OXPI

Last updated: June 9, 2026

Privacy Policy

This Privacy Policy explains how OXPI collects, uses, stores, shares, and deletes information when users access the OXPI platform, including information received through Google APIs and Meta APIs.

Who we are

OXPI provides an AI-assisted business operations workspace for managing leads, customers, quotes, payment pages, documents, WhatsApp communication, appointments, reminders, and calendar scheduling. For privacy questions, contact support@oxpi.co.il.

Information we collect

  • Account information, such as name, email address, phone number, company, role, and login details.
  • Business data entered by users, including leads, customers, tasks, reminders, quotes, documents, payment records, and messages.
  • Usage and technical data, such as request logs, device information, IP address, timestamps, and error logs.
  • Integration data provided by connected services, including WhatsApp providers, payment providers, Google APIs, and Meta APIs when the user connects them.

Google user data

OXPI accesses Google user data only when a user chooses to connect Google through Google's OAuth consent flow. OXPI requests access for the following purposes:

  • Identify the connected Google account using basic profile information such as name and email address.
  • Create, update, and delete calendar events on Google calendars the user owns.
  • Create Google Meet conference links for appointments when the user asks for an online meeting.
  • Keep OXPI appointments and Google Calendar events aligned after a user edits or cancels an appointment.
  • Search Gmail for invoice and receipt candidates when the user enables invoice monitoring.
  • Store invoice-monitoring metadata such as selected message headers, snippets, sender/recipient information, dates, attachment filenames, invoice numbers, amounts, and customer match signals.
  • Store selected invoice or receipt attachment files, such as PDFs, so users can view them in OXPI, extract invoice fields where possible, and prepare accountant export packages.

OXPI stores OAuth access and refresh tokens in encrypted form. OXPI does not sell Google user data, does not use Google user data for advertising, and does not use Google Workspace API data to train generalized or non-personalized AI or machine learning models. OXPI does not store full Gmail message bodies and does not store unrelated Gmail attachments.

OXPI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Meta user and business data

OXPI accesses Meta user and business data only when a user chooses to connect Facebook or Instagram through Meta's OAuth consent flow. OXPI requests Meta permissions to operate features the business user controls inside OXPI.

  • Identify the connected Meta account and permission status.
  • List Facebook Pages, ad accounts, Instagram business accounts, and lead forms that the user can select.
  • Receive Lead Ads webhook notifications and retrieve full lead details for the selected Page and form.
  • Create or manage ad campaign drafts and approved campaign actions when the user authorizes ad spend.
  • Publish approved Page or Instagram posts according to the business user's social calendar.
  • Prepare approved replies or responses for comments and messages when the business enables those features.
  • Sync CRM lead status feedback with Meta where the business user configures that mapping.

OXPI stores Meta OAuth tokens and Page tokens in encrypted form. OXPI does not sell Meta data, does not use Meta data for unrelated advertising, and does not use Meta data to train generalized or non-personalized AI or machine learning models. AI assistance is used only to provide features requested by the connected business, such as draft campaign text, suggested replies, summaries, and operational recommendations.

How we use information

  • Provide, secure, maintain, and improve the OXPI platform.
  • Operate user-facing features such as scheduling, reminders, WhatsApp messaging, payment pages, quotes, and customer management.
  • Sync appointments with Google Calendar after the user connects Google.
  • Find invoice and receipt candidates in Gmail, store selected invoice files, display matched candidates in the customer panel, and prepare accountant export packages.
  • Sync selected Meta Lead Ads leads into OXPI, manage approved campaign actions, publish approved social posts, and keep selected CRM feedback aligned with Meta where enabled.
  • Respond to support requests, investigate errors, prevent abuse, and comply with legal obligations.

How we share information

OXPI does not sell personal information. We may share information with service providers only when needed to provide the product, such as hosting, communication, payment, security, analytics, or calendar integration services. These providers may process information only for the services they provide to OXPI. We may also disclose information when required by law, to protect users, or to secure the platform.

Data retention

OXPI keeps account and business data while the account is active or as needed to provide the service, comply with legal obligations, resolve disputes, maintain audit trails, and enforce agreements. Google OAuth tokens are retained only while the relevant Google or Meta integration remains connected. Imported Gmail invoice candidate metadata and selected invoice attachment files are retained while needed to provide invoice monitoring and accountant export features, unless the user disconnects the integration or requests deletion. Meta lead, campaign, asset-selection, and audit metadata is retained while needed to provide lead sync, campaign management, social publishing, support, security, and compliance features, unless the user disconnects the integration or requests deletion.

User choices and deletion

  • Users can disconnect Google inside OXPI, which revokes OAuth access and removes stored tokens.
  • Users can disconnect Meta inside OXPI, which revokes OAuth access where available and removes stored Meta tokens.
  • Users can revoke OXPI access from their Google Account third-party access settings.
  • Users can revoke OXPI access from Meta Business Integrations settings.
  • Users can request deletion of account or integration data by emailing support@oxpi.co.il.

Security

OXPI uses reasonable administrative, technical, and organizational safeguards, including encrypted token storage, access controls, activity logging, and server security controls. No method of transmission or storage is perfectly secure, but we work to protect user data against unauthorized access, misuse, or loss.

International users

OXPI may process information in countries where OXPI or its service providers operate. By using the service, users understand that their information may be processed outside their country of residence.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and provide notice when required.