1. Introduction and Identity of the Controller
This Privacy Policy explains how Odision Moatly Intelligence (OPC) Private Limited ("Odision", "we", "us", "our") collects, processes, stores, and protects your personal data when you access or use the Odision platform at odision.io (the "Platform"). It also explains your rights in relation to that data.
The data controller is: Odision Moatly Intelligence (OPC) Private Limited, registered in India. Email: support@odision.io
By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must immediately cease using the Platform.
This Policy complies with the General Data Protection Regulation (GDPR), the Indian Digital Personal Data Protection Act 2023 (DPDPA), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.
1.1 EU Representative
Where required under applicable law, Odision maintains representation within the European Economic Area (EEA). Details are available upon request at support@odision.io.
2. Data We Collect
2.1 Data You Provide Directly
- Account registration data: name, email address, phone number, company name, job role
- Communication data: messages you send via the contact form or support channels
- Profile and preference data: country of operation, trade role, product interests
- Newsletter opt-in status: whether you have consented to receive marketing communications
- Access code or referral code used during registration
2.2 Data Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type
- Usage data: pages visited, features used, search queries entered, time spent on pages
- Session data: login timestamps, session duration, logout events
- Log data: server-side logs including request URLs, response codes, and error messages
- Cookie data: session cookies required for authentication and platform functionality
2.3 Data from Third Parties
- Payment data: processed entirely by our payment processor. We do not receive or store your full card number, CVV, or bank account details.
- AIS vessel data: publicly broadcast vessel position data used for shipment tracking features
2.4 Data We Do Not Collect
We do not collect sensitive personal data including racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data relating to criminal convictions.
2.5 Categories of Personal Data (CCPA)
For California residents: identifiers (name, email, IP address); commercial information (subscription and transaction records); internet activity (usage and session data); and inferences drawn from the above for service delivery and fraud prevention.
3. Legal Basis for Processing
- Contract performance: processing necessary to provide the Platform services you have subscribed to
- Legitimate interests: fraud prevention, security monitoring, and platform improvement
- Consent: marketing communications and optional analytics. You may withdraw consent at any time.
- Legal obligation: processing required to comply with applicable laws, regulations, or court orders
4. How We Use Your Data
- To create and manage your account and authenticate your identity
- To provide access to the Platform features included in your subscription plan
- To process and manage your subscription, including renewal reminders and payment confirmation
- To send transactional communications such as OTP codes, subscription confirmations, and service notices
- To send newsletters and marketing communications, only if you have opted in
- To monitor, detect, and prevent fraud, abuse, and security threats
- To analyse aggregate, anonymised usage patterns to improve the Platform
- To comply with legal obligations including tax, audit, and regulatory requirements
- To enforce our Terms of Service and protect our legal rights
We will not use your data for automated decision-making that produces legal or similarly significant effects without your explicit consent.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Platform:
- Strictly necessary cookies required for authentication and core functionality
- Analytics cookies, which are enabled only with your explicit consent
Where required by law, we will display a cookie consent banner on your first visit, allow you to accept, reject, or customise cookie preferences, and provide the ability to withdraw consent at any time.
We do not use advertising or tracking cookies. We do not share cookie data with advertising networks.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Payment processor: our merchant of record handles all payment transactions under PCI-DSS compliance obligations
- Email delivery provider: processes your email address solely to deliver transactional emails and OTP codes
- SMS delivery provider: processes your phone number solely for delivery of authentication codes
- AI service providers: third-party infrastructure used to process certain Platform features. No personal identity data is shared unless necessary for service delivery.
- Hosting provider: your data is stored on servers in Helsinki, Finland, within the EEA, under a GDPR-compliant Data Processing Agreement
- Law enforcement and regulators: where required by law, court order, or to protect our legal rights
All third-party service providers are bound by contractual data processing agreements.
7. International Data Transfers
Your data is stored in Helsinki, Finland (EEA). Where data is transferred internationally, we ensure protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Binding contractual obligations on the recipient
- Where required, supplementary safeguards to ensure an adequate level of data protection
8. Data Retention
- Account data: retained for the duration of your subscription plus 2 years after account closure
- Transaction records: retained for 7 years to comply with financial record-keeping obligations
- Usage logs: retained for 90 days for security monitoring and debugging
- Marketing consent records: retained for 3 years after consent is withdrawn
- Support communications: retained for 2 years
When data is no longer required, we will securely delete or anonymise it.
9. Your Rights
Depending on your jurisdiction, you have the following rights:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of your data, subject to legal retention obligations
- Right to restriction: request that we limit how we use your data
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: withdraw consent for marketing or analytics at any time
- Right to lodge a complaint: with your national data protection authority
To exercise any of these rights, contact us at support@odision.io. We will respond within 30 days.
10. Security
- All data transmitted is encrypted using TLS 1.2 or higher (HTTPS)
- Passwords are hashed using industry-standard algorithms and never stored in plain text
- Access to production systems is restricted to authorised personnel only
- Servers are protected by a firewall permitting only necessary ports
- Intrusion detection to block repeated unauthorised access attempts
- Regular server updates to patch security vulnerabilities
- Secrets and API keys are stored in restricted-access configuration files, never in source code
We regularly review and update our security practices to align with industry standards and applicable regulatory requirements.
No system is completely secure. In the event of a data breach likely to result in risk to your rights, we will notify you and the relevant supervisory authority as required by law.
11. Children's Data
The Platform is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. Contact support@odision.io immediately if you believe we have inadvertently collected data from a minor.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on the Platform. Continued use of the Platform after notification constitutes acceptance.
13. Contact
Odision Moatly Intelligence (OPC) Private Limited
Email: support@odision.io
We aim to respond to all enquiries within 5 business days.
14. United States Privacy Rights (CCPA/CPRA)
If you are a resident of California or other applicable US jurisdictions, you have the following rights:
- The right to know what personal data we collect, use, and disclose
- The right to request deletion of your personal data
- The right to correct inaccurate personal data
- The right to opt out of the sale or sharing of personal data
- The right to non-discrimination for exercising your rights
We do not sell or share your personal data as defined under applicable US privacy laws. You may request that we do not sell or share your personal data (note: we do not engage in such practices).
To exercise your rights, contact: support@odision.io
15. Automated Processing and AI Features
Certain features of the Platform use automated processing technologies to generate insights, recommendations, or outputs. These outputs:
- Are generated based on available data and algorithms
- May contain errors, omissions, or biases inherent in automated systems
- May not always be accurate, complete, or up to date
- Should not be relied upon as legal, financial, or compliance advice
Users are responsible for independently verifying all outputs before making business or regulatory decisions. We do not use automated decision-making that produces legal or similarly significant effects without appropriate safeguards.