Privacy Policy

Last Updated: September 30, 2025

At OatCode, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information.

1. Information We Collect

1.1 Information You Provide

When you sign up for our service, we collect:

Contact Information: Name, email address, phone number, business name, business address
Payment Information: Credit card details (processed securely by Stripe), billing address
Business Information: Industry, services offered, business hours, photos, logos
Website Content: Text, images, videos, and other content you provide for your website
Communications: Support requests, emails, phone calls, text messages

1.2 Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on site
Device Information: Browser type, operating system, IP address
Cookies: We use cookies to improve your experience (see Cookie Policy below)
Website Analytics: Traffic sources, visitor behavior, conversion rates

1.3 Information from Third Parties

Google Places: Publicly available business information (if you were found via outreach)
Payment Processors: Payment confirmation and transaction details from Stripe

2. How We Use Your Information

Purpose	Examples
Provide Services	Build your website, host your site, process updates
Customer Support	Respond to your questions, troubleshoot issues, provide technical assistance
Billing & Payments	Process subscription payments, send invoices, handle refunds
Communications	Send service updates, billing notifications, support responses
Improve Services	Analyze usage patterns, optimize AI, enhance features
Legal Compliance	Comply with laws, prevent fraud, enforce Terms of Service

3. How We Share Your Information

We DO NOT sell your personal information to third parties.

We only share your information in these limited circumstances:

3.1 Service Providers

Stripe: Payment processing (PCI-compliant)
SendGrid: Email delivery for notifications
Twilio: SMS notifications (if enabled)
OpenAI: AI-powered website generation and support (your business info only)
Cloud Hosting: Website hosting and storage

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

Protect our legal rights
Prevent fraud or illegal activity
Protect the safety of our users or the public

3.3 Business Transfers

If we're acquired or merged with another company, your information may be transferred to the new entity.

3.4 With Your Consent

We may share your information with third parties if you give us explicit consent to do so.

4. Data Security

We take security seriously and implement industry-standard measures:

Encryption: All data is encrypted in transit (SSL/TLS) and at rest
Secure Servers: Your website is hosted on secure, monitored servers
Access Controls: Limited access to personal data on a need-to-know basis
Regular Backups: Daily encrypted backups stored securely
Payment Security: We never store credit card details (handled by Stripe PCI-DSS Level 1)
Monitoring: 24/7 security monitoring and intrusion detection

Important: No system is 100% secure. While we use best practices, we cannot guarantee absolute security.

5. Data Retention

Active Customers: We retain your data as long as your subscription is active
After Cancellation: We keep your data for 30 days (so you can reactivate), then permanently delete it
Backups: Backup data is deleted within 90 days of cancellation
Legal Requirements: We may retain certain data longer if required by law (e.g., tax records for 7 years)
Communications: Support emails and messages are retained for 2 years for quality assurance

6. Your Privacy Rights

You have the following rights regarding your personal information:

6.1 Access & Portability

Request a copy of all personal data we have about you
Export your website content at any time
Receive your data in a machine-readable format

6.2 Correction

Update your account information anytime
Request correction of inaccurate data

6.3 Deletion

Request deletion of your account and data
We'll delete within 30 days (except data required by law)

6.4 Opt-Out

Unsubscribe from marketing emails (we only send service-related emails anyway)
Disable SMS notifications
Opt out of analytics cookies

6.5 Object to Processing

Object to certain uses of your data (we'll accommodate if possible)

To exercise these rights: Email support@oatcode.com (24/7 AI-powered processing)

7. Cookie Policy

We use cookies to improve your experience:

Essential Cookies

Login sessions
Shopping cart functionality
Security and fraud prevention

Analytics Cookies

Track website usage and performance
Understand how you interact with our Service

You can disable cookies in your browser settings, but some features may not work properly.

8. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children. If we discover we've collected data from a child under 13, we'll delete it immediately.

9. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights:

Right to Know: What personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We don't sell personal information, so this doesn't apply
Right to Non-Discrimination: We won't discriminate against you for exercising your rights

10. European Privacy Rights (GDPR)

If you're in the EU/UK, you have rights under GDPR:

Legal Basis: We process your data based on contract performance and legitimate interests
Data Controller: OatCode is the data controller
International Transfers: We use standard contractual clauses for data transfers outside the EU
Right to Lodge Complaint: You can file a complaint with your local data protection authority

11. Do Not Track

Our Service does not respond to "Do Not Track" browser signals. However, you can disable cookies and tracking through your browser settings.

12. Third-Party Links

Our Service may contain links to third-party websites. We're not responsible for their privacy practices. Please review their privacy policies separately.

13. AI-Powered Features

We use AI (OpenAI GPT-4, DALL-E 3) to generate website content and provide support:

Your business information is sent to OpenAI to generate website content
OpenAI does not use your data to train their models (per their API terms)
AI-generated content becomes your property
We review AI-generated content for quality and appropriateness

14. Automated Outreach

If you were contacted by our AI outreach system:

We found your business through Google Places (public information)
We only contact businesses that appear to need websites
All emails include an unsubscribe link
You can opt out anytime by replying "STOP" or clicking unsubscribe
We comply with CAN-SPAM and GDPR requirements

15. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes via:

Email notification
Notice on our website
Update to "Last Updated" date above

Continued use of the Service after changes constitutes acceptance of the new policy.

Contact Us About Privacy

If you have questions about this Privacy Policy or want to exercise your rights:

Email: support@oatcode.com
Support: 24/7 AI-Powered Assistance
Business Name: OatCode
Address: 341 W Carriage Dr Apt B

Response Time: Our AI responds to privacy requests instantly (automated processing).

← Back to Home | Terms of Service | Refund Policy