Privacy Policy

1. Introduction

Oxenated, Inc. ("Oxenated," "we," "us," or "our") is committed to protecting the privacy of our customers, users, and website visitors. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI-powered software development lifecycle automation platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Services, including:

• Account Information: Name, email address, company name, job title, phone number, and billing information when you create an account or request a demo
• Customer Content: Source code, documentation, requirements, and other materials you submit to the Services for processing
• Communications: Information contained in your communications with us, including support requests and feedback
• Professional Services Data: Information shared during consulting engagements, training sessions, or implementation projects

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Information: Pages visited, features used, clickstream data, session duration, and interaction patterns
• Log Data: Server logs, error reports, and performance metrics
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Business partners and resellers
• Marketing and analytics providers
• Publicly available sources and professional networking platforms
• Single sign-on (SSO) providers when you authenticate through them

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: To operate, maintain, and deliver our AI-powered SDLC automation platform and professional services
• Process Customer Content: To analyze, process, and generate outputs based on the code and materials you submit
• Account Management: To create and manage your account, process payments, and provide customer support
• Improve Services: To analyze usage patterns, diagnose technical issues, and enhance our platform's performance and features
• Communications: To send transactional messages, service updates, security alerts, and marketing communications (with your consent)
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and respond to fraud, security incidents, and other harmful activities

4. Customer Content and AI Processing

We understand the sensitive nature of source code and development materials. We are committed to the following practices regarding Customer Content:

• Purpose Limitation: Customer Content is processed solely to provide the Services you have requested
• No Training on Customer Data: We do not use your proprietary Customer Content to train our general AI models without your explicit consent
• Data Isolation: Enterprise customer data is logically isolated and not commingled with other customers' data
• Ownership: You retain all ownership rights in your Customer Content and any outputs generated by the Services
• Deletion: Customer Content is deleted from our active systems within 30 days of account termination or upon request

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With vendors who provide services on our behalf, such as cloud hosting, payment processing, analytics, and customer support, subject to confidentiality obligations
• Business Partners: With authorized resellers and implementation partners to facilitate service delivery
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Protection of Rights: To protect the rights, property, or safety of Oxenated, our users, or others
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, with notice to affected users
• With Consent: When you have given us permission to share your information

6. Data Security

We implement comprehensive technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• SOC 2 Type II certified infrastructure and processes
• Regular security assessments and penetration testing
• Access controls and multi-factor authentication
• 24/7 security monitoring and incident response procedures
• Employee security training and background checks

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content. Types of cookies we use include:

• Essential Cookies: Required for the Services to function properly
• Analytics Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect the functionality of our Services.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

• Account information is retained while your account is active and for a reasonable period thereafter for legal and business purposes
• Customer Content is retained during your subscription and deleted within 30 days of termination
• Usage data and analytics are retained in aggregated form for product improvement
• Certain information may be retained longer when required by law or for legitimate business purposes

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request your data in a portable, machine-readable format
• Restriction: Request that we limit processing of your information
• Objection: Object to processing based on legitimate interests or for marketing purposes
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@oxenated.com. We will respond to requests within the timeframes required by applicable law.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information

We do not sell personal information as defined under the CCPA/CPRA. To exercise your California privacy rights, contact us at privacy@oxenated.com or call 1-800-XXX-XXXX.

11. International Data Transfers

Oxenated is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. Enterprise customers may request a Data Processing Agreement that includes these safeguards.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

13. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we will provide additional notice, such as email notification or a prominent announcement on our Services.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: