Privacy Policy

1.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an account: Name, email address, company name, billing address
• Subscribe to a plan: Payment information (processed by our payment processor)
• Connect cloud providers: API credentials and access tokens
• Contact support: Communications and support ticket contents
• Use the Service: Repository URLs, deployment configurations, environment variables

1.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, clicks, timestamps
• Log Data: IP address, access times, error logs, referring URLs
• Performance Data: Page load times, service response times
• Cookies and Similar Technologies: As described in our Cookie Policy

1.3 Information from Third Parties

• Cloud Providers: Account information, resource usage data
• GitHub/GitLab: Repository information, user profile data
• Payment Processors: Transaction status, billing information
• Analytics Providers: Aggregated usage analytics

1.4 Odoo Data

Important: Your Odoo production data (databases, filestore, business data) is stored on your chosen cloud infrastructure, NOT on OEC.sh servers. We do not access, collect, or store your Odoo business data unless specifically required for technical support at your request.

We use collected information to:

2.1 Provide and Improve the Service

• Create and manage your account
• Process deployments and manage infrastructure
• Provide technical support and troubleshooting
• Monitor and improve Service performance
• Develop new features and functionality

2.2 Communicate with You

• Send service-related notifications and alerts
• Respond to inquiries and support requests
• Provide updates about Terms or Policy changes
• Send marketing communications (with your consent)

2.3 Billing and Administration

• Process payments and manage subscriptions
• Send invoices and billing notifications
• Enforce our Terms of Service
• Prevent fraud and abuse

2.4 Legal Compliance

• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our rights and interests
• Enforce our agreements

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, preventing fraud, and marketing (where allowed)
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Where you have given explicit consent for specific processing

We do not sell your personal information. We may share information with:

4.1 Service Providers

Third-party vendors who assist us in providing the Service:

• Cloud infrastructure providers (as selected by you)
• Payment processors (Stripe, PayPal)
• Email service providers
• Analytics providers
• Customer support tools

4.2 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset, subject to confidentiality requirements.

4.3 Legal Requirements

We may disclose information if required by law or in good faith belief that disclosure is necessary to:

• Comply with legal process or government requests
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service
• Prevent illegal activities or protect others

4.4 With Your Consent

We may share information with other parties when you explicitly consent to such sharing.

We retain your information for as long as necessary to:

• Maintain your active account and provide the Service
• Comply with legal, accounting, or reporting requirements
• Resolve disputes and enforce agreements
• Meet legitimate business purposes

Specific retention periods:

• Account data: Duration of account plus 30 days for data export
• Billing records: 7 years (legal requirement)
• Support tickets: 3 years after resolution
• Log data: 90 days
• Analytics data: 26 months (aggregated)

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure authentication with optional two-factor authentication
• Regular security audits and penetration testing
• Access controls and audit logging
• Employee security training and background checks
• Incident response procedures

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we use:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with appropriate safeguards
• Transfers to countries with adequacy decisions where applicable

8.1 Account Information

You can access, update, or delete your account information through the platform dashboard or by contacting us.

8.2 Data Export

You can export your Odoo databases and configuration data at any time through the platform.

8.3 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences.

8.4 Cookies

You can manage cookie preferences through our cookie consent banner or your browser settings. See our Cookie Policy for details.

8.5 EEA/UK/California Residents

Depending on your jurisdiction, you may have additional rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit processing of your data
• Object: Object to certain processing activities
• Withdraw Consent: Withdraw previously given consent
• Lodge Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days (or as required by law).

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

To make a request, email [email protected] or use the contact form. We may verify your identity before processing requests.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at [email protected].

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying a notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights: