintext).
3.2 Profile Information — Nickname/display name, @ID, bio, profile icon, and optional contact details, area/location details, and similar profile fields.
3.3 User-Generated Content — Community posts and comments, workplace-list comments, structured experience fields, reports, images, direct messages, and community chat messages.
3.4 Device and Technical Information — Device model, OS version, app version, IP address, language, timezone, FCM/APNs notification tokens, and a device-scoped identifier used for notification delivery and per-device management.
3.5 Usage and Operational Data — The current mobile app release does not include Firebase Analytics, show third-party ads, include Google AdMob or UMP, request Apple's App Tracking Transparency permission, or use IDFA for advertising. App-side event calls are locally disabled for this initial release while App Store privacy disclosures and runtime provider behavior are aligned.
3.6 Location Information — When enabled, location data is processed to display nearby points of interest using Overture Maps data. No background tracking.
3.7 Inquiry Information — Inquiry content, email address, and metadata from support contacts.
3.8 Push Notification Token — FCM device token (with your permission only).
4. Legal Basis for Processing
- Consent (APPI Article 17): Provided when creating an account and agreeing to this policy.
- Contract Performance: Processing necessary to provide the Service.
- Legitimate Interests: Security, fraud prevention, and service improvement.
- Legal Compliance: Processing required by applicable laws.
5. Purposes of Use
- User authentication and account management
- Service operation and delivery
- Content moderation and guideline enforcement
- User safety
- Fraud and abuse prevention
- User support
- Usage analysis and service improvement
- Push notification delivery (with permission)
- Legal and regulatory compliance
6. Third-Party Sharing and Service Providers
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Firebase Authentication | Google LLC | USA | User authentication |
| Cloud Firestore | Google LLC | USA | Data storage |
| Firebase Storage | Google LLC | USA | Storage of uploaded images and similar files |
| Cloud Functions for Firebase | Google LLC | USA | Backend processing, notifications, and security controls |
| Firebase Cloud Messaging | Google LLC | USA | Push notifications |
| Firebase App Check | Google LLC | USA | Abuse prevention |
| Google Analytics | Google LLC | USA | Aggregated website traffic analytics |
The current mobile app release does not include Firebase Analytics, show third-party ads, include Google AdMob or UMP, request Apple's App Tracking Transparency permission, or use IDFA for advertising. If we introduce app analytics, advertising, or advertising-related tracking in a future release, we will update the App, App Store privacy disclosures, and this policy before enabling those features.
We do not sell, rent, or trade your personal information to third parties. We only disclose personal data when required by law.
7. International Data Transfers
Your data is stored and processed on Google LLC servers in the United States through Firebase. Transfers are conducted under Google's Standard Contractual Clauses (SCCs).
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Deleted upon account deletion |
| User-generated content | Hidden from public view upon account deletion; may be retained on the server |
| Direct messages | May be retained for other participants' records after account deletion |
| Analytics logs | Up to 14 months |
| Support tickets | 2 years after resolution |
| Security logs | Up to 1 year |
Data may be retained longer where required by applicable law.
9. Your Rights
Under APPI: Disclosure, correction, deletion, cessation of use, and cessation of third-party provision.
Under Australian Privacy Act 1988: Access, correction, and complaints to the OAIC.
How to exercise: Use the in-app "Delete Account" feature, or email support@rootpilotai.com.
10. Children's Privacy
The Service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18.
11. Security Measures
- All communications encrypted via TLS
- Firebase Security Rules for per-user access control
- Restricted administrative access
- Firebase App Check and related safeguards for app authenticity checks and abuse prevention
12. Cookies and Tracking
The Website uses essential cookies for basic site functionality. The Website also uses Google Analytics (gtag.js) to collect aggregated page-view data such as normalized page URL and path. The current mobile app release does not include Firebase Analytics, show third-party ads, include Google AdMob or UMP, request Apple's App Tracking Transparency permission, or use IDFA for advertising. If we introduce app analytics, advertising, or advertising-related tracking in a future release, we will update the App, App Store privacy disclosures, and this policy before enabling those features.
13. Changes to This Policy
Material changes are posted in the App and on the Website. Re-consent is requested via the in-app consent flow when required. Each version is identified by a version number and effective date.
14. Contact and Complaints
Japan: Personal Information Protection Commission (PPC) — https://www.ppc.go.jp/
Australia: Office of the Australian Information Commissioner (OAIC) — https://www.oaic.gov.au/