INTRODUCTION
Osavul, Inc. (“Osavul”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our AI-powered information environment assessment platform, website, and related services (collectively, the “Services”).
It also describes your rights and choices regarding your personal data. We comply with applicable privacy laws worldwide, including the EU General Data Protection Regulation (GDPR), UK data protection laws, and United States privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy and our Terms of Use. If you do not agree with our practices, please do not use the Services. We may update this Policy from time to time (see the “Changes to This Policy” section below), and continued use of the Services after revisions indicates your acceptance of the updated terms.
It also describes your rights and choices regarding your personal data. We comply with applicable privacy laws worldwide, including the EU General Data Protection Regulation (GDPR), UK data protection laws, and United States privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy and our Terms of Use. If you do not agree with our practices, please do not use the Services. We may update this Policy from time to time (see the “Changes to This Policy” section below), and continued use of the Services after revisions indicates your acceptance of the updated terms.
Personal Data We Collect
Personal data (or “personal information”) means any information that relates to an identified or identifiable individual. Osavul collects the following types of personal data from users around the world:
- Contact Information: Your name and email address. We may also collect your organization/company name and job title if you provide them (for example, during sign-up or in your profile).
- Account Credentials: When you register for an account, we collect the login details you provide, such as your email address and password. (Passwords are stored in an encrypted/hashed form for security.)
- Saved Search Queries and Configurations: Our platform allows you to save search queries and their configuration settings. If you use this feature, we will store the query terms/keywords you entered and any filters or settings associated with the search so that you can revisit or reuse them.
- Platform Usage Data: Information about how you use our Services. This includes actions you take on the platform (e.g. features used, pages or screens viewed, clicks, and search queries run), your preferences, and other data generated through your interaction with the Services. For example, we may keep logs of searches performed or reports generated to help you resume your work or to improve our platform.
- Technical Information: Certain data is collected automatically when you use our Services. This may include your Internet Protocol (IP) address, browser type, device type, operating system, device identifiers, and approximate location (such as country or city based on your IP address). We also collect information through cookies and similar tracking technologies (see “Cookies and Tracking Technologies” below) about how your device interacts with our Services (e.g. time spent on pages, navigation paths, and other analytical information).
We do not intentionally collect any special categories of personal data (such as sensitive personal information about health, race, political opinions, etc.) as part of our regular Services. We also do not knowingly collect any information from children (see “Children’s Privacy” below).
- Contact Information: Your name and email address. We may also collect your organization/company name and job title if you provide them (for example, during sign-up or in your profile).
- Account Credentials: When you register for an account, we collect the login details you provide, such as your email address and password. (Passwords are stored in an encrypted/hashed form for security.)
- Saved Search Queries and Configurations: Our platform allows you to save search queries and their configuration settings. If you use this feature, we will store the query terms/keywords you entered and any filters or settings associated with the search so that you can revisit or reuse them.
- Platform Usage Data: Information about how you use our Services. This includes actions you take on the platform (e.g. features used, pages or screens viewed, clicks, and search queries run), your preferences, and other data generated through your interaction with the Services. For example, we may keep logs of searches performed or reports generated to help you resume your work or to improve our platform.
- Technical Information: Certain data is collected automatically when you use our Services. This may include your Internet Protocol (IP) address, browser type, device type, operating system, device identifiers, and approximate location (such as country or city based on your IP address). We also collect information through cookies and similar tracking technologies (see “Cookies and Tracking Technologies” below) about how your device interacts with our Services (e.g. time spent on pages, navigation paths, and other analytical information).
We do not intentionally collect any special categories of personal data (such as sensitive personal information about health, race, political opinions, etc.) as part of our regular Services. We also do not knowingly collect any information from children (see “Children’s Privacy” below).
How We Collect Personal Data
We collect personal data from you in two main ways:
(1) Directly from you, and (2) Automatically through your use of our Services.
- Directly from You: You provide personal data to us when you create an account, use our platform, or otherwise communicate with us. For example, during account registration, we ask for your name, email, and other details. When using the platform, you may input information such as search queries, configure settings, or save custom reports — all of which provide data to us. You also provide data when you contact us for support, fill out forms (like a demo request or newsletter signup), or submit feedback. In all such cases, you know what information you provide us because you are actively entering it.
- Automatically Through Your Use: As is standard practice, we (and our service providers) use technologies like cookies, log files, and scripts to automatically collect technical and usage data when you interact with our website or application. For instance, we receive your device and network information (including IP address and browser type) when your device connects to our Services. We also record usage metrics such as pages visited, actions taken (e.g. clicking buttons, running searches), timestamps, and errors or performance data. This automatic collection helps us understand how users engage with our Services, enables the platform to function properly (e.g. keeping you logged in), and assists us in improving the user experience.
In some cases, we may collect personal data from third-party sources.
For example, if you log in via a third-party identity provider or if someone refers you to our service, we might receive your information from those sources. We will only obtain data from third parties if you have given permission for them to share your information with us. This Privacy Policy also applies to personal data we receive from those sources.
(1) Directly from you, and (2) Automatically through your use of our Services.
- Directly from You: You provide personal data to us when you create an account, use our platform, or otherwise communicate with us. For example, during account registration, we ask for your name, email, and other details. When using the platform, you may input information such as search queries, configure settings, or save custom reports — all of which provide data to us. You also provide data when you contact us for support, fill out forms (like a demo request or newsletter signup), or submit feedback. In all such cases, you know what information you provide us because you are actively entering it.
- Automatically Through Your Use: As is standard practice, we (and our service providers) use technologies like cookies, log files, and scripts to automatically collect technical and usage data when you interact with our website or application. For instance, we receive your device and network information (including IP address and browser type) when your device connects to our Services. We also record usage metrics such as pages visited, actions taken (e.g. clicking buttons, running searches), timestamps, and errors or performance data. This automatic collection helps us understand how users engage with our Services, enables the platform to function properly (e.g. keeping you logged in), and assists us in improving the user experience.
In some cases, we may collect personal data from third-party sources.
For example, if you log in via a third-party identity provider or if someone refers you to our service, we might receive your information from those sources. We will only obtain data from third parties if you have given permission for them to share your information with us. This Privacy Policy also applies to personal data we receive from those sources.
Use of Personal Data
We use your personal data to operate, maintain, and improve our Services, as well as for other purposes described below. Specifically, Osavul may use the personal information we collect for the following purposes:
- Providing and Maintaining the Service: To create and manage your user account, authenticate you when you log in, and provide you with the features and functionalities of our platform. This includes storing your data (like saved queries and preferences) and retrieving it when you need it, as well as backing up your data to prevent loss.
- Customization and Personalization: To personalize your experience on the platform. For example, we may use your saved queries or usage history to tailor the content you see, remember your preferences (such as language or layout settings), and suggest relevant features or resources.
- Analytics and - Service Improvement: To analyze how our Services are used and to understand user behavior. This helps us troubleshoot issues, perform research and analytics, and develop new features or enhancements. For instance, we might analyze aggregated search query trends to improve our AI algorithms or user interface. We use these insights to make our platform more intuitive, secure, and effective.
- Communications: To communicate with you about your account and the Services. This includes sending administrative or transactional emails (for example, password reset emails, important account notifications, or customer support responses). We may also send you newsletters, updates, marketing communications, or product announcements if you have subscribed or otherwise given consent. You can opt out of marketing emails at any time by clicking the “unsubscribe” link in those emails or by adjusting your communication preferences.
- Customer Support: To provide user support and respond to your inquiries, requests, or complaints. For example, if you reach out with a technical question, we will use your information to assist you and resolve issues.
- Security and Fraud Prevention: To protect the security and integrity of our Services and our users. We may use data to monitor for suspicious or fraudulent activity, to verify user identities, and to detect and prevent cyber-attacks, spam, or misuse of the platform. This is essential to keep the platform safe for all users.
- Legal Compliance and Enforcement: To comply with our legal obligations (such as tax, accounting, or regulatory requirements) and to enforce our Terms of Use or other agreements. For example, we may process personal data to satisfy reporting obligations or to respond to lawful requests by public authorities. We may also use or disclose data as necessary to establish, exercise, or defend against legal claims.
- Other Purposes (with Notice/Consent): If we intend to use your personal data for any purpose not listed above, we will describe it to you at the time of collection or obtain your consent as required. For instance, if we ever plan to use your data in a new application or share it in a way not covered by this Policy, we will let you know and, if legally required, seek your permission.
We only use your personal data as permitted by law. We do not sell your personal data to third parties (see “California Privacy Rights” for more information on how we handle data for marketing or sale purposes). We may aggregate or de-identify personal data so that it can no longer be linked to you and use that non-identifiable information for purposes such as research, analytics, and improving our Services.
- Providing and Maintaining the Service: To create and manage your user account, authenticate you when you log in, and provide you with the features and functionalities of our platform. This includes storing your data (like saved queries and preferences) and retrieving it when you need it, as well as backing up your data to prevent loss.
- Customization and Personalization: To personalize your experience on the platform. For example, we may use your saved queries or usage history to tailor the content you see, remember your preferences (such as language or layout settings), and suggest relevant features or resources.
- Analytics and - Service Improvement: To analyze how our Services are used and to understand user behavior. This helps us troubleshoot issues, perform research and analytics, and develop new features or enhancements. For instance, we might analyze aggregated search query trends to improve our AI algorithms or user interface. We use these insights to make our platform more intuitive, secure, and effective.
- Communications: To communicate with you about your account and the Services. This includes sending administrative or transactional emails (for example, password reset emails, important account notifications, or customer support responses). We may also send you newsletters, updates, marketing communications, or product announcements if you have subscribed or otherwise given consent. You can opt out of marketing emails at any time by clicking the “unsubscribe” link in those emails or by adjusting your communication preferences.
- Customer Support: To provide user support and respond to your inquiries, requests, or complaints. For example, if you reach out with a technical question, we will use your information to assist you and resolve issues.
- Security and Fraud Prevention: To protect the security and integrity of our Services and our users. We may use data to monitor for suspicious or fraudulent activity, to verify user identities, and to detect and prevent cyber-attacks, spam, or misuse of the platform. This is essential to keep the platform safe for all users.
- Legal Compliance and Enforcement: To comply with our legal obligations (such as tax, accounting, or regulatory requirements) and to enforce our Terms of Use or other agreements. For example, we may process personal data to satisfy reporting obligations or to respond to lawful requests by public authorities. We may also use or disclose data as necessary to establish, exercise, or defend against legal claims.
- Other Purposes (with Notice/Consent): If we intend to use your personal data for any purpose not listed above, we will describe it to you at the time of collection or obtain your consent as required. For instance, if we ever plan to use your data in a new application or share it in a way not covered by this Policy, we will let you know and, if legally required, seek your permission.
We only use your personal data as permitted by law. We do not sell your personal data to third parties (see “California Privacy Rights” for more information on how we handle data for marketing or sale purposes). We may aggregate or de-identify personal data so that it can no longer be linked to you and use that non-identifiable information for purposes such as research, analytics, and improving our Services.
Legal Basis for Processing (GDPR/UK)
If you are located in the European Economic Area (EEA) or the United Kingdom, we must have a valid “legal basis” to process your personal data under applicable data protection laws (GDPR and UK law). Depending on the context, Osavul relies on the following legal bases:
- Performance of a Contract: We process certain personal data to provide you with our Services under our Terms of Use (which constitutes a contract with you). For example, we need to use your name and email to create your account and authenticate you, and we must process your saved queries and settings to deliver the functionality you expect. This processing is necessary to perform our contract with you as a user of our platform (GDPR Article 6(1)(b)).
- Consent: We will rely on your consent in situations where it is required or appropriate. For instance, if we send you promotional emails or newsletters, it’s based on your consent (which you can withdraw at any time). Similarly, for certain cookies or similar technologies that are not strictly necessary, we obtain your consent as required by law. When we rely on consent, you have the right to withdraw it at any time, which will not affect the lawfulness of processing before withdrawal (GDPR Article 6(1)(a)).
- Legitimate Interests: We process personal data as needed for Osavul’s legitimate business interests, provided those interests are not overridden by your data protection rights. This includes uses such as improving and securing our Services, understanding how our platform is used, communicating important updates to customers, preventing fraud, and similar legitimate purposes. For example, analyzing usage data to enhance features or using your email to send service notices are activities we undertake in our legitimate interests (GDPR Article 6(1)(f)). When we rely on this basis, we consider and balance any potential impact on you and your rights.
- Legal Obligation: In some cases, we need to process personal data to comply with a legal or regulatory obligation (GDPR Article 6(1)(c)). For example, we may retain transaction records for financial reporting, or disclose information if required by law enforcement or pursuant to a court order. We will only do so to the extent necessary and in accordance with applicable laws.
(Note: In rare situations, other legal bases might apply – for instance, to protect someone’s vital interests or for tasks carried out in the public interest – but those are not typical for our operations. We will inform you if we ever rely on such bases.)
- Performance of a Contract: We process certain personal data to provide you with our Services under our Terms of Use (which constitutes a contract with you). For example, we need to use your name and email to create your account and authenticate you, and we must process your saved queries and settings to deliver the functionality you expect. This processing is necessary to perform our contract with you as a user of our platform (GDPR Article 6(1)(b)).
- Consent: We will rely on your consent in situations where it is required or appropriate. For instance, if we send you promotional emails or newsletters, it’s based on your consent (which you can withdraw at any time). Similarly, for certain cookies or similar technologies that are not strictly necessary, we obtain your consent as required by law. When we rely on consent, you have the right to withdraw it at any time, which will not affect the lawfulness of processing before withdrawal (GDPR Article 6(1)(a)).
- Legitimate Interests: We process personal data as needed for Osavul’s legitimate business interests, provided those interests are not overridden by your data protection rights. This includes uses such as improving and securing our Services, understanding how our platform is used, communicating important updates to customers, preventing fraud, and similar legitimate purposes. For example, analyzing usage data to enhance features or using your email to send service notices are activities we undertake in our legitimate interests (GDPR Article 6(1)(f)). When we rely on this basis, we consider and balance any potential impact on you and your rights.
- Legal Obligation: In some cases, we need to process personal data to comply with a legal or regulatory obligation (GDPR Article 6(1)(c)). For example, we may retain transaction records for financial reporting, or disclose information if required by law enforcement or pursuant to a court order. We will only do so to the extent necessary and in accordance with applicable laws.
(Note: In rare situations, other legal bases might apply – for instance, to protect someone’s vital interests or for tasks carried out in the public interest – but those are not typical for our operations. We will inform you if we ever rely on such bases.)
Your Rights Under GDPR and UK Law
If you are in the EU/EEA or UK (or in some cases, other jurisdictions with similar laws), you have certain rights regarding your personal data. Osavul is committed to honoring these rights. These include:
- Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. We will provide this in a commonly used format.
- Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to have it corrected or updated. You can also correct or update some of your information directly by logging into your account (for example, you can change your profile details). Please notify us of any changes or inaccuracies so we can keep your information up to date.
- Right to Erasure: You can ask us to delete your personal data. This is sometimes called the “right to be forgotten.” We will erase the data unless we have a specific legal reason to keep it (for example, to comply with a legal obligation or if the data is necessary for the purposes it was collected, such as administering an active account). Do note that deleting essential data (like your account credentials) may result in your inability to continue using the Services.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or if you want to restrict processing while a legal claim is resolved. When processing is restricted, we can still store your data but will not use it for other purposes without your consent (except for legal reasons).
- Right to Object: You may object to our processing of your personal data when we do so on the basis of legitimate interests. If you object, we will review whether our legitimate grounds for processing outweigh your privacy rights. You also have an absolute right to object to the use of your personal data for direct marketing purposes; if you object, we will stop using your data for that purpose.
- Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another organization, where it’s technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means.
- Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw your consent at any time. Once you withdraw consent, we will stop the specific processing that was based on consent. (For example, you can unsubscribe from marketing emails you previously opted into, and we will stop sending them.) Please note that withdrawing consent does not affect the lawfulness of processing done prior to withdrawal, and it may not affect processing under other legal bases.
- Right to Lodge a Complaint: If you have concerns about our data practices, you have the right to file a complaint with a supervisory authority (data protection regulator) in the EU/EEA or with the UK Information Commissioner’s Office (ICO) if you are in the UK. We encourage you to contact us first so we can address your concerns directly, but you are free to reach out to the authorities at any time.
To exercise any of these rights, please contact us at the email provided in the “Contact Us” section below. We will respond to your request in accordance with applicable law (generally within one month for GDPR/UK requests).
We may need to verify your identity before fulfilling certain requests, to ensure we do not disclose data to the wrong person or delete data that you are entitled to keep. In some cases, there may be legal exceptions that prevent us from fulfilling your request (for example, we cannot erase data that we are required by law to keep). If an exception applies, we will explain it to you in our response. We will always try to accommodate your request to the fullest extent legally permissible.
- Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. We will provide this in a commonly used format.
- Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to have it corrected or updated. You can also correct or update some of your information directly by logging into your account (for example, you can change your profile details). Please notify us of any changes or inaccuracies so we can keep your information up to date.
- Right to Erasure: You can ask us to delete your personal data. This is sometimes called the “right to be forgotten.” We will erase the data unless we have a specific legal reason to keep it (for example, to comply with a legal obligation or if the data is necessary for the purposes it was collected, such as administering an active account). Do note that deleting essential data (like your account credentials) may result in your inability to continue using the Services.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or if you want to restrict processing while a legal claim is resolved. When processing is restricted, we can still store your data but will not use it for other purposes without your consent (except for legal reasons).
- Right to Object: You may object to our processing of your personal data when we do so on the basis of legitimate interests. If you object, we will review whether our legitimate grounds for processing outweigh your privacy rights. You also have an absolute right to object to the use of your personal data for direct marketing purposes; if you object, we will stop using your data for that purpose.
- Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another organization, where it’s technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means.
- Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw your consent at any time. Once you withdraw consent, we will stop the specific processing that was based on consent. (For example, you can unsubscribe from marketing emails you previously opted into, and we will stop sending them.) Please note that withdrawing consent does not affect the lawfulness of processing done prior to withdrawal, and it may not affect processing under other legal bases.
- Right to Lodge a Complaint: If you have concerns about our data practices, you have the right to file a complaint with a supervisory authority (data protection regulator) in the EU/EEA or with the UK Information Commissioner’s Office (ICO) if you are in the UK. We encourage you to contact us first so we can address your concerns directly, but you are free to reach out to the authorities at any time.
To exercise any of these rights, please contact us at the email provided in the “Contact Us” section below. We will respond to your request in accordance with applicable law (generally within one month for GDPR/UK requests).
We may need to verify your identity before fulfilling certain requests, to ensure we do not disclose data to the wrong person or delete data that you are entitled to keep. In some cases, there may be legal exceptions that prevent us from fulfilling your request (for example, we cannot erase data that we are required by law to keep). If an exception applies, we will explain it to you in our response. We will always try to accommodate your request to the fullest extent legally permissible.
Sharing of Personal Data
We do not sell or rent your personal information to third parties. However, we may share your personal data with certain third parties and partners under the circumstances described below, and always with appropriate safeguards and security measures:
- Affiliated Companies: We may share your information with our affiliate or subsidiary companies, or other businesses under common ownership/control as Osavul (“Osavul group”). This is done to support internal operations, centralized services, and consistent service delivery across our organization. Any affiliate that receives your data will process it with the same level of care and security as described in this Privacy Policy.
- Service Providers and Vendors: We use trusted third-party service providers to help us operate and improve our Services. These providers may process personal data on our behalf for specific business purposes, such as:Cloud Hosting and Infrastructure: We host our platform and store data on third-party cloud services, including Amazon Web Services (AWS) and Google Cloud Platform (GCP). This means your personal data (e.g. account information, saved queries) may be stored on servers operated by these providers. They are contractually bound to protect your data and use it only to provide their services to us.
Analytics: We may share certain usage and device data with analytics providers (for example, we use Google Analytics and Amplitude) to help us understand how users interact with our website and application. These analytics partners process data like page views, clicks, and IP addresses solely for our analytics purposes and not for their own use. (You can opt out of certain analytics – see “Cookies and Tracking Technologies” below.)
Email and Communication Tools: We might use third-party tools or agencies to send out newsletters, service emails, or to manage support inquiries. In doing so, we would share your necessary contact information with those email delivery or customer support platforms.
Other Business Support: We may use vendors for functions like payment processing (if applicable), customer relationship management, or marketing. They will receive only the data needed to perform their functions and are obligated not to use your data for any other purpose.
In all cases, our service providers act on our instructions and are bound by contracts that require them to protect the confidentiality and security of personal data. They cannot use your data for their own unrelated purposes.
- Business Transfers: If Osavul is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be disclosed to or transferred as part of that transaction. We would ensure that any acquiring organization honors the commitments in this Privacy Policy or notifies you of any changes. Your information would remain subject to appropriate confidentiality protections in such scenarios.
- Legal Compliance and Protection: We may disclose personal data to third parties (such as courts, law enforcement agencies, regulators, or attorneys) when we believe, in good faith, that such disclosure is necessary to:
- Comply with a legal obligation, applicable law, regulation, or valid legal process (e.g. subpoenas or court orders).Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Protect and defend the rights, privacy, safety, or property of Osavul, our users, or the public. This includes exchanging information with other companies and organizations for the purposes of fraud detection and prevention, spam/malware prevention, or similar security issues.
- Enforce our Terms of Use or other agreements, and pursue available remedies or limit the damages that we may sustain.
-Your Actions and Consent: You may also intentionally share your information on the platform through your own actions. For example, if our product offers collaboration features, any content or personal info you share with others on the platform (such as inviting team members to view a report) will be visible to those individuals based on the permissions you grant. Likewise, if you direct us to share data with a third party (for instance, if you integrate our Service with another tool via an API, or if you ask us to share your information for a specific purpose), we will do so with your consent and at your direction. Additionally, we might ask your consent to share your information in situations not covered by this Policy — in such cases, we will only share your data if you agree.
- Aggregated or Anonymized Information: We may share data that has been aggregated (combined with other data) or anonymized (stripped of personal identifiers) in a way that it can no longer be associated with you. Such information is not considered personal data and may be used and shared with any third parties for analytics, research, marketing, or other purposes. For example, we might publish trends or metrics about platform usage (e.g. total number of searches performed in a month) that do not identify any individual user.
We want to assure you that whenever your personal data is shared with third parties, we take steps to protect it. We disclose only what is necessary for the purpose at hand, and we strive to anonymize or pseudonymize data when feasible. If you have questions about third parties that may have access to your data, please contact us.
- Affiliated Companies: We may share your information with our affiliate or subsidiary companies, or other businesses under common ownership/control as Osavul (“Osavul group”). This is done to support internal operations, centralized services, and consistent service delivery across our organization. Any affiliate that receives your data will process it with the same level of care and security as described in this Privacy Policy.
- Service Providers and Vendors: We use trusted third-party service providers to help us operate and improve our Services. These providers may process personal data on our behalf for specific business purposes, such as:Cloud Hosting and Infrastructure: We host our platform and store data on third-party cloud services, including Amazon Web Services (AWS) and Google Cloud Platform (GCP). This means your personal data (e.g. account information, saved queries) may be stored on servers operated by these providers. They are contractually bound to protect your data and use it only to provide their services to us.
Analytics: We may share certain usage and device data with analytics providers (for example, we use Google Analytics and Amplitude) to help us understand how users interact with our website and application. These analytics partners process data like page views, clicks, and IP addresses solely for our analytics purposes and not for their own use. (You can opt out of certain analytics – see “Cookies and Tracking Technologies” below.)
Email and Communication Tools: We might use third-party tools or agencies to send out newsletters, service emails, or to manage support inquiries. In doing so, we would share your necessary contact information with those email delivery or customer support platforms.
Other Business Support: We may use vendors for functions like payment processing (if applicable), customer relationship management, or marketing. They will receive only the data needed to perform their functions and are obligated not to use your data for any other purpose.
In all cases, our service providers act on our instructions and are bound by contracts that require them to protect the confidentiality and security of personal data. They cannot use your data for their own unrelated purposes.
- Business Transfers: If Osavul is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be disclosed to or transferred as part of that transaction. We would ensure that any acquiring organization honors the commitments in this Privacy Policy or notifies you of any changes. Your information would remain subject to appropriate confidentiality protections in such scenarios.
- Legal Compliance and Protection: We may disclose personal data to third parties (such as courts, law enforcement agencies, regulators, or attorneys) when we believe, in good faith, that such disclosure is necessary to:
- Comply with a legal obligation, applicable law, regulation, or valid legal process (e.g. subpoenas or court orders).Respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Protect and defend the rights, privacy, safety, or property of Osavul, our users, or the public. This includes exchanging information with other companies and organizations for the purposes of fraud detection and prevention, spam/malware prevention, or similar security issues.
- Enforce our Terms of Use or other agreements, and pursue available remedies or limit the damages that we may sustain.
-Your Actions and Consent: You may also intentionally share your information on the platform through your own actions. For example, if our product offers collaboration features, any content or personal info you share with others on the platform (such as inviting team members to view a report) will be visible to those individuals based on the permissions you grant. Likewise, if you direct us to share data with a third party (for instance, if you integrate our Service with another tool via an API, or if you ask us to share your information for a specific purpose), we will do so with your consent and at your direction. Additionally, we might ask your consent to share your information in situations not covered by this Policy — in such cases, we will only share your data if you agree.
- Aggregated or Anonymized Information: We may share data that has been aggregated (combined with other data) or anonymized (stripped of personal identifiers) in a way that it can no longer be associated with you. Such information is not considered personal data and may be used and shared with any third parties for analytics, research, marketing, or other purposes. For example, we might publish trends or metrics about platform usage (e.g. total number of searches performed in a month) that do not identify any individual user.
We want to assure you that whenever your personal data is shared with third parties, we take steps to protect it. We disclose only what is necessary for the purpose at hand, and we strive to anonymize or pseudonymize data when feasible. If you have questions about third parties that may have access to your data, please contact us.
International Data Transfers
Osavul is a U.S.-based company, and we operate a global service. Depending on your location, your personal data may be transferred to, stored in, or accessed from countries outside of your own. In particular, information collected within the European Union/European Economic Area (EU/EEA) or the United Kingdom may be transferred to and processed in the United States or other countries that are not deemed to provide the same level of data protection as your home jurisdiction.
For example, if you are an EU/UK user, your account data and queries might be stored on servers in the United States (because we use AWS and Google Cloud, which may host data in the U.S. or other regions). Similarly, our personnel or contractors who support our platform may be located in the U.S. or in other countries outside the EU/UK.
Safeguards for International Transfers: Whenever we transfer personal data out of the EU/EEA, UK, or other regions with data transfer restrictions, we take legally required steps to ensure your information remains protected. These measures may include:
- Entering into standard contractual clauses (SCCs) or equivalent data transfer agreements as approved by the European Commission and UK authorities, which legally oblige the recipient to protect your data to EU GDPR standards.
- Relying on an adequacy decision, if the destination country is recognized by the European Commission as providing an adequate level of data protection (for example, transfers from the EU to countries like Canada or Japan, or any transfer to an organization certified under frameworks like the EU-U.S. Data Privacy Framework if applicable).
- Implementing additional technical and organizational measures as needed, such as encryption of data in transit and at rest, to supplement the transfer mechanism and secure the data.
By using our Services or providing us with your information, you understand that your personal data may be transferred to the United States and other jurisdictions where privacy laws may be different from those in your country. However, this does not change our commitment to your privacy.
Osavul will always treat your personal data in accordance with this Privacy Policy and applicable law, wherever it is processed. If you would like more information about our international data transfer practices or the safeguards in place, please contact us (see the “Contact Us” section).
For example, if you are an EU/UK user, your account data and queries might be stored on servers in the United States (because we use AWS and Google Cloud, which may host data in the U.S. or other regions). Similarly, our personnel or contractors who support our platform may be located in the U.S. or in other countries outside the EU/UK.
Safeguards for International Transfers: Whenever we transfer personal data out of the EU/EEA, UK, or other regions with data transfer restrictions, we take legally required steps to ensure your information remains protected. These measures may include:
- Entering into standard contractual clauses (SCCs) or equivalent data transfer agreements as approved by the European Commission and UK authorities, which legally oblige the recipient to protect your data to EU GDPR standards.
- Relying on an adequacy decision, if the destination country is recognized by the European Commission as providing an adequate level of data protection (for example, transfers from the EU to countries like Canada or Japan, or any transfer to an organization certified under frameworks like the EU-U.S. Data Privacy Framework if applicable).
- Implementing additional technical and organizational measures as needed, such as encryption of data in transit and at rest, to supplement the transfer mechanism and secure the data.
By using our Services or providing us with your information, you understand that your personal data may be transferred to the United States and other jurisdictions where privacy laws may be different from those in your country. However, this does not change our commitment to your privacy.
Osavul will always treat your personal data in accordance with this Privacy Policy and applicable law, wherever it is processed. If you would like more information about our international data transfer practices or the safeguards in place, please contact us (see the “Contact Us” section).
Data Security
We take the security of your personal data very seriously. Osavul implements a variety of administrative, technical, and physical security measures to safeguard the information we collect against unauthorized access, disclosure, alteration, or destruction. These security measures include, but are not limited to:
- Encryption: We use encryption protocols such as Secure Sockets Layer (SSL/TLS) to protect data transmission between your browser/app and our servers (you’ll notice HTTPS in our URLs). Sensitive data, including passwords, are stored in encrypted or hashed form in our databases. We also employ encryption at rest for stored data whenever feasible.
- Access Controls: We restrict access to personal data to authorized employees, contractors, and service providers who need that information to operate, develop, or improve our Services. All such persons are bound by confidentiality obligations. User accounts are protected by passwords, and we encourage you to choose a strong password and keep it secret. Avoid sharing your login credentials and remember to log out when using shared devices.
- Network & System Security: Our servers are hosted in secure data centers (e.g., AWS and GCP) that maintain industry-standard security certifications. These facilities use firewalls, intrusion detection systems, and other advanced tools to prevent unauthorized network access. We keep our software and infrastructure updated and perform regular security testing and monitoring to detect and address vulnerabilities.
- Operational Security: We train our staff on data protection best practices and have internal policies in place to handle data securely. We limit the personal data we collect to only what is necessary and retain it only for as long as needed (see “Data Retention” below). We also have procedures for handling any suspected security incidents or data breaches.
While we strive to protect your information with these measures, please be aware that no system can be guaranteed 100% secure. The transmission of information via the Internet is not completely risk-free, and there is always a possibility of unauthorized access or hardware/software failure. You also play an important role in keeping your data safe: please use unique and strong passwords, change them periodically, and notify us immediately if you suspect any unauthorized access to your account or personal data.
In the event of a data breach that affects your personal data, we will act promptly to mitigate the impact and notify the appropriate authorities and/or affected individuals as required by law. This may include contacting you via email or posting a prominent notice if a significant security issue occurs. We continuously review and update our security practices to adapt to new threats and to protect your privacy.
- Encryption: We use encryption protocols such as Secure Sockets Layer (SSL/TLS) to protect data transmission between your browser/app and our servers (you’ll notice HTTPS in our URLs). Sensitive data, including passwords, are stored in encrypted or hashed form in our databases. We also employ encryption at rest for stored data whenever feasible.
- Access Controls: We restrict access to personal data to authorized employees, contractors, and service providers who need that information to operate, develop, or improve our Services. All such persons are bound by confidentiality obligations. User accounts are protected by passwords, and we encourage you to choose a strong password and keep it secret. Avoid sharing your login credentials and remember to log out when using shared devices.
- Network & System Security: Our servers are hosted in secure data centers (e.g., AWS and GCP) that maintain industry-standard security certifications. These facilities use firewalls, intrusion detection systems, and other advanced tools to prevent unauthorized network access. We keep our software and infrastructure updated and perform regular security testing and monitoring to detect and address vulnerabilities.
- Operational Security: We train our staff on data protection best practices and have internal policies in place to handle data securely. We limit the personal data we collect to only what is necessary and retain it only for as long as needed (see “Data Retention” below). We also have procedures for handling any suspected security incidents or data breaches.
While we strive to protect your information with these measures, please be aware that no system can be guaranteed 100% secure. The transmission of information via the Internet is not completely risk-free, and there is always a possibility of unauthorized access or hardware/software failure. You also play an important role in keeping your data safe: please use unique and strong passwords, change them periodically, and notify us immediately if you suspect any unauthorized access to your account or personal data.
In the event of a data breach that affects your personal data, we will act promptly to mitigate the impact and notify the appropriate authorities and/or affected individuals as required by law. This may include contacting you via email or posting a prominent notice if a significant security issue occurs. We continuously review and update our security practices to adapt to new threats and to protect your privacy.
Data Retention
(Note: This section was not explicitly requested, but is often included for completeness.)
We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including to provide you with the Services and to comply with legal, accounting, or reporting requirements. The exact duration we keep data varies depending on the type of information and the reasons for processing it:
- Account information (like your name, email, saved queries, etc.) is retained as long as you have an active account with us. If you delete your account or it becomes inactive, we will erase or anonymize your data after a reasonable period, unless we need to keep it for legitimate business or legal reasons.
- If you request deletion of your data, we will process that request and securely delete the information from our active systems (see “Your Rights” above for more on erasure). Some residual data may remain in backup archives for a short time, but we will also remove those in accordance with our backup retention policies.
- Technical logs and analytics data are typically retained only for a short duration (e.g. a few months) unless used for security analysis. Aggregated data that no longer identifies a user may be retained longer for statistical purposes.
- We may retain certain information to prevent fraud or future abuse, or for legitimate business interests such as recordkeeping (for example, keeping records of a purchase or a support ticket), even after deletion of your account, but we will isolate and protect that information from any further use.
If you have questions about our data retention practices specific to your information, you can contact us for more details. Rest assured, when we no longer have a legitimate need or legal obligation to retain your personal data, we will securely dispose of it.
We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including to provide you with the Services and to comply with legal, accounting, or reporting requirements. The exact duration we keep data varies depending on the type of information and the reasons for processing it:
- Account information (like your name, email, saved queries, etc.) is retained as long as you have an active account with us. If you delete your account or it becomes inactive, we will erase or anonymize your data after a reasonable period, unless we need to keep it for legitimate business or legal reasons.
- If you request deletion of your data, we will process that request and securely delete the information from our active systems (see “Your Rights” above for more on erasure). Some residual data may remain in backup archives for a short time, but we will also remove those in accordance with our backup retention policies.
- Technical logs and analytics data are typically retained only for a short duration (e.g. a few months) unless used for security analysis. Aggregated data that no longer identifies a user may be retained longer for statistical purposes.
- We may retain certain information to prevent fraud or future abuse, or for legitimate business interests such as recordkeeping (for example, keeping records of a purchase or a support ticket), even after deletion of your account, but we will isolate and protect that information from any further use.
If you have questions about our data retention practices specific to your information, you can contact us for more details. Rest assured, when we no longer have a legitimate need or legal obligation to retain your personal data, we will securely dispose of it.
California Privacy Rights (CCPA/CPRA) and U.S. State Privacy Laws
If you are a resident of California, you are entitled to specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Other U.S. states (such as Virginia, Colorado, etc.) may also grant similar rights to their residents. In this section, we summarize rights for California consumers, and we will extend these rights to residents of other states where applicable law requires.
- Categories of Personal Information Collected: In the preceding 12 months, we have collected the categories of personal information described in this Privacy Policy (such as identifiers like name and email, user account information, usage data, etc.). We collect these categories from the sources and for the purposes outlined above. (We do not collect sensitive personal information as defined under California law, except possibly certain identifiers or account credentials needed for our Service.)
California Consumer Rights: As a California resident, you have the following rights regarding your personal information, subject to certain exceptions and limitations:
- Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share that information. You also have the right to request a copy of the specific pieces of personal information we have collected about you in a portable and, if feasible, readily usable format.
- Right to Delete: You have the right to request that we delete personal information we collected from you, subject to certain exceptions. For example, we may retain information as permitted by law to complete a transaction you requested, to detect security incidents, to comply with legal obligations, or other purposes allowed by the CCPA/CPRA.
- Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you. Upon verification of your identity and the accuracy of the new information, we will correct our records accordingly.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” of your personal information or the “sharing” of your personal information for cross-context behavioral advertising, as those terms are defined under California law.
However, Osavul does not sell your personal information to third parties for money. We also do not share your personal information with third parties for the purpose of targeted advertising. In the event our practices change, we will update this policy and provide a clear mechanism for you to exercise your opt-out rights. (Because we do not sell or share data in this way, we do not display a "Do Not Sell or Share My Personal Information" link on our website.)
- Right to Limit Use of Sensitive Personal Information: (Applicable only if we collect sensitive information as defined by CPRA.) We do not collect or process sensitive personal information for purposes beyond what is necessary to provide our Services (for example, we don’t use or disclose sensitive info to infer characteristics about consumers). If that changes, California residents would have the right to direct us to limit the use of their sensitive personal information to certain allowed purposes only.
- Right of Non-Discrimination: We will not discriminate against you for exercising any of your rights under CCPA/CPRA. This means we will not deny you our Services, charge you a different price, or provide a different level or quality of service just because you exercised your privacy rights. (In fact, we provide the same level of service to all users regardless of any privacy requests.) If we ever offer financial incentives (e.g., discounts, rewards, or a different price) in exchange for the collection or use of personal information, we will provide you with clear terms of such an incentive and obtain your opt-in consent. You have the right to withdraw from any such incentive programs at any time.
- Submitting Requests: To exercise your California privacy rights (Right to Know, Delete, or Correct) please contact us using the contact information in the “Contact Us” section below. Please include your name, contact information, and which right you intend to exercise. We will need to verify your identity before processing certain requests (for example, by confirming that the email address of the request matches our records for you, or by asking for additional information if necessary). In some cases, we may deny or limit a request if we cannot verify your identity or if an exception applies. If you have an authorized agent making a request on your behalf, we will require proof of authorization and also verify the identity of the agent.
Once we receive and verify a verifiable consumer request, we will respond within the time frame required by law (generally within 45 days, with the possibility of an extension). Our response will explain the actions we took or provide the requested information, or if we must deny the request (in full or part), the reason for the denial.
Other U.S. Privacy Laws: If you are a resident of a U.S. state that provides privacy rights similar to or beyond California’s (such as the Virginia Consumer Data Protection Act, Colorado Privacy Act, etc.), we will honor your rights in accordance with those laws as well. In general, those laws provide rights to access personal data, delete personal data, correct inaccuracies, opt out of certain data uses (like targeted advertising or sale of data), and obtain information about data practices. Our processes for verification and response will be substantially similar to those outlined above for California residents. Please reach out to us with your request and indicate your state of residence so we can process it under the correct law.For any questions about our privacy practices in the United States or to receive this Privacy Policy in an alternate format (if needed, for accessibility reasons), please contact us.
- Categories of Personal Information Collected: In the preceding 12 months, we have collected the categories of personal information described in this Privacy Policy (such as identifiers like name and email, user account information, usage data, etc.). We collect these categories from the sources and for the purposes outlined above. (We do not collect sensitive personal information as defined under California law, except possibly certain identifiers or account credentials needed for our Service.)
California Consumer Rights: As a California resident, you have the following rights regarding your personal information, subject to certain exceptions and limitations:
- Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share that information. You also have the right to request a copy of the specific pieces of personal information we have collected about you in a portable and, if feasible, readily usable format.
- Right to Delete: You have the right to request that we delete personal information we collected from you, subject to certain exceptions. For example, we may retain information as permitted by law to complete a transaction you requested, to detect security incidents, to comply with legal obligations, or other purposes allowed by the CCPA/CPRA.
- Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you. Upon verification of your identity and the accuracy of the new information, we will correct our records accordingly.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” of your personal information or the “sharing” of your personal information for cross-context behavioral advertising, as those terms are defined under California law.
However, Osavul does not sell your personal information to third parties for money. We also do not share your personal information with third parties for the purpose of targeted advertising. In the event our practices change, we will update this policy and provide a clear mechanism for you to exercise your opt-out rights. (Because we do not sell or share data in this way, we do not display a "Do Not Sell or Share My Personal Information" link on our website.)
- Right to Limit Use of Sensitive Personal Information: (Applicable only if we collect sensitive information as defined by CPRA.) We do not collect or process sensitive personal information for purposes beyond what is necessary to provide our Services (for example, we don’t use or disclose sensitive info to infer characteristics about consumers). If that changes, California residents would have the right to direct us to limit the use of their sensitive personal information to certain allowed purposes only.
- Right of Non-Discrimination: We will not discriminate against you for exercising any of your rights under CCPA/CPRA. This means we will not deny you our Services, charge you a different price, or provide a different level or quality of service just because you exercised your privacy rights. (In fact, we provide the same level of service to all users regardless of any privacy requests.) If we ever offer financial incentives (e.g., discounts, rewards, or a different price) in exchange for the collection or use of personal information, we will provide you with clear terms of such an incentive and obtain your opt-in consent. You have the right to withdraw from any such incentive programs at any time.
- Submitting Requests: To exercise your California privacy rights (Right to Know, Delete, or Correct) please contact us using the contact information in the “Contact Us” section below. Please include your name, contact information, and which right you intend to exercise. We will need to verify your identity before processing certain requests (for example, by confirming that the email address of the request matches our records for you, or by asking for additional information if necessary). In some cases, we may deny or limit a request if we cannot verify your identity or if an exception applies. If you have an authorized agent making a request on your behalf, we will require proof of authorization and also verify the identity of the agent.
Once we receive and verify a verifiable consumer request, we will respond within the time frame required by law (generally within 45 days, with the possibility of an extension). Our response will explain the actions we took or provide the requested information, or if we must deny the request (in full or part), the reason for the denial.
Other U.S. Privacy Laws: If you are a resident of a U.S. state that provides privacy rights similar to or beyond California’s (such as the Virginia Consumer Data Protection Act, Colorado Privacy Act, etc.), we will honor your rights in accordance with those laws as well. In general, those laws provide rights to access personal data, delete personal data, correct inaccuracies, opt out of certain data uses (like targeted advertising or sale of data), and obtain information about data practices. Our processes for verification and response will be substantially similar to those outlined above for California residents. Please reach out to us with your request and indicate your state of residence so we can process it under the correct law.For any questions about our privacy practices in the United States or to receive this Privacy Policy in an alternate format (if needed, for accessibility reasons), please contact us.
Children’s Privacy
Our Services are not directed to children and we do not knowingly collect personal information from individuals under the age of 18 (eighteen). Osavul is an enterprise and professional-focused platform intended for use by adults. If you are under 18, you should not create an account or use our Services, and you should not provide personal information to us.
In the event that we learn we have collected personal data from a child under 18 (or under the applicable age of consent in certain jurisdictions, which may be lower), we will take immediate steps to delete that information from our servers. If you believe that a minor may have provided us with personal information, please contact us as soon as possible so that we can investigate and remove the data if needed.
Parents or legal guardians who become aware that their child (under 18) has used our Services or provided us with personal data should notify us at our contact email below. We will then delete the child’s information and terminate any accounts that were created by minors, in accordance with applicable laws such as the U.S. Children’s Online Privacy Protection Act (COPPA) and relevant international regulations.
In the event that we learn we have collected personal data from a child under 18 (or under the applicable age of consent in certain jurisdictions, which may be lower), we will take immediate steps to delete that information from our servers. If you believe that a minor may have provided us with personal information, please contact us as soon as possible so that we can investigate and remove the data if needed.
Parents or legal guardians who become aware that their child (under 18) has used our Services or provided us with personal data should notify us at our contact email below. We will then delete the child’s information and terminate any accounts that were created by minors, in accordance with applicable laws such as the U.S. Children’s Online Privacy Protection Act (COPPA) and relevant international regulations.
Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Last updated” date at the top of this Policy. If the changes are material, we will make reasonable efforts to inform you – for example, by posting a prominent notice on our website or by emailing you (if you have provided your email and agreed to such communications) prior to the change becoming effective.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Policy have been posted will signify your acceptance of those changes, to the extent permitted by law.
In case we ever decide to use personal data in a manner significantly different from what was stated at the time it was collected, we will notify users in advance and provide a clear mechanism for you to opt out of those new uses.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Policy have been posted will signify your acceptance of those changes, to the extent permitted by law.
In case we ever decide to use personal data in a manner significantly different from what was stated at the time it was collected, we will notify users in advance and provide a clear mechanism for you to opt out of those new uses.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us. We are here to help and will address your inquiries as promptly as possible.
Contact Information for Privacy Inquiries:
- Email: info@osavul.cloudYou may also reach out to us by visiting the contact page on our website or by sending correspondence to our business address (if provided on our site or in our official communications). Please include “Privacy Inquiry” in the subject line of emails to help us route your request to the appropriate team.
Osavul is committed to resolving any privacy issues in a fair and timely manner. If you contact us with a privacy-related complaint, we will investigate your complaint and respond within a reasonable time frame. If you are not satisfied with our response, and you are in the EU/UK, you have the right to lodge a complaint with your supervisory authority or the UK ICO as mentioned above. For individuals in other jurisdictions, you may also have the right to escalate concerns to relevant regulators.
Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal information while providing a powerful and secure platform for your needs.
Contact Information for Privacy Inquiries:
- Email: info@osavul.cloudYou may also reach out to us by visiting the contact page on our website or by sending correspondence to our business address (if provided on our site or in our official communications). Please include “Privacy Inquiry” in the subject line of emails to help us route your request to the appropriate team.
Osavul is committed to resolving any privacy issues in a fair and timely manner. If you contact us with a privacy-related complaint, we will investigate your complaint and respond within a reasonable time frame. If you are not satisfied with our response, and you are in the EU/UK, you have the right to lodge a complaint with your supervisory authority or the UK ICO as mentioned above. For individuals in other jurisdictions, you may also have the right to escalate concerns to relevant regulators.
Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal information while providing a powerful and secure platform for your needs.
