Privacy Policy

This Privacy Policy describes how OxyDance ("we", "us", "our") collects, uses, and shares information when you use OxyDance Pilot, including our website at oxydancepilot.com, the WordPress plugin, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

We collect the following categories of information:

Account Information — When you create an account, we collect your name, email address, and authentication credentials via Clerk, our identity provider.

License & Usage Data — We record your license key, plan type, site URLs where the plugin is activated, and the number of AI generations performed. For Free plan users, this is used to enforce the 3-generation limit. For paid plans, this data helps us provide and improve the Service.

Payment Information — We do not store payment card details. Billing is handled by Polar, which maintains its own privacy policy. We receive order IDs and subscription status from Polar.

Log & Usage Data — Like most web services, we automatically collect server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security and diagnostics.

Website Analytics — On our marketing website (oxydancepilot.com), we use Umami, a privacy-focused analytics product, hosted as Umami Cloud. It helps us understand aggregated traffic (for example pages viewed, referrer, browser/device type, and general geographic region). Umami is not used for cross-site advertising or building advertising profiles. For details on how Umami handles data, see Umami's privacy policy.

Communications — If you contact us via the contact form or email, we retain that correspondence to resolve your inquiry and improve the Service.

OxyDance Pilot is a Bring Your Own Key (BYOK) service. All users who use AI generation features must provide their own API key from a supported AI provider (such as Anthropic, OpenAI, Google, xAI, or DeepSeek).

Your API keys never leave your WordPress site:

• Your API keys are stored securely on your own WordPress website — we never have access to them and cannot view or retrieve them
• All AI requests are made directly from your WordPress installation to your chosen AI provider — we never see, intercept, or proxy those requests
• Your prompts, inputs, and any data sent to the AI provider remain entirely between your website and the provider
• All generated results (sections, layouts, code) are saved in your own WordPress database — we do not have access to your generated content
• You can manage, update, or delete your API keys at any time within the plugin settings on your WordPress site

Important: Because API keys and AI communication are handled entirely on your end, we are not responsible for any costs, rate limits, or service issues from your AI provider. Please review your AI provider's privacy policy to understand how they handle your data and prompts.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send billing-related communications
• Authenticate you and enforce license and usage restrictions
• Monitor and analyze usage patterns to improve the product
• Send essential service notifications (downtime, security updates, Terms changes)
• Respond to support requests and inquiries
• Comply with legal obligations

We do not use your data for advertising or sell it to third parties for marketing purposes.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Service providers — Clerk (authentication), Polar (payments), Umami Cloud (website analytics on oxydancepilot.com only), and hosting/infrastructure providers. These parties process data only on our behalf under their respective terms and, where applicable, data processing agreements.
• AI providers — When you make a generation request, your prompt is sent directly from your WordPress site to the AI provider whose API key you have configured. We do not see, intercept, or store those requests or their responses.
• Legal requirements — We may disclose information if required by law, court order, or governmental authority.
• Business transfers — In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before this occurs.
• With your consent — We may share data for other purposes when you have given explicit consent.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: retained until account deletion, plus 30 days for recovery
• License and usage data: retained for the life of the license plus 2 years for audit purposes
• API keys: stored only on your own WordPress site — we do not retain them
• Generated content: stored only in your own WordPress database — we do not retain it
• Support communications: retained for 3 years
• Server logs: retained for 90 days

You may request deletion of your account and associated data at any time. See "Your Rights" below.

We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse:

• Encryption in transit (TLS) for all data between your browser and our servers
• API keys and generated content remain on your WordPress site — they are never transmitted to or stored on our servers
• Access controls limiting employee access to personal data
• Regular security reviews of our infrastructure

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to industry-standard best practices. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable laws, typically within 72 hours of discovery.

We use a minimal set of cookies and similar technologies necessary to operate the Service, and privacy-oriented analytics on our website:

• Authentication cookies — Set by Clerk to maintain your login session. These are strictly necessary and cannot be disabled.
• Preference cookies — Store UI preferences. You can clear these via browser settings.
• Website analytics — On oxydancepilot.com we load Umami's script from Umami Cloud (cloud.umami.is) to collect aggregated, non-advertising usage statistics as described under "Data We Collect" above. Umami is designed to avoid invasive tracking and is not used to sell or share your data with advertisers.

We do not use third-party advertising cookies, tracking pixels, or behavioral ad networks. Analytics are limited to understanding how visitors use our own marketing site so we can improve it.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data ("right to be forgotten")
• Portability — Receive your data in a structured, machine-readable format
• Restriction — Request that we limit how we process your data
• Objection — Object to certain types of processing
• Withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it promptly. If you believe we may have collected such information, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or by a prominent notice in the Service before the changes take effect.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our privacy team:

• Privacy inquiries: [email protected]
• Contact form: oxydancepilot.com/contact

Please include "Privacy Request" in your email subject line and provide sufficient information to verify your identity. We will respond within 30 days.