Privacy Policy

Last updated: 24 May 2026

1. Who we are

OxPro (“we”, “us”, or “our”) is an AI-powered operations intelligence platform. We help small and medium businesses map their workflows, detect operational issues, and generate process documentation. Our registered address is available at hello@oxpro.org.

2. What data we collect

We collect the following categories of personal data:

  • Account information: Your name, email address, and company name when you create an account.
  • Onboarding data: Industry, team size, tool selections, workflow descriptions, and operational challenges you provide during setup.
  • Usage data: Pages visited, features used, and interactions within the platform (collected via anonymised analytics).
  • Communication data: Emails sent to or received from us, including support requests.
  • Payment data: Billing information processed securely by our payment processor (Stripe). We never store card numbers.

We do not access the contents of your Gmail, Slack, or Google Drive without explicit authorisation. Integration connections are made via OAuth and you can revoke them at any time.

3. How we use your data

We use your data to:

  • Provide, operate, and improve the OxPro platform.
  • Generate AI-powered workflow analysis and health scores specific to your business.
  • Send service notifications, product updates, and support responses.
  • Process billing and prevent fraud.
  • Comply with legal obligations.

We never sell your data to third parties. Your business data is never used to train AI models.

4. Legal basis for processing (GDPR)

If you are located in the UK or EU, we process your personal data under the following legal bases:

  • Contractual necessity: To provide the services you have signed up for.
  • Legitimate interests: To improve our platform and prevent abuse.
  • Legal obligation: To comply with applicable laws.
  • Consent: For marketing communications (you can unsubscribe at any time).

5. Data storage and security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies ensuring only you can access your data. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We conduct regular security reviews.

Our infrastructure is hosted in the EU. If data is transferred outside the UK/EU, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for 7 years).

7. Third-party services

We use the following sub-processors:

  • Supabase: Database and authentication.
  • OpenAI: AI analysis generation (your data is not used for training per OpenAI's API terms).
  • Stripe: Payment processing.
  • Vercel: Hosting and edge delivery.

8. Your rights

Under GDPR and UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict processing.
  • Data portability.
  • Withdraw consent for marketing at any time.

To exercise any of these rights, email us at privacy@oxpro.org. We will respond within 30 days.

9. Cookies

We use only essential cookies necessary for authentication and session management. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notification. Your continued use of OxPro after changes constitutes acceptance.

11. Contact us

For privacy enquiries, contact us at: privacy@oxpro.org