Legal

Privacy Policy

This policy explains what data Oikos and the Oikos Recorder browser extension collect, why we collect it, who we share it with, and the choices and rights you have. Last updated 16 June 2026.

1. Who we are

Oikos ("Oikos", "we", "us", "our") provides a browser-automation service that records a task you perform in your browser, converts it into a reusable workflow with the help of artificial-intelligence models, and replays that workflow on your behalf in a cloud-hosted browser session. This policy covers the Oikos website and dashboard, our APIs, and the Oikos Recorder Chrome extension (together, the "Service"). It should be read alongside our Terms & Conditions.

2. The Oikos Recorder browser extension

The extension's single purpose is to record the interactions you perform on a web page so Oikos can turn them into a reusable, AI-assisted workflow. It only records while you have explicitly started a recording from the extension popup, and it records only in the tab you chose. When you press Stop & Save, the recording is uploaded to your Oikos account; nothing is uploaded otherwise.

While a recording is active, the extension collects:

  • Your interactions with the page — clicks, form submissions, dropdown selections, checkbox/radio changes, and text you type into fields.
  • The text you enter into form fields, so the workflow can later reproduce it. This field text is captured purely as website content — the raw input you supply to a page as a step in the task — and is not collected to identify you or used as personal-profile data. Sensitive fields are deliberately not captured: the extension detects and omits the values of password fields and fields that look like card numbers, CVV/CVC, SSN or PINs — these values are never read or transmitted. We do not deliberately collect personally identifiable information, authentication credentials, payment details, health data, personal communications, or your location.
  • Page context — the URLs of the pages you visit during the recording, and limited information about the elements you interact with (such as their accessible name, role, nearby label text and CSS/XPath path) so the element can be re-located when the workflow runs.
  • Screenshots of the visible area of the recorded tab, captured at key moments (navigation, click, submit, change), so you and the AI have a visual record of each step. A screenshot may incidentally include whatever is shown on the page at that moment.

Recording state and captured events are held in the browser's local storage on your device only until they are uploaded to your account, after which the local copy is cleared. The upload is attributed to you using your existing Oikos login session, so you must be signed in to Oikos in that browser for a save to succeed.

Extension permissions and why we need them

  • activeTab / tabs — to identify and record the tab you choose.
  • scripting — to load the recorder into a tab that was already open when you started recording.
  • storage — to hold recording state and captured events locally until they are uploaded.
  • host access to all sites (<all_urls>) — because you may choose to record a task on any website, the recorder must be able to run on the site you decide to record. It is inactive on every site until you start a recording there.

3. Information we collect through the rest of the Service

  • Account information — your name, email address and a salted cryptographic hash of your password (we never store your password in plaintext).
  • Your content — recordings and their screenshots, the workflows generated from them, the inputs you provide to runs, and run logs and run screenshots that form an auditable record of what each run did.
  • Billing information — your subscription plan and status. Card payments are processed by Stripe; we do not see or store your full card number.
  • Support and communications — messages you send us and the email address you send them from.
  • Basic technical data — standard server logs (such as IP address, browser type and timestamps) used to operate and secure the Service.

4. How we use your data

  • To provide the core Service: store your recordings, convert them into workflows, run those workflows, and show you the results and audit trail.
  • To authenticate you and keep your account secure.
  • To process payments and manage your subscription.
  • To respond to your support requests.
  • To maintain, debug, secure and improve the Service.
  • To comply with our legal obligations.

We do not sell your personal data. We do not use the data collected by the extension for advertising, and we do not transfer it to third parties for any purpose unrelated to providing the Service. We do not use it to determine creditworthiness or for any lending purpose.

5. Who we share data with (sub-processors)

To operate the Service we rely on a small number of trusted third parties, and we share data with them only to the extent needed to provide the Service:

  • Browserbase — provides the ephemeral cloud browser sessions used to run workflows.
  • OpenAI — converts recordings into workflows and assists during runs.
  • Stripe — processes subscription payments.
  • SendGrid — sends transactional email (such as verification and password-reset messages).
  • Our hosting provider — hosts the application and stores your account data.

6. Data retention and deletion

  • Recordings, screenshots, workflows and runs are stored in your account until you delete them or delete your account. You can delete individual recordings, workflows and runs at any time from your dashboard.
  • You can delete your entire account — including stored screenshots and evidence — from your account settings. Deleting your account also cancels any active subscription.
  • Ephemeral sessions: the cloud browser used for each run is temporary. Cookies, logins and site data from a run are not stored by Oikos and do not persist between runs; any third-party login you enter during a run is discarded when the session ends.

7. How we protect your data

We use industry-standard measures to protect your data, including encryption in transit, hashed password storage, and access controls. Values you mark as sensitive in a workflow are masked in audit logs, and the extension never captures the contents of password and other sensitive fields. No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to any issue.

8. Your responsibilities

Because you choose what to record and what inputs to provide, please do not capture other people's personal data, or confidential information you are not entitled to process, in your recordings or run inputs unless you have a lawful basis to do so.

9. Your rights

Depending on where you live, you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing. You can exercise many of these directly from your dashboard, or by contacting us at support@appoikos.org. We will respond in line with applicable data-protection law.

10. Children

The Service is not intended for anyone under 18, and we do not knowingly collect personal data from children.

11. International transfers

Our sub-processors may process data in countries other than your own. Where data is transferred internationally, we rely on appropriate safeguards as required by applicable law.

12. Changes to this policy

We may update this Privacy Policy from time to time. If a change is material we will notify you — for example by email or a notice in the dashboard — before it takes effect. The "last updated" date at the top of this page shows when it was most recently revised.

13. Contact

Questions about this policy or your data? Email support@appoikos.org or use the support form.