Privacy Policy

Last Updated: January 19, 2026

1. Introduction

Otobrix Labs ("we," "our," or "us") operates as a boutique database security and compliance consultancy. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 Information You Provide

• Contact Information: Name, email address, store URL when you submit our contact form or request an audit
• Business Information: Details about your database schema, RLS policies, and vulnerability concerns
• Communication Records: Correspondence via email, calls, or messaging platforms

2.2 Automatically Collected Information

• Analytics Data: We use Google Analytics 4 to collect anonymized usage data including page views, session duration, and general location (country/city level)
• Technical Data: IP address, browser type, device information, and referring URLs
• Cookies: We use essential cookies for site functionality and analytics cookies (which you can opt out of)

3. How We Use Your Information

We use collected information to:

• Respond to your inquiries and provide requested services
• Conduct database security audits and design restorative RLS policy patches
• Communicate about projects, updates, and service improvements
• Improve our website and service offerings
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: FormSubmit.co (form handling), Google Analytics (anonymized analytics), Calendly (appointment scheduling)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In the event of a merger or acquisition (with prior notice)

5. Client Project Data

When working on client projects:

• We access only the minimum data necessary (typically schema-only) to perform security audits
• All client data is handled under separate service agreements with confidentiality provisions
• We implement appropriate security measures including encryption and access controls
• Client data is not used for marketing or shared with third parties without explicit consent

6. Data Retention

• Contact Form Submissions: Retained for 2 years or until you request deletion
• Client Project Data: Retained per contract terms, typically deleted within 90 days of project completion unless ongoing maintenance is required
• Analytics Data: Anonymized data retained for 26 months (Google Analytics default)

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Receive your data in a structured format

To exercise these rights, contact us at auditor@otobrixai.com.

8. Security

We implement industry-standard security measures including:

• HTTPS encryption for all website communications
• Secure form submission via FormSubmit.co
• Limited access to personal data on a need-to-know basis
• Regular security reviews of our processes

9. International Data Transfers

We are based in Bangladesh. If you are located in the EU/EEA, your data may be transferred outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from children.

11. Do Not Track

We respect Do Not Track (DNT) browser signals. If DNT is enabled, we disable Google Analytics tracking.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email to active clients or prominently on our website. Continued use after changes constitutes acceptance.

13. GDPR Compliance

For EU/EEA users, we comply with GDPR requirements:

• Legal Basis: Consent (contact forms), Legitimate Interest (analytics), Contract Performance (client projects)
• Data Protection Officer: For GDPR inquiries, contact auditor@otobrixai.com
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

14. Contact Us

For privacy-related questions or requests:

• Email: auditor@otobrixai.com