Privacy Policy

Last updated: February 2026

Your privacy is important to us. This policy explains how ObitoX collects, uses, and protects your information in compliance with applicable data protection laws.

Encrypted

All data encrypted at rest and in transit

Secure Storage

Hosted on Supabase with SOC 2 compliance

GDPR Compliant

Full data subject rights supported

Data Controller

ObitoX is the data controller for personal information collected through this website and API services. For data protection inquiries, contact our Data Protection Officer at:

ObitoX

Email: support@obitox.dev

Response time: Within 48 hours

Information We Collect

Information you provide directly:

  • Account information - Email address, name, profile details
  • API usage data - Request logs, error reports, usage patterns
  • Payment information - Processed securely by Wayl (we don't store card details)
  • Support communications - Tickets, emails, chat transcripts

Information collected automatically:

  • Device information - IP address, browser type, operating system
  • Usage analytics - Pages visited, features used, session duration
  • Error logs - For debugging and service improvement

How We Use Your Information

We process your data for the following purposes:

Service Delivery

Provide API access, authentication, and support

Billing

Process payments and manage subscriptions

Security

Prevent abuse, enforce rate limits, detect fraud

Improvement

Analyze usage patterns to improve our services

Communication

Send service updates, security alerts, and responses to inquiries

Compliance

Meet legal obligations and respond to lawful requests

Data Protection Measures

We implement industry-standard security measures:

Encryption in Transit

All data transmitted using TLS 1.3 with modern cipher suites

Encryption at Rest

Sensitive data encrypted with AES-256 on Supabase infrastructure

Access Controls

Role-based access, multi-factor authentication, audit logging

API Security

HMAC-SHA256 request signing, rate limiting, replay protection

Regular Audits

Security assessments and penetration testing

Data Sharing & Third Parties

We do not sell your personal information. We may share data with:

SupabaseUSA (SOC 2 Type II certified)

Database and authentication hosting

WaylIraq

Payment processing

VercelUSA (SOC 2 compliant)

Application hosting and edge network

We may also share data with legal authorities when required by law or to protect our rights.

Data Retention

Data TypeRetention PeriodReason
Account dataDuration of account + 30 daysService provision
API request logs90 daysDebugging, security
Billing records7 yearsLegal requirements
Audit logs1 yearSecurity, compliance
Analytics data26 monthsService improvement

Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data ('right to be forgotten')

Portability

Receive your data in a machine-readable format

Restriction

Limit how we process your data

Objection

Object to certain processing activities

To exercise these rights, contact us at support@obitox.dev. We will respond within 30 days.

International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required. By using our services, you consent to such transfers.

Contact Us

For privacy-related inquiries or to exercise your rights:

Privacy Officer: support@obitox.dev

Data Protection Officer: support@obitox.dev

Response time: Within 48 hours (inquiries), 30 days (rights requests)

We may update this privacy policy from time to time. Significant changes will be notified via email or through our website. Continued use of our services after changes constitutes acceptance of the updated policy.