Privacy Policy
Last updated: July 23, 2025
GDPR Compliance Statement
Open Code Mission is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently, ensuring that we only collect data necessary for our legitimate business purposes.
We maintain comprehensive records of our data processing activities and conduct regular privacy impact assessments to ensure ongoing compliance with GDPR requirements.
Age Verification and Minors Protection
We are committed to protecting the privacy of minors and comply with age verification requirements across multiple jurisdictions.
Minimum Age Requirements
- You must be at least 18 years old to create an account and use our services
- We do not knowingly collect personal data from individuals under 18 without parental consent
- If we discover we have collected data from a minor, we will delete it immediately
Parental Consent Procedures
- EU (GDPR): Parental consent required for users under 16 years old
- US (COPPA): Parental consent required for users under 13 years old
- Canada (PIPEDA): Parental consent required for users under 13 years old
- Contact us at privacy@ocmxai.com for parental consent procedures
Special Handling for Minors
- Data from verified minors is processed with enhanced privacy protections
- We implement stricter data retention policies for minor users
- Marketing communications are disabled for all minor accounts
- Enhanced monitoring for potential exploitation or abuse
Data Collection Practices
Information We Collect
- Personal identification information (name, email address, phone number)
- Account credentials and authentication data
- Usage data and interaction patterns with our AI platforms
- Technical information (IP address, browser type, device information)
- Communication preferences and marketing consent
- Payment information (processed securely through third-party providers)
- Content and data uploaded to our AI platforms for processing
How We Collect Data
- Directly from you through registration forms and account setup
- Automatically through cookies and similar tracking technologies
- Through your interactions with our AI platforms and services
- From third-party integrations and authorized data sources
- Through customer support interactions and feedback
Legal Basis for Processing
- Contractual necessity for service provision
- Legitimate business interests for product improvement
- Legal compliance requirements
- Explicit consent for marketing communications
- Vital interests for security and fraud prevention
Cookie Policy
We use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content. Our cookie usage is designed to be transparent and respectful of your privacy preferences.
Types of Cookies
- Essential Cookies: Required for basic site functionality and security
- Performance Cookies: Help us understand how visitors interact with our platform
- Functional Cookies: Enable enhanced features and personalization
- Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness
Cookie Management
You can control cookie settings through your browser preferences or our cookie consent banner. Note that disabling certain cookies may impact the functionality of our services.
Your Rights and Data Deletion
Under GDPR and other applicable privacy laws, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights in a timely and transparent manner.
- Right to Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for data processing at any time
Data Deletion Procedures
To request data deletion or exercise any of your rights, please contact our Privacy Officer using the information below. We will process your request within 30 days and provide confirmation of actions taken.
Please note that some data may be retained for legal compliance, security purposes, or legitimate business interests as permitted by applicable law. We will clearly communicate any limitations on data deletion in our response.
For immediate account deletion, you can also use the self-service option in your account settings, which will initiate the automated deletion process for most of your personal data.
Data Security and Protection
We implement industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security framework includes:
- End-to-end encryption for data in transit and at rest
- Multi-factor authentication and access controls
- Regular security audits and penetration testing
- SOC 2 Type II compliance and ISO 27001 certification
- Employee training on data protection best practices
Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Retention Periods by Data Type
- Account Data: Retained for 7 years after account deletion for legal compliance
- Usage Logs: Retained for 12 months for security and analytics purposes
- Payment Information: Retained for 7 years for tax and accounting purposes
- Communication Records: Retained for 3 years for customer service and legal protection
- AI Processing Data: Retained for 30 days unless explicitly requested for longer retention
- Marketing Data: Retained until consent withdrawal or 2 years of inactivity
Retention Criteria
- Legal obligations (tax, accounting, regulatory requirements)
- Active service provision and customer support
- Security and fraud prevention
- Legitimate business interests (with appropriate safeguards)
- Explicit user consent for extended retention
Automated Deletion Schedules
- Inactive accounts are automatically flagged after 12 months
- Account deletion is processed after 24 months of inactivity
- AI processing data is automatically purged after 30 days
- Marketing data is automatically deleted after consent withdrawal
- Security logs are automatically archived after 6 months
Third-Party Data Processing
We use carefully selected third-party service providers to support our operations. All third-party processors are bound by strict data processing agreements and security requirements.
Primary Service Providers
- Resend (Email Services): United States - Email delivery and transactional communications
- Vercel (Hosting & CDN): Global - Website hosting and content delivery
Data Processing Agreements
- All processors sign comprehensive Data Processing Agreements (DPAs)
- Processors are required to implement appropriate technical and organizational security measures
- We conduct regular audits of processor compliance and security practices
- Processors are prohibited from using data for purposes other than those specified in our agreements
- We maintain the right to terminate agreements with processors who fail to meet our standards
International Data Transfers
When transferring personal data outside the European Economic Area (EEA), we ensure adequate protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with approved data protection frameworks
- Additional safeguards such as encryption and pseudonymization
Governing Law and Jurisdiction
This Privacy Policy is subject to the laws of the United Kingdom, European Union, United States, Canada, and Gulf Cooperation Council (GCC) member states, without regard to conflict of law principles.
- Primary jurisdiction is the courts of England and Wales
- This policy complies with applicable privacy laws in UK, EU, US, Canada, and GCC jurisdictions
- GDPR compliance is maintained for EU data subjects
- CCPA compliance is maintained for California residents
- PIPEDA compliance is maintained for Canadian residents
- If any provision is found unenforceable in your jurisdiction, the remainder of this policy will remain in effect
Breach Notification Procedures
We are committed to promptly notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable legal requirements across all jurisdictions.
Breach Assessment and Response
- All suspected breaches are immediately investigated by our security team
- We assess the nature, scope, and potential impact of any breach within 24 hours
- Legal and compliance teams are notified immediately for regulatory assessment
- We maintain detailed records of all breach investigations and responses
User Notification Timeline
- High-Risk Breaches: Notification within 72 hours of confirmation
- Standard Breaches: Notification within 7 days of confirmation
- Minor Incidents: Notification within 30 days if required by law
- Notifications include details about the breach, potential impact, and remediation steps
- We provide ongoing updates on breach resolution and prevention measures
Regulatory Notification Requirements
- EU (GDPR): Notification to supervisory authority within 72 hours
- UK (UK GDPR): Notification to ICO within 72 hours
- US (State Laws): Varies by state (typically 30-60 days)
- Canada (PIPEDA): Notification to Privacy Commissioner and affected individuals
- GCC Countries: Notification to relevant data protection authorities
Contact Information - Privacy Officer
Privacy Officer: Data Protection Team
Email: Contact@ocmxai.com
Address: Open Code Mission Limited
3rd Floor, 86-90 Paul Street
London, EC2A 4NE
Response Time: We aim to respond to all privacy inquiries within 72 hours
Data Protection Officer: Available for consultation on complex privacy matters
Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes through email or prominent notice on our platform.
We encourage you to review this policy regularly to stay informed about how we protect your privacy and handle your personal data.
Ready to use our services?
Now that you've read our Privacy Policy, you can return to the website to make your consent choice.
Return to Website & Make ChoiceThis Privacy Policy is effective as of July 23, 2025 and applies to all users of Open Code Mission services.
