Privacy Policy

oeili is located at 1050 Bishop Street, Suite 304, Honolulu, HI 96813, United States. You can reach us at peter@oeili.com. This Privacy Policy explains what data we collect, how we use it, and the choices you have. It applies to oeili.com and to the oeili service.

oeili offers two service paths and they have different data implications:

• Bring-your-own-phones (EMM) customers deploy oeili on Android devices that they own. We provide the management plane; the customer's devices originate the proxy traffic.
• Managed-capacity customers use Android devices that oeili operates on their behalf. We control the hardware and the network path.

• Account data: name, email address, company, billing details. Required to provide the service.
• Device metadata: per-device identifiers (model, manufacturer, OS version, last 4 of IMEI used as a stable phone ID), enrollment status, policy compliance status. Sourced from Google's Android Management API.
• Fleet operational data: uptime, IP rotation events, request count and aggregate bandwidth per device, error rates. Used for billing, capacity planning, and abuse detection.
• Audit logs: who in your organization changed which policy, when, and from which IP. Retained for 12 months.

For customers running their own phones, oeili does not see, log, or store the content of proxy requests or responses. Traffic originates on the customer's device and never traverses oeili-operated network infrastructure. We see only the metadata listed above.

For customers using oeili-operated devices, traffic transits equipment under our control. To deliver the service we process:

• Connection metadata: destination hostname, request timing, response status, bytes transferred. Used for billing and abuse detection.
• Aggregate traffic counters per device. Used for capacity, fair-use, and billing.

We do not log full request bodies, response bodies, headers containing customer credentials, or full URLs containing query strings unless required by a court order or to investigate a specific abuse incident under our Acceptable Use Policy.

To operate the oeili service, including: provisioning and managing devices, routing traffic, billing, detecting abuse, providing support, and meeting legal obligations. We do not sell customer data and we do not use customer data to train machine-learning models.

We rely on a small number of vendors to deliver the service:

• Google Cloud / Android Management API — device management plane.
• Cloudflare — edge network, DNS, application hosting.
• Hetzner — primary application hosting (United States).

A current sub-processor list is available on request. We require sub-processors to meet equivalent confidentiality and security obligations.

Customer data is primarily stored in the United States. EU residency is on our roadmap; if you require it before then, contact us — we can sometimes accommodate via deployment-region selection.

• Account data: for the lifetime of the account, plus 30 days.
• Device metadata: for the lifetime of the device's enrollment, plus 30 days.
• Operational logs: 90 days unless extended by contract.
• Audit logs: 12 months.
• Connection metadata (managed-capacity only): 30 days.

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict its processing. We honor verifiable requests under GDPR, CCPA/CPRA, and equivalent laws. To exercise a right, email peter@oeili.com. We respond within 30 days.

A Data Processing Addendum (DPA) is available on request for customers with GDPR or CCPA obligations. Email peter@oeili.com and we'll send a copy.

oeili enforces tenant isolation per customer, encrypts traffic in transit, manages secrets via Cloudflare Secrets Store, and follows industry-standard practices for access control, logging, and patching. No system is impervious; if you discover a vulnerability, please email us — we'll respond promptly.

We update this policy as the service evolves. Material changes will be announced via email to account contacts at least 30 days before taking effect.

Questions, concerns, or requests: peter@oeili.com.

oeili
1050 Bishop Street, Suite 304
Honolulu, HI 96813
United States