Effective date: July 4, 2026
Privacy
This Privacy page explains how OCO handles information associated with the public website, public contact paths, basic site operations, security review, and analytics when enabled. It does not describe private client systems, scoped service environments, or confidential project records governed by separate agreements.
OCO’s public website is not designed to receive sensitive project material. Privacy handling for a scoped engagement may be more specific than this public page and can include written data rules, access boundaries, provider restrictions, retention periods, security controls, and owner-approved transfer methods.
Information We May Collect
OCO may collect information you submit through public contact paths, such as name, email, company, website, inquiry type, and message content. Basic technical information may also be processed by hosting, security, analytics, and logging systems, including IP address, browser information, device information, pages requested, timestamps, form status, and error or security events.
Collection may happen directly when you submit information or indirectly through normal website infrastructure. Logs can be created by browsers, hosting systems, security layers, form processors, email systems, analytics services, and error monitoring. OCO uses this information to operate and protect the public site, not to expose private visitor content publicly.
Information You Should Not Send
Do not send credentials, production secrets, private datasets, exploit details, confidential client material, sensitive personal information, regulated records, or third-party confidential information through public forms or public email. If a project requires sensitive exchange, OCO will define an approved transfer path, scope, and handling process separately.
If you accidentally send sensitive material, OCO may delete it, decline to review it, restrict access to it, or ask you to resend through an approved process. Sending sensitive material through a public path does not require OCO to accept confidentiality duties beyond what applicable law or a separate written agreement requires.
How We Use Information
OCO uses public-site information to review inquiries, respond by email, route requests, operate the website, protect against abuse, debug errors, measure basic performance, maintain records of communications, and evaluate whether a proposed engagement should move to a written scope. OCO does not sell public contact form submissions.
OCO may also use public-site information to prevent spam, detect abusive submissions, maintain security records, improve public copy, verify whether forms are working, and understand what types of inquiries the public site generates. If an inquiry becomes a scoped engagement, later handling may be governed by project-specific terms.
Disclosure of Information
OCO may share limited public-site information with service providers that help operate hosting, email, analytics, security, forms, or infrastructure. OCO may also disclose information when required by law, to protect rights or security, to investigate abuse, to respond to a valid legal process, or with your direction or consent.
Service providers may process information under their own technical and legal controls. OCO aims to use providers in a way that supports website operation, security, and reliability, but public-site use necessarily involves infrastructure outside OCO’s direct physical control, such as hosting, network, email, DNS, and browser systems.
Retention
OCO keeps public-site information only as long as reasonably needed for the purpose collected, operational records, security review, dispute prevention, legal compliance, or business administration. Retention periods may vary depending on the nature of the inquiry, operational logs, provider records, and whether the communication becomes part of a scoped project record.
Deletion may not be immediate from every backup, log, provider system, or security record. OCO may keep limited records when needed to prove communication history, detect abuse, preserve security evidence, comply with law, maintain business records, or avoid repeated handling of the same unsafe submission.
Security
OCO uses reasonable administrative, technical, and operational safeguards for public-site information, but no public website, email path, hosting provider, or internet transmission can be guaranteed secure. Sensitive information should only be exchanged through an approved project path after scope and handling rules are defined.
Security controls may include access limitation, provider controls, logging, encrypted transport where supported, separation of project material from public-site material, review of suspicious submissions, and reduced disclosure of sensitive operating detail. These controls reduce risk but do not make public email or public forms appropriate for secrets.
Your Choices
You may choose not to submit a public contact form. You may also contact OCO at info@oco.io to ask about public-site information you provided, request correction, or request deletion where applicable. Some information may be retained when needed for security, legal compliance, dispute prevention, or operational records.
Requests may require identity verification or enough context for OCO to locate the relevant public-site record. OCO may decline requests that are impossible to verify, conflict with security needs, affect another party’s rights, concern records outside the public website, or require disclosure of internal security information.
Children
The public website is intended for business and professional audiences. It is not directed to children, and OCO does not knowingly request information from children through the public website.
If OCO learns that information from a child was submitted through the public website, OCO may delete or restrict it where appropriate. The site’s content, contact paths, and technical descriptions are intended for adults acting in a business, research, technical, or professional context.
International Visitors
Visitors may access the website from different jurisdictions. Public-site information may be processed where OCO, its providers, or infrastructure operate. By using the public site or contacting OCO, you understand that information may be handled in jurisdictions different from your location, subject to applicable law.
Different jurisdictions may provide different privacy rights or obligations. This public page is a general explanation of OCO’s public-site practices and does not replace any project-specific data processing terms, contractual clauses, regulatory notices, or lawful instructions that may apply to a separate engagement.
Privacy Changes
OCO may update this Privacy page as the public website, forms, analytics, providers, security practices, laws, or operating needs change. The effective date reflects the current public version.
When privacy practices change materially, OCO may update the public page rather than contacting every prior visitor individually. Visitors should review the current version when submitting information or relying on the public website’s privacy description.
Contact
Questions about public legal, privacy, security, governance, or disclosure information can be sent to info@oco.io. Do not send credentials, private datasets, exploit details, production secrets, or confidential third-party material through public email.
Public email is a triage channel. If OCO decides that a matter requires sensitive exchange, the next step may require a separate process, verified identity, written scope, secure transfer path, or owner approval. Until that exists, public email should be treated as unsuitable for secrets, regulated data, exploit material, or confidential project files.