Effective Date: April 18, 2026

This Privacy Policy explains how Oathtrack LLC ("Oathtrack," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal information in connection with the Oathtrack website, hosted platform, mobile applications, resident tools, staff tools, communications features, and related services (collectively, the "Services").

This Privacy Policy applies to information we process as a business operating the Services. In many cases, Oathtrack customers use the Services to manage resident, staff, applicant, and operational information. When we process personal information on behalf of a customer, that customer may act as the party that determines why and how the information is used, and our processing is governed by our agreements with that customer.

1. Scope

This Privacy Policy applies to the Oathtrack website located at www.oathtrack.com, the secure Oathtrack platform, Oathtrack mobile applications, and related interactions such as demo requests, contact forms, support requests, marketing communications, and service administration. It does not apply to third-party websites, mobile applications, integrations, or services that we do not control, even if they are linked from or accessible through the Services.

2. Categories of Information We Collect

Depending on how you interact with the Services, we may collect the following categories of information:

  • Account and contact information, such as name, email address, phone number, job title, organization name, login credentials, and similar identifiers.
  • Billing and transaction information, such as subscription details, payment status, invoices, tax-related details, and limited payment metadata received from our payment processors.
  • Service usage and device information, such as IP address, browser type, app version, device identifiers, approximate location derived from IP, referral pages, feature interactions, crash logs, and diagnostic data.
  • Communications and support information, such as messages you send to us, demo requests, support tickets, feedback, chat interactions, and survey responses.
  • Customer-submitted information, which may include resident records, applicant records, staff records, forms, notes, documents, check-ins, schedules, communications, payment records, and other information submitted to the Services by or for our customers.
  • Marketing and analytics information, such as website visit data, campaign attribution, cookie identifiers, session replay or behavior analytics information, and preferences about receiving communications from us.

3. Sources of Information

We collect information directly from you, automatically through your use of the Services, from the devices and browsers you use, from our customers and their authorized users, from payment processors and service providers, from analytics and advertising partners, and from other third parties lawfully providing information to us.

4. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, SDKs, tags, local storage, session replay tools, analytics tools, and similar technologies to operate the Services, remember preferences, authenticate users, understand traffic and usage patterns, improve performance, troubleshoot issues, detect fraud, measure campaign effectiveness, and support marketing. Some browsers and extensions offer settings that let you reject or limit cookies. If you disable certain cookies or similar technologies, some features of the Services may not function properly.

5. How We Use Information

We may use personal information for the following purposes:

  • to provide, operate, maintain, host, secure, support, and improve the Services;
  • to create and administer accounts, authenticate users, and manage permissions;
  • to process subscriptions, invoices, collections, and related transactions;
  • to provide customer support, respond to inquiries, and communicate with you about your account or the Services;
  • to personalize content, workflows, and communications within the Services;
  • to monitor usage, analyze trends, troubleshoot technical issues, and develop new features;
  • to send service-related communications, updates, notices, reminders, and administrative messages;
  • to send marketing communications, where permitted by law and subject to your choices;
  • to investigate fraud, abuse, security incidents, violations of our agreements, and unlawful activity;
  • to comply with legal obligations, enforce our rights, and protect the rights, safety, and property of Oathtrack, our customers, users, and others; and
  • for any other purpose disclosed at the time the information is collected or as otherwise permitted by law.

6. How We Disclose Information

We may disclose personal information in the following circumstances:

  • With customers and authorized users, when information is submitted into a customer workspace or is needed for the intended use of the Services.
  • With service providers and subprocessors, including cloud hosting providers, infrastructure vendors, payment processors, customer support tools, messaging vendors, analytics providers, and security vendors that perform services on our behalf.
  • With professional advisors and business counterparties, such as lawyers, accountants, insurers, auditors, lenders, or acquirers in connection with legitimate business needs.
  • For legal, compliance, and protection purposes, when we believe disclosure is necessary to comply with law, enforce agreements, detect or prevent fraud, respond to lawful requests, or protect rights, safety, and security.
  • In connection with a business transfer, such as a merger, acquisition, financing, bankruptcy, reorganization, or sale of all or part of our business or assets.
  • With your direction or consent, or as otherwise described to you at the time of collection.

7. Customer-Controlled Data

If you submit information to Oathtrack on behalf of a sober living operator, recovery residence, house manager, or other customer, Oathtrack generally processes that information for the customer that controls the account. That customer is responsible for determining whether the information may be lawfully collected and provided to Oathtrack, for giving any required notices, and for responding to requests concerning that information when required by law. If you are a resident, applicant, staff member, or other person whose information was provided to Oathtrack by one of our customers, you may wish to contact that customer directly first.

8. Sensitive Information

Depending on how customers use the Services, customer-submitted data may include sensitive or high-risk information, including information related to recovery status, treatment history, behavioral notes, location-related check-ins, financial records, identity information, or other protected or sensitive records. Oathtrack processes such information only as needed to provide the Services, support our customers, maintain security, comply with law, and enforce our agreements. Customers remain responsible for ensuring they have all rights and legal authority required to collect, use, and provide such information to us.

9. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, resolve disputes, enforce agreements, comply with legal obligations, prevent fraud, preserve security, and support legitimate business operations. Retention periods may vary depending on the type of information, the sensitivity of the data, legal requirements, and the nature of the customer relationship.

10. Data Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission over the internet, no mobile environment, and no method of electronic storage is completely secure. For that reason, we cannot guarantee absolute security.

11. Your Choices and Rights

Depending on your relationship with Oathtrack and where you live, you may have rights to request access to personal information, request correction of inaccurate information, request deletion, request a portable copy of certain information, object to or restrict certain processing, withdraw consent where processing is based on consent, opt out of certain marketing communications, or appeal our decision on a privacy request. Some rights are subject to exceptions and limitations under applicable law.

You may update certain account information by logging into your account. You may opt out of non-essential marketing emails by using the unsubscribe link in the message. If you would like to make a privacy-related request, contact us using the information at the end of this Privacy Policy. If we process your information solely on behalf of one of our customers, we may direct your request to that customer.

12. U.S. State Privacy Disclosures

Residents of certain U.S. states may have additional privacy rights under applicable law, which can include the right to know whether we process personal information, access categories or specific pieces of personal information, correct inaccuracies, delete personal information, obtain a portable copy of certain information, opt out of targeted advertising, opt out of certain profiling activities, opt out of the sale or sharing of personal information as those terms are defined by law, and appeal the denial of a privacy request. We will not unlawfully discriminate against you for exercising applicable privacy rights.

If a browser-based opt-out preference signal or universal opt-out mechanism is legally required and technically supported for the processing at issue, we will honor it to the extent required by applicable law. We may need to verify your identity and authority before acting on a request.

13. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 through public-facing portions of the Services. If you believe a child has provided personal information to us in violation of law, please contact us so that we can review and take appropriate action.

14. International Transfers

Oathtrack is based in the United States, and personal information may be transferred to, stored in, or processed in the United States or other jurisdictions where we or our service providers operate. Those jurisdictions may have data protection laws that differ from the laws of your jurisdiction. Where required by law, we will implement appropriate safeguards for cross-border transfers.

15. Third-Party Services

The Services may contain links to third-party websites, app stores, payment portals, integrations, or services. We are not responsible for the privacy, security, or content practices of those third parties. We encourage you to review the privacy policies of any third-party service you choose to use.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version with a revised effective date and may provide additional notice through the Services or by email where appropriate. Your continued use of the Services after the updated Privacy Policy becomes effective means the updated Privacy Policy applies to your future interactions with the Services.

17. Contact Us

If you have questions about this Privacy Policy or would like to submit a privacy request, you may contact Oathtrack at info@oathtrack.com or by phone at (484) 925-1580.