We use cookies to enhance your experience.

Privacy Policy

Last Updated: February 24, 2026

Introduction

OOHStack ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices regarding data collection and processing in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Email address, password, and company name when you create an account
  • Proposal Information: Business details, contact information, service requirements, and pricing data
  • Onboarding Data: Responses to onboarding questionnaires and uploaded documents
  • Digital Signatures: Signature images and associated metadata when you sign documents
  • Communication Data: Messages, feedback, and correspondence with our support team

Automatically Collected Information

When you access our services, we automatically collect certain information:

  • Usage Data: Pages viewed, features used, time spent, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers
  • IP Address: Anonymized for analytics purposes (last octet removed)
  • Cookies: See our Cookie Policy for detailed information
  • Security Logs: Failed login attempts, suspicious activities, and rate limit events

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our proposal and onboarding services
  • Document Generation: To create customized proposals, contracts, and onboarding materials
  • Communication: To send service-related notifications, updates, and support responses
  • Analytics: To understand usage patterns and improve user experience
  • Security: To detect, prevent, and respond to fraud, abuse, and security incidents
  • Legal Compliance: To comply with legal obligations and enforce our terms
  • Business Operations: To maintain audit trails and business records

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you agree to cookies, marketing communications, or optional data collection
  • Contractual Necessity: To fulfill our service agreements and provide requested features
  • Legal Obligation: To comply with laws, regulations, and legal processes
  • Legitimate Interests: For analytics, security, and service improvements (balanced against your rights)

Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: With trusted third parties who assist in operations (hosting, analytics, email delivery) under strict confidentiality agreements
  • Business Transfers: In connection with mergers, acquisitions, or sale of assets
  • Legal Requirements: When required by law, court order, or governmental request
  • Protection of Rights: To protect our rights, property, safety, or that of our users
  • With Your Consent: When you explicitly authorize us to share your information

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Proposals & Documents: Retained for 7 years for business and legal compliance
  • Audit Logs: Retained for 5 years for security and compliance purposes
  • Cookie Consent Records: Retained for 2 years from last consent update
  • Analytics Data: Anonymized and retained for 2 years
  • Security Logs: Retained for 1 year for incident investigation

You can request deletion of your data at any time through our Data Subject Rights Portal. We will honor your request within 30 days unless we have a legal obligation to retain certain information.

Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for data processing at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please visit our Data Subject Rights Portal or contact us at legal@oohstack.com.

Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Trails: Comprehensive logging of all data access and modifications
  • Rate Limiting: Protection against brute force and abuse
  • IP Anonymization: Personal IP addresses are anonymized for analytics
  • Secure Hosting: Data hosted on secure, GDPR-compliant infrastructure
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments

While we strive to protect your information, no security system is impenetrable. We cannot guarantee absolute security but will notify you of any breach as required by law.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during international transfers.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or prominent notice on our website. Your continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy & Legal: legal@oohstack.com

General Support: support@oohstack.com

Data Subject Rights Portal: oohstack.com/privacy-portal

Response Time: We will respond to your inquiry within 30 days

This privacy policy is effective as of February 24, 2026 and governs the use of OOHStack services.