← Back to Oil Watch

Privacy Policy

Last updated: May 11, 2026

1. Introduction

OilWatch LLC ("OilWatch," "we," "our," or "us") operates the website at oilwatch.app and the OilWatch mobile application for iOS and Android (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.

By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

2. Geographic Scope

The Service is offered to users located in the United States only. We process and store personal information on servers in the United States.

If you access the Service from outside the United States, you do so on your own initiative and are responsible for complying with local law. We do not represent that the Service complies with the EU General Data Protection Regulation (GDPR), the UK GDPR, or any other non-U.S. data protection regime.

3. Information We Collect

3.1 Information you provide directly

  • Account information: phone number (required for sign-in), email address, username, profile avatar.
  • Authentication identifiers: if you sign in with Google, we receive your Google account email, name, and profile picture. If you sign in with Apple, we receive your Apple-relayed email address (which may be a private relay address) and, on first sign-in, your name.
  • User-generated content: restaurant submissions you make, including restaurant name, location, oil and cooking fat information, notes, and supporting source URLs you provide.
  • Marketing SMS consent: if you check the marketing SMS opt-in box during sign-up or in your profile settings, we record that you consented along with a timestamp.
  • Support communications: anything you send us by email.

3.2 Information we collect automatically

  • Device and usage information: device type, operating system version, app version, browser type (on web), IP address, approximate location derived from IP, pages and screens viewed, features used, timestamps of actions, and crashes or errors.
  • Approximate or precise location: with your permission, the mobile app uses your device's location services to show nearby restaurants on the map. You can revoke this permission at any time in your device settings.
  • Push notification tokens: if you grant permission, we receive a push notification token from Apple or Google in order to deliver notifications to your device.

3.3 Information from third parties

  • Identity providers: Google and Apple as described above.
  • Phone verification: Twilio confirms whether a phone number is reachable and whether a one-time code was successfully delivered.

4. Phone Number and SMS Verification

4.1 Transactional SMS (verification codes)

We use your phone number to send one-time verification codes via SMS when you sign in or sign up. By entering your phone number and requesting a code, you consent to receive a verification SMS at that number. These messages are transactional and are sent only in response to your action.

  • Message frequency: one verification code per sign-in attempt.
  • Cost: message and data rates may apply from your carrier.
  • Help: reply HELP to any message or email support@oilwatch.app.
  • Opt-out: reply STOP to any message. Opting out of verification SMS will prevent you from signing in, since SMS verification is the primary authentication method.

4.2 Marketing SMS (optional)

We may send promotional SMS messages (new features, restaurant announcements, OilWatch news) only if you have separately opted in by checking the marketing SMS box during sign-up or in your profile settings. Marketing SMS is never required to use the Service.

  • Message frequency: up to 4 messages per month.
  • Cost: message and data rates may apply from your carrier.
  • Help: reply HELP or email support@oilwatch.app.
  • Opt-out: reply STOP to any marketing message at any time, or toggle the marketing SMS setting off in your profile. Opting out of marketing SMS does not affect verification SMS or your account.

4.3 Our SMS provider

We use Twilio Inc. to send all SMS messages. Twilio processes your phone number, the message content, and delivery metadata on our behalf. See Twilio's privacy policy at twilio.com/legal/privacy.

5. How We Use Your Information

We use the information we collect to:

  • Authenticate you and maintain your account
  • Provide, operate, and improve the Service
  • Display restaurant information and user contributions
  • Track and display reputation, tiers, and achievements
  • Send verification codes by SMS
  • Send marketing SMS if you have opted in
  • Send transactional email (password resets, email confirmations, account notifications)
  • Send push notifications you have opted into
  • Respond to your support requests
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms

We do not use your information to train machine learning models, sell your data, or share it with advertisers for cross-context behavioral advertising.

6. How We Share Your Information

We do not sell or rent your personal information. We share it only in the following circumstances.

6.1 Service providers

We share information with third-party processors who help us operate the Service. Each is bound by contract to use your information only as needed to provide their service.

ProviderPurposePrivacy Policy
SupabaseAuthentication, database hostingsupabase.com/privacy
TwilioSMS verification and marketing SMStwilio.com/legal/privacy
MapboxMap tiles, geocodingmapbox.com/legal/privacy
Google PlacesRestaurant search and autocompletepolicies.google.com/privacy
Google OAuthSign in with Googlepolicies.google.com/privacy
AppleSign in with Apple, push notifications (APNs)apple.com/legal/privacy
OneSignalPush notification deliveryonesignal.com/privacy_policy
PostHogProduct analyticsposthog.com/privacy
SentryError monitoring and crash reportingsentry.io/privacy
RevenueCatSubscription management (when premium launches)revenuecat.com/privacy
ResendTransactional email deliveryresend.com/legal/privacy-policy
VercelWebsite hosting and infrastructurevercel.com/legal/privacy-policy
CloudflareDNS, CDN, securitycloudflare.com/privacypolicy

6.2 Public content

Restaurant submissions, profile usernames, profile avatars, and reputation tier are visible to other users of the Service. Do not include private information in restaurant submissions.

6.3 Legal and safety

We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of OilWatch, our users, or others.

6.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

7. Cookies and Similar Technologies

The OilWatch website uses cookies and similar technologies for authentication, security, and analytics. The mobile app uses local device storage and SDKs for the same purposes.

You can disable cookies in your browser settings. Disabling cookies will prevent you from signing in to the website.

8. Push Notifications

If you grant permission, we send push notifications to your device for account activity, restaurant updates near you, and OilWatch news. You can disable push notifications at any time in your device's settings, or for specific categories within the app.

9. Analytics and Crash Reporting

We use PostHog to understand how users interact with the Service so we can improve it. We use Sentry to detect and fix crashes and errors. Both providers may collect device identifiers, IP addresses, and anonymized usage data. Neither is used for advertising.

10. Data Retention

We retain your information for as long as your account is active. When you delete your account:

  • Account data (phone, email, profile) is deleted within 45 days.
  • Restaurant submissions are retained but anonymized (your contributor identity is removed) to preserve the integrity of the community database.
  • Aggregated and de-identified data may be retained indefinitely.
  • Records we are legally required to keep (e.g., tax, dispute resolution, fraud prevention) are retained for the period required by law.

To delete your account, email admin@oilwatch.app from the email address associated with your account, or use the account deletion option in the mobile app's profile settings.

11. Data Security

We use technical and organizational measures to protect your information, including encryption in transit (HTTPS), encryption at rest for our database, scoped access controls, and authentication on all admin systems. No system is perfectly secure. If we discover a breach affecting your information, we will notify you as required by law.

12. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, contact us at admin@oilwatch.app and we will delete it.

13. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you specific rights regarding your personal information.

13.1 Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA/CPRA:

  • Identifiers: name, email, phone number, username, IP address, device identifiers, account ID
  • Customer records: account information
  • Commercial information: subscription status (once premium launches)
  • Internet or network activity: browsing history within the Service, app interactions, search queries
  • Geolocation data: approximate location, precise location (with permission)
  • Audio, electronic, visual, or similar information: profile avatars you upload
  • Inferences: user preferences derived from app activity (e.g., cuisine preferences inferred from saved restaurants)

We do not collect categories of sensitive personal information that would trigger the right to limit, beyond account credentials.

13.2 Sources

We collect this information from you directly, from your device, and from third-party identity providers when you sign in.

13.3 Purposes

We use this information for the purposes listed in Section 5.

13.4 Categories disclosed to third parties

We disclose identifiers, internet activity, and geolocation to the service providers listed in Section 6.1 to operate the Service. We do not sell or share personal information for cross-context behavioral advertising.

13.5 Your rights

You have the right to:

  • Know what personal information we collect, use, disclose, and share
  • Access a copy of your personal information
  • Delete your personal information (subject to legal exceptions)
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information for cross-context behavioral advertising. We do not sell or share personal information.
  • Limit use of sensitive personal information (we do not use sensitive PI beyond what is necessary to provide the Service)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, email admin@oilwatch.app from the account associated with your information, or write to us at the address in Section 17. We will verify your identity before responding, typically by confirming you have access to the email or phone number on your account.

You may also designate an authorized agent to make a request on your behalf. Agents must provide proof of authorization and we may require the consumer to verify their own identity directly.

13.6 California Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

14. Do Not Track

Our website does not respond to "Do Not Track" browser signals because no industry standard exists for how to interpret them. You can manage tracking through your browser settings and the controls described in this policy.

15. Third-Party Links

The Service may contain links to third-party websites (such as a restaurant's own website or its Google Maps page). We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing them information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, where appropriate, by notifying you in the Service or by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact Us

For privacy questions or to exercise your rights, contact:

OilWatch LLC
c/o Gil J Abadi
767 Broadway #1740
Manhattan, NY 10003
United States

Email: admin@oilwatch.app

Website: oilwatch.app

Terms of ServiceBack to App