Privacy Policy
This Privacy Policy explains how OIOI Lab ("we", "us", "our") collects, uses, stores, and protects your personal information when you use ApoClock (the "Service"). By using ApoClock you agree to the practices described here.
1. Who We Are
ApoClock is developed and operated by OIOI Lab. If you have any questions about this policy, contact us at: office@oioilab.ai
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address — used for authentication (email/password and magic link sign-in)
- Password hash — stored securely; we never store your plain-text password
- Account creation timestamp and session tokens
2.2 Social Sign-In (OAuth)
If you sign in using Discord, Google, Facebook, or Microsoft, we receive from those providers:
- Your name and email address as provided by that provider
- A provider-specific user ID (we do not receive your password)
- A profile avatar URL (where provided)
We only request the minimum scopes needed for authentication. We do not post to your social accounts on your behalf.
2.3 Workspace & App Data
When you use ApoClock, the following data is stored in our database linked to your account:
- Workspace details — name, description, game type, icon, colour
- Member records — names, cities, timezone offsets, and optional Discord account links that you enter
- Events & groups — event titles, times, recurrence settings, group names
- Settings — your configured working hours, APOC offset, and other preferences
- Custom cities — any custom timezone entries you add
2.4 Discord Integration Data
If you connect Discord features:
- Webhook URLs — stored in your settings to enable posting Goal Seek results to Discord channels
- Discord Client ID & Proxy URL — stored in settings if you configure Guild Sync or OAuth member linking
- Member Discord IDs & avatars — pulled via Guild Sync and stored as part of your workspace member records
We interact with the Discord API on your behalf only to fulfill the features you configure. We are not affiliated with Discord Inc.
2.5 Technical Data
We may collect standard technical data including:
- IP address and browser/device type (for security and abuse prevention)
- Session tokens stored in browser cookies or localStorage
- Error logs (which do not contain personal content)
2.6 Data We Do NOT Collect
- We do not use advertising trackers or sell your data to third parties
- We do not collect payment information (the Service is free)
- We do not use analytics services that track individual behaviour across the web
3. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and operating the Service | Contract performance |
| Authentication and session management | Contract performance |
| Syncing your workspace data across devices | Contract performance |
| Sending magic-link sign-in emails | Contract performance |
| Preventing fraud and abuse | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. Data Storage & Security
Your data is stored in a PostgreSQL database hosted on AWS RDS. The database is deployed within a private VPC and is not publicly accessible. Connections use SSL encryption in transit.
We apply industry-standard security practices including:
- Encrypted connections (TLS) between the app, server, and database
- Password hashing (we never store plain-text passwords)
- Access controls limiting who on our team can access production data
While we take security seriously, no system is 100% secure. Please use a strong, unique password and report any suspected security issues to office@oioilab.ai.
5. Data Retention
- Active accounts — data is retained for as long as your account exists
- Deleted accounts — data is deleted within 30 days of account deletion
- Workspace data — deleted immediately when a workspace is deleted
- Session tokens — expire automatically and are purged periodically
6. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| AWS RDS | Database hosting | aws.amazon.com/privacy |
| Vercel | App hosting & CDN | vercel.com/legal/privacy-policy |
| Discord API | OAuth & integration features | discord.com/privacy |
| Google OAuth | Optional social sign-in | policies.google.com/privacy |
| Nominatim / OpenStreetMap | City geocoding (timezone lookup) | osmfoundation.org |
| timeapi.io | Timezone resolution | timeapi.io |
7. Cookies & Local Storage
ApoClock uses:
- Session cookies — strictly necessary for authentication. These expire when you sign out or after a set period.
- localStorage — used to cache workspace data locally for offline access and performance. This data mirrors what is stored server-side.
We do not use advertising cookies or third-party tracking cookies.
8. Data Sharing
We do not sell your personal data. We may share data only:
- With sub-processors listed in Section 6 (infrastructure providers)
- If required by law or a valid legal process
- To protect the rights, safety, or property of OIOI Lab or our users
Workspace sharing: If you invite other users to a workspace, your workspace name and member data will be visible to those users. You control who you invite.
9. Children's Privacy
ApoClock is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at office@oioilab.ai and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. The "Last updated" date at the top of this page will always reflect the most recent version.
11. Contact Us
For any privacy-related questions or requests:
OIOI Lab
Email: office@oioilab.ai