Privacy Policy
Last updated: May 2026.
Oakrift is a media-intelligence service operated by Whitescale Labs LLC ("Oakrift," "we," "our," or "us"). This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to oakrift.com, our applications, and any service that links to this Policy.
If you have questions about this Policy, contact us at privacy@oakrift.com.
This Policy does not apply to information we receive about third parties — for example, public news articles, public social-media posts, or other publicly available information about companies and people that Oakrift summarizes in intelligence briefs. The handling of that information is governed by the public sources themselves, the rules of any platforms we ingest it from, and applicable law. See Section 6 — Public Source Material for more.
1. What We Collect
We collect the following categories of information.
Account information. When you create an account, we collect your name, email address, password (which we store as a one-way bcrypt hash — we never have access to the plaintext), and any optional profile information you provide. If you sign in using Google, we receive your name, email address, and the profile image associated with your Google account.
Subscription and billing information. When you purchase a subscription, we receive billing information (such as billing email, plan, subscription state, and trial state) from our payment processor, Stripe. We do not receive or store your full credit card number; Stripe handles that directly. Stripe is the source of truth for billing data.
Workspace and team information. If you create or join a team workspace, we store the workspace name, membership status, invitations you send or receive, and roles within that workspace.
Connected-account credentials. If you connect a third-party account (such as X/Twitter, LinkedIn, Reddit, YouTube, Instagram, or Google) to ingest content for briefs, we store the OAuth tokens needed to access that account on your behalf, along with the provider name, scope of access, and token expiry. These tokens are sensitive; how we handle them is described in Section 4 — Security.
Content you provide to the service. This includes search queries, configuration of streams and scheduled briefs, alert rules, notes, and any other input you provide to operate the service. For The Read specifically, the draft text you paste is processed in memory and is not stored to our database — only the resulting output is stored.
Generated content. We store the briefs, reads, summaries, alerts, trends, and other outputs Oakrift produces for you, including the source items underlying them, so you can return to historical analysis over time.
Usage information. We collect information about how you use the service: pages viewed, features used, API calls, error reports, and similar telemetry. This is used to operate, debug, and improve the service.
Communications. When you contact us (at hello@oakrift.com, privacy@oakrift.com, legal@oakrift.com, security@oakrift.com, corrections@oakrift.com, or by other means), we keep a record of the communication.
We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws, or under analogous concepts in applicable non-U.S. privacy laws.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain Oakrift.
- Generate the intelligence briefs, reads, summaries, alerts, and other outputs you request.
- Process payments and manage subscriptions.
- Authenticate you and secure your account.
- Communicate with you about the service — including transactional emails, scheduled briefs you've configured, security alerts, account notices, and customer-support responses.
- Debug, monitor, and improve the service.
- Comply with legal obligations, enforce our Terms of Service and Acceptable Use Policy, and protect Oakrift, our users, and others from fraud, abuse, or harm.
We do not use your account inputs, your generated briefs, or content from your connected accounts to train our own AI models. We process content with the third-party AI providers listed in Section 3 under their own data-handling terms.
3. Subprocessors — Who We Share Information With
Oakrift uses the following third-party services to operate. Each receives only the information needed to perform its function. We have, or rely on, contractual data-handling commitments with each. Their own privacy policies govern their handling of data after we transmit it.
| Subprocessor | Function | What it receives |
|---|---|---|
| Neon | Managed PostgreSQL database (primary data store) | All persisted data |
| Vercel | Application hosting, page analytics, and performance monitoring | Pages viewed, performance metrics, IP-derived approximate location |
| Anthropic | Default LLM provider (Claude) used to generate briefs and analysis | Brief prompts, source content, generation outputs |
| OpenAI | Fallback LLM provider (GPT-4o), used only when explicitly configured | Brief prompts, source content, generation outputs (only on fallback) |
| Perplexity | Real-time web research used to ground brief generation | Brief topic, search queries |
| Resend | Transactional email delivery | Your email address, message content |
| Stripe | Payment processing and subscription management | Billing email, payment method (handled by Stripe directly), subscription state |
| Upstash Redis | Rate limiting, locks, and short-lived cache | Request metadata, transient cache values |
| Firecrawl | Web ingestion of news, LinkedIn, and Reddit content for briefs | URLs to fetch (not your personal data) |
| TwitterAPI.io | X/Twitter content ingestion | X/Twitter handles and search queries (not your personal data) |
| Sentry | Error monitoring and session replay | Errors, stack traces, masked session-replay video (see Section 5) |
| OAuth sign-in (web and mobile) | Your Google account name, email, and profile image when you sign in with Google |
We may add or change subprocessors as the service evolves. Material changes will be reflected in the "Last updated" line at the top of this Policy.
We may also disclose information when we believe in good faith that doing so is reasonably necessary to: (a) comply with applicable law, legal process, or government requests; (b) enforce our Terms of Service, Acceptable Use Policy, or this Privacy Policy; (c) protect the safety, rights, or property of Oakrift, our users, or others; or (d) detect, investigate, or prevent fraud, security incidents, or abuse. In the event of a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.
4. Security
Security is an ongoing practice rather than a single feature. Some specifics worth calling out:
- Passwords are stored as one-way bcrypt hashes. We never store your password in plaintext, and we cannot retrieve it for you — if you forget it, you reset it.
- Data at rest in our database is encrypted by default at the storage layer through our managed PostgreSQL provider (Neon). This includes the OAuth tokens we hold for your connected accounts. We are separately evaluating additional application-layer encryption for connected-account credentials as a planned security enhancement.
- Data in transit uses TLS between you and Oakrift, and between Oakrift and our subprocessors.
- Secrets and keys are managed through our hosting platform's environment-variable system and are not exposed to client-side code.
- Access to production data is limited to people who need it to operate the service.
No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law. If you discover or suspect a vulnerability, please contact security@oakrift.com.
5. Analytics, Error Monitoring, and Cookies
Vercel Analytics collects basic usage information about your interaction with our site (pages visited, performance metrics, approximate location derived from IP). It does not use cross-site tracking cookies and does not build personal profiles for advertising.
Sentry monitors errors and provides session-replay recordings to help us diagnose problems. Session replay is configured with privacy-protective defaults: all text input is masked, all media is blocked, and only a sample of normal sessions are recorded (100% of sessions where an error occurs; 10% of sessions otherwise). Request bodies sent to our API endpoints are scrubbed before being transmitted to Sentry.
Cookies and similar technologies. Oakrift uses cookies that are necessary to operate the service:
- A session cookie maintained by our authentication system to keep you signed in.
- Short-lived OAuth state cookies used when you connect a third-party account.
We do not use cookies for cross-site behavioral advertising. We do not use third-party advertising trackers.
6. Public Source Material
Oakrift ingests publicly available content (news articles, social-media posts, public videos, public transcripts, and similar material) from public sources and from licensed or authorized intermediaries (such as TwitterAPI.io for X/Twitter content and Firecrawl for web ingestion). Briefs and other outputs are interpretive analysis of that public material.
This material is, by its nature, not private to you and is not your personal information. We may store, summarize, transform, and reference it as part of the service.
If you are the subject of an Oakrift brief and believe it contains inaccurate, misleading, or harmful statements about you, please use our correction process at corrections@oakrift.com. See the Notice & Takedown page for the full process. If you are a copyright holder and believe content on Oakrift infringes a copyright you control, please use the DMCA process described on the Notice & Takedown page.
7. How Long We Keep Information
We retain information for as long as needed to provide the service to you, comply with our legal obligations, resolve disputes, and enforce our agreements. In practice:
- Account information is retained while your account is active and for a reasonable period after closure to handle billing and disputes.
- Generated briefs, reads, and other outputs are retained while your account is active, so you can return to historical analysis over time.
- Source content ingested for briefs (news articles, social posts, transcripts) is not personal information about you and is retained for the lifetime of the analyses that reference it, independent of your account. See Section 6 — Public Source Material.
- The Read drafts you paste are processed in memory and not stored.
- Long-inactive accounts may be archived or deleted; we will give you notice before this happens.
- Logs and error data are retained per our subprocessors' default retention windows.
When you delete your account (see Section 8), data associated with your account is removed from our database according to the cascade described there.
8. Your Choices and Rights
You can:
- Access and update most of your account information directly in the Oakrift application.
- Export the briefs and outputs associated with your account through the export features in the product.
- Disconnect a third-party account at any time from within the Oakrift application. Note that disconnecting in Oakrift removes our stored credentials but does not necessarily revoke the access grant at the third-party provider's end. To fully revoke access, you should also visit the provider's settings (for example, in your Google, X, or LinkedIn account) and remove Oakrift's access there.
- Delete your account at any time. When you delete your account, we remove your personal account data and the cascading content tied to it (your workspaces if you are the sole member, your generated briefs and reads, your connected-account credentials, your scheduled briefs and alerts) from our database. To also revoke Oakrift's access to your connected accounts at the source, please disconnect Oakrift in each provider's settings as described above. Provider-side revocation directly from our delete flow is on our roadmap.
Depending on where you live, you may have additional rights under applicable law — including rights to access, correct, delete, or restrict our processing of your personal information, to opt out of certain uses, or to receive your information in a portable format. To exercise any of these rights, contact us at privacy@oakrift.com. We may need to verify your identity before fulfilling a request.
We do not discriminate against you for exercising these rights.
9. International Data Transfers
Oakrift is operated from the United States, and our subprocessors are predominantly U.S.-based. If you access the service from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection rules than your home jurisdiction.
10. Children
Oakrift is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@oakrift.com and we will take appropriate steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" line at the top of this Policy, and changes take effect when posted. If a change materially affects how we use your information, we will give you reasonable additional notice (for example, by email or an in-app notice).
12. Contact
Questions, requests, or concerns about this Privacy Policy:
Privacy Contact Whitescale Labs LLC Email: privacy@oakrift.com Mail: 390 NE 191st St STE 47651, Miami, FL 33179