Privacy Policy

Last updated: March 10, 2025

OCDevel LLC ("OCDevel," "we," "us") operates ocdevel.com and the cookieless analytics tool used on this site. This notice explains how we collect, use, and share information for visitors to ocdevel.com and for customers and end users of the OCDevel Analytics script. When a customer installs the script on their own site, that customer is the controller for their visitors; we act as their processor and follow their instructions.

What We Collect

  • Information you provide. Account and authentication details (email/identifier via AWS Cognito), site settings (domains, compliance level), API keys (stored hashed), and preferences. Billing is handled by Stripe; we retain payment metadata (customer ID, payment method token/last4, status) but not full card numbers. If you contact us (email, social, Calendly) we receive the information you include. Content you submit to our tools (prompts, text/audio uploads, podcast metadata) is stored so we can process and return results.
  • Cookieless analytics & events. Our tracking collects page path, event name, timestamp, and a session identifier kept in sessionStorage (resets when the browser session ends), plus event properties for affiliate/CTA clicks. On the first page view in a session we also collect referrer (scrubbed to origin/path when possible), UTM parameters, screen dimensions, device type, browser/OS family, country and region from CloudFront, and a daily visitor hash derived from IP + user agent + site ID with a rotating daily salt. Custom event properties are filtered for obvious PII keys; referrers may occasionally include information provided by the prior site. We do not store raw IPs in analytics tables, and session IDs do not persist across sessions. CloudFront/API Gateway headers (including IP/user agent) may briefly appear in transit logs or S3 dead-letter buckets to ensure delivery and debugging.
  • Security/operations. Web server, API Gateway, and CloudFront logs include IP address, user agent, and error details for debugging, abuse prevention, and fraud monitoring. The rate limiter uses IP in memory only.
  • Future advertising/third-party tracking. We are not currently running Google Analytics or ad pixels (the Google/AdSense verification meta tags in our HTML are inactive by themselves). If we add Google Ads/Analytics or similar networks in the future, they may set their own cookies/identifiers; we will update this notice and present any required consent/opt-outs at that time. Affiliate destinations may set their own cookies when you click through.

How We Use Information & Legal Basis

  • Provide and improve our site, analytics dashboards, and tools (including generating prompts, images, or audio you request).
  • Measure traffic, attribution, and product performance using our cookieless analytics; detect bots/abuse and prevent fraud.
  • Operate accounts, API keys, credits, and billing (via Stripe); send service communications you request.
  • Respond to support inquiries and maintain platform security and integrity.
  • Comply with legal obligations and enforce our agreements.

Legal bases (EU/UK): contract (when you create an account or use the service), legitimate interests (site analytics, security, product improvement, communicating with existing users), and consent where required (e.g., optional marketing or if future ad/analytics cookies are introduced). When you use our analytics script on your own site, you are the controller for your visitors and should disclose that lawful basis to them; we process data on your instructions and limit fields according to your compliance setting (anonymous vs. legitimate interest).

Tracking, Cookies, and Controls

  • Our analytics relies on sessionStorage plus an opt-out flag in localStorage; we do not set tracking cookies for our own analytics or use persistent identifiers across browser sessions.
  • Opt out on ocdevel.com by visiting any page with ?notrack=1 (or setting localStorage.setItem('notrack','true')). Remove that key to re-enable tracking. You can also block requests to https://events.ocdevel.com or disable JavaScript.
  • Third-party services you choose to use (e.g., Calendly, Stripe checkout, affiliate destinations, or future ad networks) may set their own cookies or identifiers; their policies govern that processing.

Sharing and Processors

  • Hosting and infrastructure with AWS (including CloudFront, API Gateway, RDS, S3, Firehose, Batch).
  • Payments with Stripe (cards handled by Stripe; we store only limited payment metadata).
  • AI and media processing with providers such as OpenAI and Google (Gemini) to generate text, images, or speech from the content you submit.
  • Email and scheduling tools (e.g., standard email providers, Calendly) when you contact or book with us.
  • Affiliate partners receive standard referral parameters when you click their links.

We do not sell personal data or share it for cross-context behavioral advertising. We may disclose information if required by law, to protect rights, or during a business transaction.

Retention

  • Analytics events are kept in the relational store for roughly 30 days; copies sent to our S3 data lake/backups may be retained longer for reliability and aggregated reporting.
  • Function logs for analytics ingestion/processing are kept briefly (≈3 days). Operational logs and rate-limit data are short-lived and rotated.
  • Account, billing, and content (uploads, generated outputs, prompts) are retained while your account is active and as needed for legal/accounting purposes. You may delete assets in the product where supported or contact us for help; minimal billing records may remain to meet legal duties.

Security

Data is encrypted in transit and at rest within our providers, access is limited to operational needs, and visitor IDs are hashed with daily salts. Custom event properties are filtered for obvious PII keys. No method is 100% secure; please use strong, unique credentials and contact us if you suspect an issue.

International Transfers

We primarily use U.S.-based infrastructure and service providers. Data may be transferred to other countries where our providers (AWS, Stripe, OpenAI, Google, etc.) operate. We rely on their transfer safeguards (e.g., standard contractual clauses) where applicable.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your data, and to object or restrict certain processing. You can:

  • Use the analytics opt-out noted above for ocdevel.com.
  • Request deletion or export of your account data, uploads, prompts, or analytics data tied to your account by emailing us.
  • If your data was collected via our analytics script on a third-party site, contact that site first; we will support them as a processor.

For California residents: we do not sell or share personal information for cross-context behavioral advertising. You may request to know, delete, or correct personal information and to limit sensitive data use (we do not collect sensitive categories for our analytics).

Children

Our services are not directed to children under 16. If you believe a child provided us information, contact us and we will delete it.

Changes

We may update this policy to reflect product or legal changes. We will revise the “Last updated” date and, if changes are significant, provide additional notice.

Contact

For questions or requests, email tylerrenelle@gmail.com.