The following words, whenever used in this privacy policy, shall havethe meaning defined hereunder:
‍
“Privacy Laws and Regulations” means all applicable privacy regulations and legislation, including the General Data Protection Regulation 2016/679 (“GDPR”), the national legislation implementing GDPR and, to the extent applicable, the privacy laws of any other country where the user is located.

“Controller,” “Data Subject,” “Personal Data,”  “Processing,” “Processor,” “Supervisory Authority” shall have the same meaning as defined in the GDPR.

“EEA” means the European Economic Area.

This Privacy Policy only covers the Personal Data we collect from you when you access and use the Service.

oxynote.io, is the Controller of the Personal Data collected about you when you use the Service.

You can write to us at: Žilvičių 2-oji g. 2, Karčiupio k., Kaišiadorių r.,  LT-56327, Lithuania
Email: hello@oxynote.io

• Email address;
• Content of all communication you have with Oxynote;
• Information that you provide us when you participate in our surveys or promotions;
• Your IP address.

1. Account Registration Data
When you sign up for an account on the Website, we only collect your email address.

Purpose of Processing
We process this Personal Data for the following purposes:

• To create your user account,
• To assist you in recovering your lost account password,
• To provide you with the Service in accordance with our Agreement with you,
• To contact you as and when required,
• To assert our rights and enforce our Agreement with you.

Legal Basis of Processing
We rely on the performance of our contract with you as the legal basis for processing your email address.

2. Transaction Data
When you subscribe to Oxynote’s services, we may collect certain billing details, including the billing address of the payment cardholder and transaction details associated with the subscription.

Please note that all payment card data is directly collected and processed by our third-party payment processor, Stripe Inc. We do not collect, store, or process payment card data on our own servers.

Purpose of Processing
We process this Personal Data for the following purposes:

• To enable our payment processor to process your subscription payments.
• To manage your recurring billing and ensure uninterrupted service.
• To comply with accounting, tax, and legal obligations.

Legal Basis of Processing
We rely upon the performance of our contract with you as the legal basis for processing the transaction data.

3. Marketing Data
If you subscribe to receive marketing communication from us, participate in our surveys, or contact us in response to our marketing campaigns, we will collect the following Personal Data from you:

• First and Last name,
• Email address,
• The content of any message you send us,
• Your responses when participating in our surveys.

Purpose of Processing
We process this Personal Data for the following purposes:

• Send you promotional offers, surveys and other direct marketing material,
• Follow-up on sales enquiries we receive from you,
• For our internal business purposes, such as data analysis and product development.

Legal Basis of Processing
We rely upon your consent as the legal basis for processing Marketing Data. Please note that you can opt out of receiving marketing communication anytime by clicking the unsubscribe button in the marketing emails.

4. Support Request Data
We collect your Personal Data when you send us your support requests or feedback through email or the contact form on the Website. The Personal Data we collect includes:

• Your email address (depending on the medium of communication);
• Any Personal Data contained in the content of your communication.

Purpose of Processing
We process this Personal Data for the following purposes:

• Respond to your communication and offer relevant support services; and
• Facilitate and improve our Service.

Legal Basis of Processing
We rely on our legitimate interest as a legal basis for processing this support request data.

5. Cookies
When you log in to your account, we use strictly necessary cookies for multi-page authentication, allowing you to remain logged in while navigating the Platform. These cookies are essential for the functioning of our Service and cannot be disabled.

Legal Basis of Processing
Please note that we only use cookies with your consent except for strictly necessary cookies that do not require your consent (ePrivacy Directive 2002/58 EC).

6. Web Analytics
We use privacy-focused web analytics tools to understand how users interact with our Platform. These analytics:

• Do not store cookies on your device.
• Do not collect personally identifiable information.
• Comply with GDPR and the ePrivacy Directive.

Legal Basis of Processing
We rely upon our legitimate interest to process web analytics data to improve the functionality and user experience of our Platform.

We do not retain your personal data for longer than required for the initial purpose for which we collected it, and in no event do we retain it after we cease to have a legal basis for processing.

Depending on the purpose of processing outlined above, we may retain your personal data as follows:

• Personal data processed for the provision of the Service will be retained for the entire duration you have an account on the Platform. We will delete this personal data within 30 days of your account termination except for any payment and tax-related records which we will retain for a minimum period required by applicable tax laws.
• Personal data collected for processing payments may be retained for up to seven years from the date of your purchase for our accounting and legal compliance purposes.
• Personal data that is processed on the legal basis of your consent may be retained until such time that you withdraw your consent.
• Personal data processed to provide support service or communicate with you may be retained for the entire duration you have an account on the Website. If you are not an account holder, we will not retain communication data for more than 60 days from the last communication date.

If we cease to have a legal basis for processing your personal data, we will either delete or irreversibly anonymise your personal data so it cannot be linked back to you.

• We respect your Personal Data, and we do not engage in the practice of selling or renting it. We only disclose/share your Personal Data in the circumstances described hereunder:
  ‍
  1. We may share and disclose your Personal Data with third-party service providers that we engage during the performance of our business operations, such as payment processing, email distribution tools, marketing, and customer support services. We will only disclose such Personal Data to these Service Providers that is necessary for them to perform their functions on our behalf. Our Service Providers will only use your Personal Data as authorised by us. In no event will our Service Providers be allowed to use your Personal Data for any purpose other than as expressly instructed by us.
  
  2. If, in the future, we undergo any merger or acquisition, your Personal Data may be disclosed as part of due diligence and transferred as part of the commercial transaction to another entity. We assure you that in the event of any such changes in ownership, your Personal Data will continue to be governed by this Privacy Policy, except in cases where you expressly consent otherwise.
  
  3. We may disclose your Personal Data to a relevant third party to:
  3.1. enforce our Agreement with you,
  3.2. defend ourselves in legal actions against you,
  3.3. protect our users or others from threats posed by your actions.
  
  4. If we receive a lawful request for your Personal Data from any law enforcement authorities or courts of law with jurisdiction over Oxynote, we will only disclose your Personal Data where we are legally obliged to provide it.
• Your Personal Data may be transferred and processed outside of your country of residence. If your Personal Data is transferred and processed in a jurisdiction that is not deemed adequate by the European Commission, we will only transfer your Personal Data pursuant to appropriate Standard Contractual Clauses as required by the GDPR.

Your Personal Data will be stored in Lithuania, other member states within the European Union (EU), the European Economic Area (EEA), and other parts of the world in accordance with this Privacy Policy.

Oxynote is a cloud-based Platform, and all user data, including user-created documents and account settings, is stored on Oxynote’s secure cloud servers.

Our Service is designed with data security in mind. We have implemented appropriate organisational and technical security protocols to prevent unauthorised access, loss, or deletion of your Personal Data. These measures include encryption protocols, firewalls, periodic data audits, and access controls.

Information and credentials used to connect to third-party exchanges or brokers are never stored in plain text and are encrypted both in transit and at rest using industry-standard encryption protocols.

We also use secure third-party payment processors to collect and process user payment data, ensuring that no financial data is stored in our database. Access to Personal Data within Oxynote is strictly limited to authorised personnel on a need-to-know basis to prevent unauthorised access. Our data security policies adhere to industry best practices to ensure the highest level of protection for user data.

Despite our efforts to safeguard your Personal Data, you acknowledge that data transmission over the internet is never 100% secure. While we take all reasonable measures to protect your data, we cannot guarantee absolute security. Your use of our Services and transmission of Personal Data is at your own risk.

For more details on how we handle and protect your data, please refer to our full Privacy Policy.

You have the following rights as a Data Subject:

• You have the right to request access to your Personal Data or a copy of your Personal Data by contacting us.
• You may request us to rectify, update or complete your missing Personal Data by contacting us.
• In certain circumstances, you may have the right to object to our processing of your Personal Data or request that we restrict processing your Personal Data by contacting us.
• You may request the deletion of your account and associated Personal Data by contacting us. You understand that even after the deletion of your account, we may be required to retain some of your Personal Data on other lawful grounds, including compliance with our legal obligations.
• To the extent the legal basis of our processing of your Personal Data is your consent, you have the right to withdraw your consent at any time. You can opt out of receiving marketing communication from us by clicking the ‘unsubscribe’ link at the bottom of our marketing emails. You can also block the use of our cookies to which you previously consented by accessing your browser settings.
• If you believe that our processing of your Personal Data violates any of your privacy rights, you may also file a complaint against such infringement with your local supervisory authority.

California Online Privacy Protection Act (CalOPPA)
We do not sell your personal data to any third parties. If you reside in the State of California, you have the right to request information regarding the disclosure of your personal data by Oxynote to third parties for direct marketing purposes. If you wish to make a request, please contact us. We will make our best effort to respond to you within 20 business days.

You also have the right to request information about our privacy practices, how we collected your personal data, and with whom we share your personal data. You can obtain most of this information from Sections 4 and 6 of this privacy policy, and for any additional information, you may send us a request.

CalOPPA also requires us to inform our users how we respond to Do Not Track (“DNT”) signals when the user visits our website. Please note that we currently do not respond to DNT signals.


Children’s Online Privacy Protection Act (COPPA)
COPPA puts parents in control of the collection of personal data from children under the age of thirteen. In compliance with the COPPA Rule, we do not knowingly collect any personal data from children under the age of 13. If you are a parent of a child who has submitted any personal data on the website, please contact us, and we will immediately investigate and delete any data relating to minors.

‍
CAN-SPAM Act
In compliance with the CAN-SPAM Act, we agree that:

• If a message we send you is an advertisement, we will identify it in a reasonable way.
• We will enable you to unsubscribe from our emails using the unsubscribe link at the bottom of our email.
• We will honour your decision to opt out of receiving emails from us.
• We will not mislead you by using any misleading subjects or email addresses.
• We will include our business address in our correspondence with you.

From time to time, we may amend this Privacy Policy to reflect our new privacy practices and commitment to compliance with applicable privacy laws and regulations. We will post the updated Privacy Policy on this page and notify you of such updates by changing the last updated date on the top or by sending you an email. You should review this Privacy Policy regularly to ensure that you are familiar with any changes. You understand and accept that your continued use of the Service after the amendments are published will be deemed your tacit acceptance of any updated privacy practices.

The Service may contain links to third-party sites that are not owned or operated by us. Should you decide to click on any such third-party links, you will be directed to such a third-party website. These third-party websites are governed by their own legal agreements and policies. We encourage our users to review third-party legal agreements before using their services. The presence of any third-party links on our Website or Platform does not constitute an endorsement or recommendation of such a third party, and we cannot be held responsible for such a third party’s actions.