Introduction
OceanIR ("we," "our," or "us") is committed to protecting your privacy in compliance with CCPA, GDPR, CPRA, VCDPA, CPA, CTDPA, and other applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website oceanir.ai, use our APIs, or engage with our services.
By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the application.
Information Collected
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.
Directly Provided
- Account Data: Email address, password hashes (bcrypt), profile names.
- User Content: Images, videos, and associated metadata uploaded for analysis.
- Communications: Support tickets, feedback, and email correspondence.
- Payment Info: Billing address and transaction history (via Stripe).
Automatically Collected
- Device Data: IP address, browser type, operating system, and device identifiers.
- Usage Logs: Access times, pages viewed, API endpoint latency, and error logs.
- Cookies: Session tokens and preference settings (see Cookie Policy).
Data Usage
We use the collected information for the following purposes:
- To provide, operate, and maintain our Services.
- To improve, personalize, and expand our Services.
- To understand and analyze how you use our Services (telemetry).
- To develop new products, services, features, and functionality.
- To communicate with you, either directly or through one of our partners, including for customer service, updates, and marketing (if opted in).
- To process your transactions and manage your orders.
- To detect and prevent fraud, abuse, and security incidents.
- To comply with legal obligations and enforce our Terms of Service.
Legal Basis for Processing
If you are from the European Economic Area (EEA), OceanIR's legal basis for collecting and using the personal information described above depends on the Personal Information concerned and the specific context in which we collect it.
We process your data based on:
- Contractual Necessity: Processing is necessary to provide the Services you requested.
- Legitimate Interests: Processing is necessary for our legitimate interests (e.g., security, fraud prevention) and is not overridden by your data protection interests.
- Consent: You have given us permission to do so for a specific purpose (e.g., marketing newsletters).
- Legal Obligation: We need to process your data to comply with the law.
Data Sharing
We do not sell your personal data. We may share information in the following situations:
Service Providers
We share data with third-party vendors who perform services on our behalf, such as payment processing (Stripe), cloud hosting (AWS), email delivery (SendGrid), and analytics (Plausible). These vendors are contractually obligated to protect your data.
Legal Requirements
We will disclose information to law enforcement or other government authorities when required by valid legal process (e.g., subpoena, court order), when we detect illegal activity (e.g. CSAM), or to prevent imminent harm.
Business Transfers
If OceanIR is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data becomes subject to a different Privacy Policy.
International Transfers
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers.
Data Retention
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
Security Measures
We employ a multi-layered security approach to protect your data.
- Encryption at Rest: All database volumes and storage buckets are encrypted using AES-256.
- Encryption in Transit: All data is transmitted over TLS 1.3+. We enforce HSTS.
- Access Control: We use strict Role-Based Access Control (RBAC). Only authorized personnel have access to production data.
- Audits: We conduct regular security audits and vulnerability assessments.
Your Rights
You have rights under GDPR (EU) and CCPA (CA) regarding your personal data.
Exercise these rights by emailing privacy@oceanir.ai. We will respond within 30 days.
California Residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information.
Do Not Sell My Info: We do not sell your personal information. We do not share personal information with third parties for their direct marketing purposes.
Shine the Light: California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes.
Contact
If you have questions about this policy or our privacy practices, please contact us.
