Privacy Policy

Thank you for choosing OxiLeash. We're committed to keeping your data safe and using it responsibly.

Effective: May 29, 2026

Summary — what this means for you

  • We do not sell your personal data.
  • You're in control — request access, export or deletion of your data anytime.
  • We collect only what we need to make OxiLeash work and to keep your pet safe.

I. Applicability of this Privacy Policy

This Privacy Policy describes how Beijing Yuanyuji Technology Co., Ltd. (together with its affiliates, "OxiLeash," "we," "us," or "our") collects, uses, shares and protects information when you visit our website (oxileash.com), purchase OxiLeash hardware, or use the OxiLeash mobile application on iOS or Android (collectively, the "Service").

If you do not agree with this Policy, please do not use the Service.

II. Information we collect

We collect the following categories of information when you use the Service:

  • Account information you provide: email address, name, password (stored as a salted hash), preferred language and country.
  • Pet profile information: pet name, breed, age, weight, photo (optional).
  • Tracker device data: live GPS coordinates, heart rate, blood oxygen, blood pressure, activity, sleep patterns, battery state, firmware version.
  • Purchase information: items ordered, ship-to and bill-to address. Payment card details are collected and processed by Shopify Payments / Stripe — we never see your full card number.
  • App telemetry: anonymized crash logs, page-view and feature-use events used to improve the product.
  • Device information: hardware model, OS version, app version, IP address, time-zone, mobile carrier.
  • Marketing preferences: email subscription status, communications you've consented to.
  • Customer-support interactions: emails, chat transcripts, attachments you send us.

III. How we use information

  • To deliver the core service — show your pet's live location and vital trends in the app.
  • To send alerts (push, SMS, email) when your pet leaves a safe zone or when vitals drift from baseline.
  • To fulfill and ship orders, including providing your address to our shipping carriers.
  • To authenticate logins and prevent unauthorized account access.
  • To provide customer support and warranty service.
  • To improve the app and the hardware through anonymized telemetry.
  • To send transactional emails (order confirmation, shipping, account changes) and — where you have opted in — marketing emails. You can unsubscribe at any time.
  • To comply with legal obligations and respond to lawful requests from public authorities.

IV. Legal basis (EEA / UK / Swiss users)

If you are in the European Economic Area, the United Kingdom or Switzerland, we process your personal data on one of the following legal bases under Article 6 of the GDPR (and equivalents):

  • Performance of a contract — when you place an order or use the Service we provide.
  • Legitimate interests — to operate, secure and improve the Service; to detect and prevent fraud.
  • Consent — for marketing emails, optional analytics cookies and other purposes for which we ask separately. You can withdraw consent anytime.
  • Legal obligation — to comply with applicable laws (tax, accounting, lawful enforcement requests).

V. Data retention

We retain personal data only as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law. General retention windows:

  • Account data — for the life of your account; deleted within 30 days of account deletion request.
  • Order records — 7 years (accounting/tax obligations).
  • Tracker location history — rolling 30 days by default; older points are aggregated or deleted.
  • Vital-sign trend data — rolling 90 days at full resolution; older data aggregated to daily summaries.
  • App telemetry (anonymized) — up to 24 months.
  • Customer-support emails — up to 3 years after ticket close.
  • Marketing consent records — up to 5 years after last interaction.

VI. Recipients of the data

We do not sell your personal data. We share data only with the service providers that make OxiLeash work, listed below. Each operates under contractual data-protection commitments.

  • Shopify Inc. — e-commerce platform, order processing, customer accounts.
  • Shopify Payments / Stripe, Inc. — payment processing.
  • Cellular SIM and connectivity provider — delivers tracker data to our cloud.
  • Cloud hosting provider (e.g., Amazon Web Services) — stores account and device data.
  • Email service provider — sends transactional and marketing emails.
  • Shipping carriers (e.g., USPS, UPS, DHL) — receives recipient name and address only for delivery.
  • Analytics provider (e.g., Shopify Analytics) — aggregated, anonymized site usage.
  • Law-enforcement or regulatory bodies — only when legally required.

VII. Cookies and similar technologies

oxileash.com uses cookies and similar technologies for three purposes:

  • Strictly necessary — shopping cart, secure checkout, login session. Always on.
  • Analytics — Shopify-native, aggregated. Opt out via Cookie Settings.
  • Marketing / advertising — Meta Pixel, Google Ads tag, Pinterest Tag (only after your consent). Opt out via Cookie Settings or directly in your browser.

You can manage your preferences anytime via the Cookie Settings link in our footer, or by clearing cookies in your browser. Note that disabling strictly-necessary cookies will break checkout.

VIII. Security

We protect your data with industry-standard measures:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted with AES-256.
  • Passwords are stored using salted bcrypt hashes — we never see your plain password.
  • Cellular SIM authentication keys are stored on the SIM and not extractable.
  • Admin access is gated by hardware security keys and two-factor authentication.
  • We perform third-party security reviews annually.

No system is perfectly secure. If you believe your account has been compromised, contact security@oxileash.com immediately.

IX. International data transfers

Your information may be processed and stored in countries outside the one where you live, including the United States and China. Where data transferred from the EEA / UK / Switzerland is sent to a jurisdiction without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.

X. Age limitations

OxiLeash is intended for adults. We do not knowingly collect personal information from anyone under 13 (or under 16 in jurisdictions where that is the local consent age). If you believe a child has provided us data, contact privacy@oxileash.com and we will delete it.

XI. Your rights

Subject to applicable law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectify — correct inaccurate or incomplete data.
  • Delete — ask us to delete your account and associated data ("right to be forgotten").
  • Port — receive your data in a structured, machine-readable format.
  • Restrict / object — restrict or object to certain processing, including marketing.
  • Withdraw consent — at any time, with effect going forward.
  • Lodge a complaint — with your local supervisory authority.

Most of these rights can be exercised directly from your account settings. For anything else, email privacy@oxileash.com. We respond within 30 days.

XII. Your California privacy rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know — what categories of personal information we collect and for what purpose.
  • Right to delete — ask us to delete personal information we have collected from you.
  • Right to correct — inaccurate personal information.
  • Right to opt out — of "sale" or "sharing" of personal information. We do not sell personal information. For tracker-based ad opt-out, see Cookie Settings.
  • Right to limit use of sensitive personal information — request that we limit use of information such as account credentials.
  • No discrimination — we will not deny services, charge a different price, or provide a different level of quality because you exercised these rights.

To exercise your California rights, email privacy@oxileash.com. We will verify your identity before responding.

XIII. Data controller / processor

For purposes of EU/UK data-protection law, the data controller is:

Beijing Yuanyuji Technology Co., Ltd.
Address: Room 422, Building 1, Mingliang Technology Park, Taoyuan Street, Nanshan District, Shenzhen, Guangdong Province, People's Republic of China
Email: privacy@oxileash.com

XIV. Changes to this Policy

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the most recent revision. If we make material changes we will notify you by email or via an in-app notice. Continued use of the Service after the effective date means you accept the updated Policy.

XV. Contact

Questions, requests or complaints:

Privacy team: privacy@oxileash.com
General support: support@oxileash.com
Security reports: security@oxileash.com

See also our Terms of Service and Cookie Policy.

This document is informational only and not legal advice. Customize with your jurisdiction's counsel before public launch.