Privacy Policy

Oden is a product operated by Skybound Labs, Inc., a Delaware corporation ("Skybound Labs," "Oden," "we," "our," or "us"). We recognise the importance of maintaining your privacy and appreciate your trust in us. This Policy describes how we treat user information we collect on https://getoden.com/ and other online sources. This Privacy Policy applies to current and former visitors to our website and to our online customers. By visiting and/or using our website, you agree to this Privacy Policy.

Information we collect

We collect information in different ways

Cookies and Tracking Technologies

We use cookies and similar technologies (such as local storage and pixels) to operate the Service and understand how it is used. We use the following categories:

• Strictly necessary: Required to deliver the Service (for example, authentication, session management, security).
• Analytics: Help us understand product usage so we can improve features. We use Google Analytics, PostHog, and Microsoft Clarity for this purpose.
• Functional: Remember preferences such as workspace settings.

Where required by law (for example, in the EU/UK), we request your consent before setting non-essential cookies and provide a banner allowing you to accept, reject, or manage your choices.

You can also control cookies through your browser settings. Note that disabling certain cookies may affect functionality. We honour Global Privacy Control (GPC) signals where applicable.

AI Processing of Your Data

Oden is an AI-powered product. To deliver features such as drafting, summarisation, research, and analysis, your inputs (including prompts, uploaded documents, connected workspace content, and other Customer Data) are processed by large language models and other AI systems operated by us and by trusted sub-processors (for example, Anthropic, Google, and OpenAI). A current list is available on our Sub-processors page.

No training on Customer Data. We do not use your Customer Data, prompts, or generated outputs to train, fine-tune, or improve our own foundation models or those of any third-party AI provider. Our AI sub-processors are contractually prohibited from using Customer Data submitted via their APIs to train their generally available models.

Aggregated and de-identified data. We may use aggregated, anonymised, or de-identified information that cannot reasonably be used to identify you (for example, aggregate usage statistics) to operate, secure, and improve the Service.

AI output limitations. Generated outputs are produced probabilistically and may be inaccurate, incomplete, or out of date. You are responsible for reviewing AI-generated content before relying on it. Outputs should not be treated as legal, financial, medical, or other professional advice.

Google User Data Access and Usage

Oden accesses Google user data (including Google Docs and Google Sheets) only when explicitly authorized by the user. The application only accesses:

• Files explicitly selected by the user via the Google Picker, or
• Files created by Oden on behalf of the user.

Oden does not browse, scan, or index Google Drive. All access to Google user data is user-initiated and limited to the specific files selected by the user, and is used only to provide the requested functionality.

Google Docs and Google Sheets content is processed in real time and is not stored by Oden outside of the user's Google Drive. Oden does not share, transfer, or disclose Google user data to third parties, except as necessary to provide and improve the service, as required by law, or with the user's explicit consent. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Security

We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information and Customer Data, including:

• Encryption in transit using HTTPS/TLS;
• Access controls and the principle of least privilege for staff and systems;
• Authentication, including support for single sign-on where available;
• Logging and monitoring for security events; and
• Secure infrastructure, hardening, and storage practices.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

Use of your personal information

We use information to contact you: We might use the information you provide to contact you for confirmation of a payment/transaction on our website or for other promotional purposes.

We use information to respond to your requests or questions. We might use your information to process and fulfil your request for Services or respond to your comments, and queries on the platform

We use information to improve our products and services. We might use your information to customize your experience with us. This could include displaying content based upon your preferences.

We use information to look at site trends and customer interests. We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties.

We use information for security purposes. We may use information to protect our company, our customers, or our websites.

We use information for marketing purposes. Where permitted by applicable law (and, where required, with your consent), we may send you information about special promotions, new features, or products that we believe may be of interest to you. You can opt out of marketing communications at any time as described in "Email Opt-Out" below.

We use information to send you transactional communications. We may send you emails about your account, billing, security, or a support request. These messages are necessary to operate the Service and are not marketing.

We use information as otherwise permitted by law.

Sharing of information with third-parties

We will share information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of USA.

We will share information with our business partners. We may also disclose your Information to third party vendors, consultants, and other service providers who work for the Company and use it only for the purposes for which we disclose it to them. This disclosure may be required for us, for instance, to provide you access to our services and process payments including validation of Your bank accounts, to facilitate and assist our marketing and advertising activities/initiatives, for undertaking auditing or data analysis, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our services.

We may share information if we think we have to in order to comply with the law or to protect ourselves. We will share information to respond to a court order or subpoena. We may also share it if a government agency or investigatory body requests. Or, we might also share information when we are investigating potential fraud.

We may share information with any successor to all or part of our business. For example, if part of our business is sold we may give our customer list as part of that transaction.

We may share your information for reasons not described in this policy. We will tell you before we do this.

Email Opt-Out

You can opt out of receiving marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by emailing support@getoden.com. Please allow up to ten days to process your request. Even after opting out of marketing, we will continue to send you transactional messages necessary to operate the Service (for example, account, billing, or security notifications).

Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

• Right to access: request a copy of the personal information we hold about you.
• Right to correct: ask us to fix inaccurate or incomplete information.
• Right to delete: ask us to delete your personal information, subject to legal exceptions.
• Right to portability: receive your information in a structured, commonly used, machine-readable format.
• Right to restrict or object: limit or object to certain processing, including processing for direct marketing.
• Right to opt out: of the "sale" or "sharing" of personal information and of profiling that produces legal or similarly significant effects, where applicable.
• Right to withdraw consent: where processing is based on consent.
• Right to non-discrimination: we will not deny service or charge different prices for exercising these rights.
• Right to lodge a complaint: with your local data protection authority.

We do not sell personal information for monetary consideration, and we do not knowingly "share" personal information for cross-context behavioural advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

To exercise any of these rights, email support@getoden.com. We will verify your identity before responding and will respond within the timeframe required by applicable law. You may also designate an authorised agent to act on your behalf.

International Data Transfers

Skybound Labs, Inc. is based in the United States, and we and our sub-processors may process personal information in the United States and other countries that may have different data protection laws than your country of residence.

When we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards permitted by applicable law, including the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and, where applicable, the EU-U.S. Data Privacy Framework. Copies of the relevant safeguards are available upon request.

Data Retention

We retain personal information only for as long as necessary to deliver the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention periods are:

• Account information: for the life of your account, plus up to 30 days after deletion to allow recovery, then permanent deletion.
• Customer Data (workspace content, prompts, outputs): for the life of your account, or as configured in your workspace settings; deleted within 30 days after account deletion.
• Billing records: retained for up to 7 years as required by tax and accounting laws.
• Security logs: retained for up to 12 months for incident detection and investigation.
• Marketing preferences: retained until you opt out or close your account.

When retention periods expire, we delete or de-identify the information using commercially reasonable methods.

Sub-processors

We use a limited number of vetted third-party sub-processors (including AI model providers and cloud infrastructure) to deliver the Service. A current list, including the purpose and location of each sub-processor, is published at /subprocessors. We require each sub-processor to provide a level of data protection at least equivalent to that required by this Policy and applicable law.

Data Breach Notification

In the event of a personal data breach affecting your information, we will notify affected users and, where required, the relevant supervisory authority, in accordance with the timelines and requirements of applicable law (for example, within 72 hours where required by GDPR).

Children's Privacy

The Service is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental consent, we will delete it. If you believe we may have collected information from a child, please contact support@getoden.com.

Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no industry standard for responding to DNT signals, we currently do not respond to them. We do, however, honour Global Privacy Control (GPC) signals as opt-out preference signals where applicable law requires.

Third party sites

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third party sites.

Privacy Contact

If you have any questions about this Policy or other privacy concerns, including requests to access, correct, or delete your personal information, you can contact Skybound Labs, Inc. at:

Email: support@getoden.com

Updates to this policy

From time to time we may change our privacy practices. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. Please check our site periodically for updates.

Legal Obligation and Jurisdiction

Skybound Labs, Inc. is a corporation organized under the laws of the State of Delaware, United States. This Privacy Policy and our handling of personal information are governed by the laws of the State of Delaware and the applicable federal laws of the United States, without regard to conflict-of-law principles. Skybound Labs, Inc. and its vendors maintain reasonable security procedures to safeguard your data, as required by applicable U.S. federal and state laws and any other privacy or data protection laws that apply to you (such as the GDPR or CCPA).

If you choose to visit the website, your visit and any dispute over privacy are subject to this Policy and the website's terms of use.