Privacy notice
Last updated: 2026-05-23
Oceanus is an invite-only research platform operated for internal use by Oceanus Research. This notice summarises what we collect, why, and how to exercise your rights under applicable privacy laws (GDPR, UK GDPR, CCPA/CPRA).
What we collect
- Account data — your username, display name, email, role, team, title, optional bio, and avatar image.
- Authentication data — salted password hash, session tokens, optional TOTP secret (encrypted at rest) and recovery code hashes if you opt into two-step verification.
- Activity — research notes, pipelines, watchlists, chat transcripts you create. These belong to you and are visible only to you and accounts you explicitly share with.
- Token usage / cost ledger — to operate the AI features we record per-call input/output token counts and a frozen USD cost. Aggregated per user.
- Consent records — see cookie policy.
What we do NOT collect
- No advertising or third-party tracking pixels.
- No raw IP addresses are persisted beyond request logs (we store a one-way hashed IP on consent records only).
- No biometric or sensitive-category personal data.
Your rights
Depending on your jurisdiction you may have the right to access, correct, export, or delete your data. Self-service: open Settings → Data & account to download a JSON export of your profile, prefs, memory, and chat-session index, or to delete your account.
Contact
Contact your Oceanus administrator for any GDPR / CCPA request that requires manual handling.