Privacy Policy
Last Updated: April 15, 2026 Effective Date: April 15, 2026 Oasis Audio is an AI-powered audio generation platform operated by Littlelights US Corporation, a company incorporated in the State of Delaware, United States. The Service enables users to generate audio content based on text and image inputs through our mobile application and AI Skills integration (collectively, the "Service"). We respect your privacy and are committed to protecting it through this Privacy Policy. This policy explains what information we collect, how we use and protect it, and what rights you have regarding your data when you use the Oasis Audio application and related services. This Privacy Policy should be read together with our Terms of Use, which govern your use of the Service.1. Information We Collect
1.1 User Account Information When you create an account or log in to Oasis Audio, we collect: - Authentication credentials: email address, or authentication tokens provided through Apple or Google sign-in - Profile information: display name and avatar that you choose to provide - Account binding data: if you link an existing account from affiliated services (such as OpenClaw or QClaw), we collect the associated account identifier to enable account association We do not require users to provide real names or other personal identity information beyond what is necessary for account creation. 1.2 User Input Content Oasis Audio allows users to input text prompts and images (up to 1 image per request) for the purpose of generating AI-based audio content. We process: - Text prompts submitted in Host mode or Chat mode - Images uploaded as part of a generation request - Chat history between you and the AI assistant within the Service - Memory data: the AI assistant may store preferences and context information (via the Memorize tool) to personalize your experience across sessions User input content is processed to generate the requested audio and improve your experience. We do not use user input content to train our AI models, build advertising profiles, or sell to third parties. 1.3 Local Conversation Data (AI Skills Integration) When you use Oasis Audio through the AI Skills integration (e.g., within OpenClaw or QClaw), the Service may access local conversation history stored on your device to personalize audio generation. Specifically: - What is accessed: recent conversation sessions, daily memory summaries, and your user profile (preferred name, personality type, interests) stored in the default local directories of OpenClaw or QClaw on your device - How it is accessed: all data access is local and read-only — no source files are modified, created, or deleted - What is extracted: the Service searches for keywords related to your audio request and selects 3–5 short relevant fragments to understand your context, emotional tone, and topics of interest - What is NOT extracted: raw conversation logs, file paths, timestamps, or personally identifiable information are not collected or transmitted First-use consent: before accessing local conversation data for the first time, the Service presents a one-time authorization notice explaining what data will be accessed and how it will be used. You must explicitly accept before any local data is read. This consent is stored locally on your device. Sensitive content protection: if the Service detects that composed content may contain sensitive information (such as health, financial, legal, or relationship details, credentials, email addresses, phone numbers, government IDs, or similar personal identifiers), it will display a sanitized preview and require your explicit confirmation before any data is transmitted externally. Credentials, passwords, and private keys are always redacted and never transmitted regardless of user confirmation. 1.4 Generated Audio Content Audio content generated through the Service, including associated metadata, is stored in your account: - Audio files (MP3 format, single-narrator monologue with background music) and cover images - Titles and descriptions - Transcripts and chapter information - Scheduled generation settings (if applicable) 1.5 Usage and Interaction Data We collect information about how you interact with the Service, including: - Audio generation history and daily usage counts - Playback history, favorites, and collections - Search queries within the application - Notification preferences and app settings (language, appearance, theme) 1.6 Automatically Collected Technical Data Like most mobile applications, we automatically collect limited technical data: - Device information: device type, operating system, version, unique device identifiers - Network information: IP address, general geographic location (city/country level, not precise GPS) - App performance data: crash reports, error logs, feature usage statistics - Push notification tokens (if notifications are enabled) 1.7 Information from Third-Party Sign-In Providers When you sign in via Apple or Google, we receive limited information as authorized by you and permitted by the provider (such as your email address and display name). We do not receive your password from these providers.2. Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds: - Performance of a contract: to provide the Service, process your audio generation requests, and manage your account - Legitimate interests: to improve and secure the Service, analyze usage patterns, and prevent fraud, provided these interests are not overridden by your rights - Consent: where you have provided explicit consent, such as enabling push notifications or opting into specific features - Legal obligation: to comply with applicable laws and regulations You may withdraw your consent at any time by adjusting your settings or contacting us.3. How We Use Information
We use collected information for the following purposes: - Service delivery: to operate Oasis Audio, process requests, and generate AI audio content - Account management: to authenticate users, manage account binding, and maintain security - Personalization: to store chat memory and preferences for a tailored experience - Content management: to store and manage your audio library, playback history, and favorites - Notifications: to send push notifications about completed audio generation and scheduled content (when enabled) - Usage management: to enforce daily usage limits and prevent abuse - Improvement: to analyze aggregate usage patterns and improve system performance and reliability - Safety and security: to detect and prevent fraud, abuse, and security incidents - Legal compliance: to comply with applicable laws, regulations, and legal processes We do not sell, rent, or trade your personal information. We do not use your data for targeted advertising.4. Data Sharing and Disclosure
We do not share your personal data with third parties except in the following circumstances: 4.1 Service Providers We engage trusted service providers to help operate the Service: - xplai.ai (www.xplai.ai) — Audio generation. Composed text prompt only (max ~1,000 characters); no raw conversation data, user profiles, or PII. - Cloud hosting and storage providers — Infrastructure. Account data, generated audio files. - AI model providers — Natural language processing, content refinement. Text prompts for processing. - Authentication providers (Apple, Google) — User sign-in. Authentication tokens as authorized by you. - Analytics services — Service improvement. Aggregated, non-personally identifiable data only. Data flow for audio generation: when you request audio generation, the Service composes a short, anonymized text prompt (not exceeding ~1,000 characters) from your input and any personalization context. Only this composed prompt is transmitted to xplai.ai via HTTPS for audio generation. Raw conversation history, session files, user profile data, file paths, timestamps, and personally identifiable information are never transmitted to any external service. Generated audio files hosted on xplai.ai are subject to xplai.ai's own data retention policy (www.xplai.ai). All service providers are contractually bound by data processing agreements that require them to protect your data and use it only for the purposes we specify. 4.2 User-Initiated Sharing When you choose to share or download generated audio content, you control how that content is distributed. We are not responsible for the privacy of content once you share it externally. 4.3 Legal Requirements We may disclose information when required by law, regulation, subpoena, or legal process, or when we believe in good faith that disclosure is necessary to: - Comply with applicable law or regulation - Protect the rights, safety, or property of Oasis Audio, our users, or the public - Detect, prevent, or address fraud, security, or technical issues 4.4 Business Transfers In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.5. International Data Transfers
Oasis Audio is operated by Littlelights US Corporation and is available to users worldwide. The Service supports multiple languages (currently English and Chinese) based on your system language settings. Your information may be processed in the United States or other jurisdictions where our service providers operate. These jurisdictions may have different data protection laws than your country of residence. For EEA/UK users: when we transfer your personal data outside the EEA/UK, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection.6. Data Retention
We retain your data based on the following principles: - Account information — Until account deletion - User input content (prompts, images) — Temporarily during generation; deleted after processing - Chat history and memory data — Until account deletion or manual clearing - Local conversation context (AI Skills) — In-memory during generation only; never persisted by the Service - Composed prompts sent to xplai.ai — Subject to xplai.ai's retention policy (www.xplai.ai) - Generated audio and metadata — Until account deletion or manual deletion by user - Playback history and favorites — Until account deletion or manual clearing - Audit log (if explicitly enabled) — Stored locally on your device; under your control - Technical logs and analytics — Up to 12 months - Security and fraud prevention logs — Up to 24 months Upon account deletion, all associated data (including generated audio, chat history, memory, and personal information) will be permanently removed within 30 days, except where retention is required by law.7. Data Security
We implement reasonable technical and organizational measures to protect your information, including: - Encryption of data in transit (TLS/SSL) and at rest - Access controls and authentication for internal systems - Regular security assessments and monitoring - Secure development practices However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Data Breach Notification In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law, without undue delay.8. Your Privacy Rights
8.1 All Users All users may: - Access and update account information through the app Settings - Delete your account and all associated data - Download your generated audio content - Clear chat history and memory data - Manage notification preferences - Control app settings (language, appearance) 8.2 EEA/UK Users (GDPR) If you are in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR): - Right of access: request a copy of your personal data - Right to rectification: correct inaccurate personal data - Right to erasure: request deletion of your personal data - Right to restrict processing: limit how we use your data - Right to data portability: receive your data in a portable format - Right to object: object to processing based on legitimate interests - Right to withdraw consent: withdraw consent at any time without affecting prior processing - Right to lodge a complaint: file a complaint with your local data protection authority 8.3 California Residents (CCPA/CPRA) If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): - Right to know: what personal information we collect, use, disclose, and sell - Right to delete: request deletion of your personal information - Right to opt-out: we do not sell or share your personal information for cross-context behavioral advertising - Right to non-discrimination: we will not discriminate against you for exercising your rights - Right to correct: correct inaccurate personal information Categories of personal information collected (as defined by CCPA): identifiers (email address, device identifiers, IP address), internet activity information (usage data, search queries), and inferences (user preferences derived from memory data). To exercise any of these rights, please contact us at support@mybonas.com or use the in-app Settings. We will respond to verified requests within the timeframes required by applicable law.9. Children's Privacy
Oasis Audio is not intended for children under the age of 13 (or 16 in the EEA/UK where applicable). We do not knowingly collect personal information from children under these ages. If we learn that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@mybonas.com.10. Third-Party Links and Services
The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes: - We will update the "Last Updated" date at the top of this policy - We will notify you through the application or via email - We will provide a summary of key changes Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Littlelights US Corporation Email: support@mybonas.com For EEA/UK users, you may also contact your local data protection authority if you have concerns about how we process your personal data.13. Supplemental Notices
For Apple App Store Users In compliance with Apple's App Store guidelines, we disclose: the data types collected by the app are listed in our App Store privacy nutrition label. Our data collection practices are consistent with the information provided in our App Store listing. For Google Play Users In compliance with Google Play policies, our Data Safety section accurately reflects the data collection and sharing practices described in this Privacy Policy.