Privacy Policy
Data controller: Oxygen Labs
Contact: [email protected]; Brisbane, Australia
Overview
Oxygen Labs respects your privacy. This policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, how long we keep it, and the choices available to you. It applies to users of the Lexie consumer application and related services.
What we collect
Categories of personal information we collect:
- Account information: name; email address; username.
- Usage and diagnostics: feature usage; device type; operating system; crash and performance reports.
- Payment information: payment token or billing details supplied to process purchases.
- Profile information: any optional profile fields you add.
- Support and communications: messages you send to our support team; correspondence history.
We do not collect sensitive personal information unless you explicitly provide it.
How we collect information
- Directly from you when you register, update your profile, make purchases, or contact support.
- Automatically while you use the app (analytics, logs, crash reports).
- From third parties only where you have given consent or where permitted by law.
Purposes of processing
We use personal information to:
- Provide and operate the service.
- Process payments and manage subscriptions.
- Respond to support requests and communicate about your account.
- Improve and develop features, fix bugs, and monitor performance.
- Comply with legal obligations and protect legal rights.
We do not sell your personal information.
Legal framework and Australian Privacy Principles
We handle personal information in accordance with the Australian Privacy Principles (APPs) and other applicable laws. Where processing requires consent, we will obtain it. Where processing is based on another lawful basis, we will rely on that basis and explain it on request.
Analytics and third‑party service providers
We use third‑party vendors to provide services on our behalf, including analytics and hosting. Key vendors include Google, Amazon Web Services (AWS), Microsoft (Bing), and Apple for analytics and platform services. These vendors may process data outside Australia. We require vendors to maintain appropriate security and privacy safeguards and limit their use of data to providing services to us.
Cross‑border transfers
Personal information may be transferred to, stored, or processed in countries outside Australia. We take reasonable steps to ensure overseas recipients provide protections comparable to the APPs, including contractual safeguards and vendor due diligence.
Retention
We retain personal information indefinitely to support long‑term account continuity, fraud prevention, historical records, and legal compliance. If you request deletion and no legal or operational reason remains to retain the data, we will securely delete or irreversibly de‑identify it. Certain records (for example, transactional or tax records) may be retained for statutory periods even after account deletion.
Security
We implement industry standard technical and organisational measures to protect personal information, including:
- Encryption in transit (TLS) and encryption at rest where feasible.
- Role based access controls and least privilege for staff access.
- Logging and monitoring of access and activity.
- Regular security reviews and patching.
In the event of a data breach we will take prompt action, notify affected users and regulators as required by law, and remediate the issue.
Sharing and disclosures
We share personal information only:
- With service providers who act on our behalf under contract.
- When required by law or to protect legal rights.
- With your consent for other purposes.
We require third parties to follow contractual privacy and security obligations and to limit secondary use.
Your rights and choices
You may:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Request deletion of your personal information subject to legal or operational exceptions.
- Export a copy of your personal information in a common format.
- Withdraw consent for consent‑based processing.
- Opt out of non‑essential analytics and marketing communications.
To exercise any of these rights contact [email protected]. We will verify your identity and respond within the timeframes required by applicable law.
Complaints and regulatory rights
If you are not satisfied with our response to a privacy request or complaint, you may escalate the matter to the Office of the Australian Information Commissioner or another relevant regulator.
Changes to this policy
We may update this policy from time to time. Material changes will be posted with an updated Last updated date and, where required, notified to users.
Contact
Frequently Asked Questions
Why do you keep data indefinitely
We retain data indefinitely to preserve account continuity, support long‑term access to purchase history, and prevent fraud. Indefinite retention helps with historical records and troubleshooting. If you request deletion and no legal or operational reason remains to retain your data, we will delete or irreversibly de‑identify it.
Which third parties receive my data
We share data with service providers who perform services for us, such as hosting, payments, and analytics. Key analytics vendors include Google, Amazon Web Services (AWS), Microsoft (Bing), and Apple. We require contractual safeguards to limit their use.
Will my data be transferred overseas
Yes. Some vendors process data outside Australia. We take steps to ensure overseas transfers are protected by contractual and technical safeguards consistent with the APPs.
How do I request deletion or export of my data
Email [email protected] with your request and the account email or username. We will verify your identity and respond within applicable timeframes.
What happens if there is a data breach
We will investigate, contain and remediate the breach, notify affected users and regulators as required by law, and take steps to prevent recurrence.