OASIS Privacy Policy

Version 2026-07-07

1. What we collect

  • Account data: name, email, role, organization.
  • Operational data (SHOP): equipment list and photos, derived OEE factors, capacity snapshots, schedule load, workforce counts, compliance records you enter, and bids you submit.
  • Team skill matrix (SHOP, entered by you): employee names and optional titles, the roles each person holds with a 1–3 skill level, availability, and optional assignment to a specific machine on your own equipment list. Used only to compute your shop's operator coverage and capacity; never shared person-level with anyone outside your shop's own users.
  • QMS goals and quality KPIs (SHOP): improvement goals you set (KPI, baseline, target, measured values), evidence artifacts you upload, and — where your ERP/MES exposes quality data — current KPI rollups (e.g. first-pass yield, NCR counts) read through your existing ERP connection. Never individual inspection records, non-conformance contents, or customer identities.
  • Supplier spend (Buyers Group): supplier names and annual spend totals from your ERP — no purchase orders, invoices, or line items.
  • Audit data: logins and material actions, append-only.

2. Data minimization at the edge

Shops running the OASIS Edge agent keep raw data on-premises. Only derived answers cross the wire: OEE factors, workforce counts, and supplier annual totals. ERP-side employee records, per-person hours, raw sensor telemetry, integration credentials, and purchase documents never leave your building. The team skill matrix is separate: it is entered by you in OASIS (not pulled from your ERP), and even then only its derived operator-coverage number feeds the network — the names and levels stay within your shop's account.

3. Who sees what

  • Buyers (OEM/GOV/CRMN) see your capabilities, live available capacity, and compliance posture — that is the product. Your capacity already reflects your team's skill coverage, but buyers only ever see the resulting hours and workforce counts — never employee names, roles, or skill levels.
  • Other shops never see your capacity numbers, your supplier spend, or your compliance details. Teaming suggestions show them only a qualitative signal.
  • QMS goal details and evidence artifacts stay within your shop's account. The network only ever sees the effect of your derived QMS trend on your standing rank — never the goals, measured values, or uploaded documents themselves. The trend does not currently affect your live capacity figure; if that changes, these terms will be updated and re-accepted first.
  • ECON users see region-scoped aggregates only, never shop-identifiable rows.
  • Buyers Group pools expose only aggregate dollars and shop counts per supplier, never member-level amounts.

4. Data Dividend

OASIS keeps a ledger of the buyer-side queries your data answers. A future Data Dividend program intends to compensate shops for that contribution; the ledger exists today and is visible to the platform operator only.

5. Retention and deletion

Operational data is retained while your organization has an active account. On termination, we delete shop-identifiable operational data within 90 days; append-only audit records and anonymous aggregates are retained.

6. Security

Session and token authentication, tenant isolation, role- and attribute-based access control, and append-only audit trails protect platform data. CUI-bearing workflows are segregated into authorized government-cloud environments.

Questions? Contact your OASIS onboarding representative.