Privacy Policy

Introduction

Oasbit ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, applications, and website.

This policy applies to all users of our services, including our digital marketing services (SEO, Web Development, Mobile App Development, ADS, SMM, GEO, CNS) and software applications (CRM and other SaaS products).

We comply with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us for support.

• Personal Information: Name, email address, phone number, mailing address
• Business Information: Company name, industry, job title, business size
• Payment Information: Billing details, payment methods (processed securely through third-party providers)
• Service Information: Project requirements, goals, preferences, feedback
• Communication Data: Support requests, emails, chat messages, phone calls
• Account Credentials: Usernames, passwords (encrypted), security questions

1.2 Information We Collect Automatically

We automatically collect certain information when you use our services and applications.

• Usage Data: Pages visited, features used, time spent, click patterns
• Technical Data: IP address, browser type, device information, operating system
• Analytics Data: Website performance, user behavior, conversion tracking
• Application Data: CRM usage, user interactions, feature utilization
• Location Data: General geographic location (city, country) based on IP address
• Cookies and Tracking: Session data, preferences, authentication tokens

1.3 Information from Third Parties

We may receive information about you from third-party services and platforms.

• Social Media Platforms: Profile information, engagement data (when you connect accounts)
• Analytics Services: Google Analytics, Facebook Pixel, and other tracking data
• Payment Processors: Transaction confirmations, billing information
• Business Partners: Referral information, joint service data
• Public Sources: Business directories, public records, social media profiles

2. How We Use Your Information

2.1 Service Delivery and Operations

• Service Provision: Deliver SEO, web development, mobile apps, advertising, and other services
• Application Management: Provide CRM and SaaS application access and functionality
• Account Management: Create and maintain user accounts, manage subscriptions
• Payment Processing: Process payments, manage billing, handle refunds
• Customer Support: Respond to inquiries, provide technical support, resolve issues
• Service Improvement: Analyze usage patterns to enhance our services and applications

2.2 Communication and Marketing

• Service Communications: Send important updates, notifications, and service-related messages
• Marketing Communications: Send promotional materials, newsletters, and special offers (with consent)
• Personalization: Customize content and recommendations based on your preferences
• Feedback and Surveys: Request feedback to improve our services

2.3 Analytics and Performance

• Website Analytics: Track website performance, user behavior, and conversion rates
• Service Analytics: Monitor service effectiveness and client success metrics
• Application Analytics: Analyze CRM and application usage for optimization
• Performance Monitoring: Track system performance and identify issues

2.4 Legal and Compliance

• Legal Compliance: Comply with applicable laws, regulations, and legal obligations
• Contract Enforcement: Enforce our Terms and Conditions and service agreements
• Dispute Resolution: Resolve disputes and protect our legal rights
• Security and Fraud Prevention: Detect and prevent fraud, abuse, and security threats

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

3.1 Contract Performance

• Providing our services and applications as agreed in our service contracts
• Processing payments and managing billing
• Delivering customer support and technical assistance
• Managing your account and subscription

3.2 Legitimate Interests

• Improving our services and applications
• Analyzing usage patterns and performance metrics
• Preventing fraud and ensuring security
• Marketing our services to existing clients (with opt-out options)
• Conducting business operations and administration

3.3 Consent

• Marketing communications and promotional materials
• Non-essential cookies and tracking technologies
• Optional data collection for service enhancement
• Third-party data sharing for marketing purposes

3.4 Legal Obligation

• Compliance with applicable laws and regulations
• Tax reporting and financial record keeping
• Responding to legal requests and court orders
• Maintaining records for audit and compliance purposes

4. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

4.1 Service Providers and Partners

• Analytics Services: Google Analytics, Facebook Pixel, and other analytics providers
• Payment Processors: Stripe, PayPal, and other secure payment providers
• Cloud Services: AWS, Google Cloud, and other hosting and storage providers
• Communication Tools: Email service providers, chat platforms, and communication tools
• Marketing Tools: Email marketing platforms, CRM systems, and marketing automation tools
• Security Services: Security monitoring, fraud detection, and cybersecurity providers

4.2 Legal and Compliance

• Legal Requirements: When required by law, court order, or legal process
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• Regulatory Compliance: To comply with applicable laws and regulations
• Emergency Situations: In case of emergency to protect health and safety

4.3 Business Transfers

• Mergers and Acquisitions: In connection with a merger, acquisition, or sale of assets
• Business Reorganization: During corporate restructuring or reorganization
• Asset Sales: When selling or transferring business assets

4.4 With Your Consent

• Explicit Consent: When you explicitly consent to sharing your information
• Marketing Partners: With marketing partners for promotional purposes (with opt-out options)
• Social Media: When you choose to connect your social media accounts
• Third-Party Integrations: When you authorize third-party service integrations

5. Data Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Security Measures

• Encryption: SSL/TLS encryption for data transmission and AES-256 encryption for data at rest
• Secure Infrastructure: Cloud-based security with regular security updates and patches
• Access Controls: Multi-factor authentication, role-based access, and regular access reviews
• Network Security: Firewalls, intrusion detection, and network monitoring
• Data Backup: Regular encrypted backups with secure off-site storage

5.2 Administrative Security Measures

• Employee Training: Regular privacy and security training for all staff
• Security Policies: Comprehensive security policies and procedures
• Incident Response: Documented incident response procedures and team
• Regular Audits: Security audits and vulnerability assessments
• Vendor Management: Security requirements for all third-party vendors

5.3 Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

• Notify affected individuals within 72 hours (GDPR requirement)
• Report to relevant authorities as required by law
• Provide detailed information about the breach and its impact
• Offer guidance on protective measures you can take
• Implement additional security measures to prevent future breaches

6. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

6.1 Retention Periods

• Account Data: Retained for the duration of your account plus 3 years after closure
• Service Data: Retained for the duration of service plus 7 years for legal compliance
• Payment Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you opt-out or 3 years of inactivity
• Analytics Data: Retained for 26 months (Google Analytics standard)
• Support Communications: Retained for 3 years after resolution

6.2 Data Deletion

• You may request deletion of your personal data at any time
• We will delete data within 30 days of your request (unless legal retention applies)
• Some data may be retained for legal compliance or legitimate business purposes
• Anonymized or aggregated data may be retained for analytics purposes

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 GDPR Rights (EU Users)

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Users)

• Right to Know: Know what personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

• Contact us at privacy@oasbit.com with your request
• We will respond within 30 days (GDPR) or 45 days (CCPA)
• We may require identity verification for security purposes
• You may designate an authorized agent to make requests on your behalf

8. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

8.1 Transfer Safeguards

• Standard Contractual Clauses: EU-approved contractual clauses for data transfers
• Adequacy Decisions: Transfers to countries with adequate data protection
• Certification Schemes: Privacy Shield successor frameworks and certifications
• Binding Corporate Rules: Internal data protection policies for transfers

8.2 Data Processing Locations

• Primary Processing: Canada (our headquarters)
• Cloud Services: United States (AWS, Google Cloud with appropriate safeguards)
• Analytics: United States (Google Analytics, Facebook with data processing agreements)
• Support Services: Various locations with appropriate data protection measures

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content.

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Google Analytics, Facebook Pixel for usage analysis
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track advertising effectiveness and personalization

9.2 Cookie Management

• You can control cookies through your browser settings
• Essential cookies cannot be disabled as they are necessary for website operation
• Disabling certain cookies may affect website functionality
• We provide cookie consent management tools where required by law

10. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

• If you are under 13, please do not provide any personal information to us
• If we learn we have collected personal information from a child under 13, we will delete it promptly
• Parents or guardians may contact us to review, update, or delete their child's information
• For users 13-17, we recommend parental guidance when using our services

11. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

11.1 General Privacy Inquiries

11.2 Data Protection Officer

11.3 Regulatory Authorities

If you are not satisfied with our response to your privacy concerns, you may contact the relevant data protection authority in your jurisdiction:

• EU: Your local data protection authority or the European Data Protection Board
• UK: Information Commissioner's Office (ICO)
• Canada: Privacy Commissioner of Canada
• California: California Attorney General's Office

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• We will notify you of material changes by email or through our services
• Minor changes will be posted on this page with an updated "Last updated" date
• Continued use of our services after changes constitutes acceptance of the updated policy
• If you disagree with changes, you may discontinue use of our services
• We will maintain previous versions of this policy for your reference