Privacy Policy

Last Updated: 26.11.2025

1. Data Controller

OCENOX LTD
82 The Circle, Manly
Whangaparaoa, 0930
New Zealand

Company Number: 9317907
NZBN: 9429052607493

Email: support@ocenox.com
Website: www.ocenox.com

2. Data Collected

We collect and store the following data:

  • Email address (for login and communication)
  • Name (optional, only during registration)
  • OKR content (Objectives, Key Results, comments)
  • Usage statistics and technical data

3. Purpose of Data Processing

Your data is processed for the following purposes:

  • Provision and operation of the OKR tool
  • Authentication and access management
  • Creation of usage statistics
  • Service improvement and development of new features

4. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds under Art. 6 GDPR:

  • Art. 6(1)(b) GDPR (Contract Performance): Provision of the OKR tool, user authentication, storage of your OKR data
  • Art. 6(1)(a) GDPR (Consent): Contact for marketing and information purposes (upon agreement to terms of use)
  • Art. 6(1)(f) GDPR (Legitimate Interests): Protection against abuse (rate limiting, login logging), technical troubleshooting

5. Storage Duration

Your data is stored as follows:

  • Account data (email, name): Until you delete your account
  • OKR data: Until deletion of the respective OKR set or your account
  • Login tokens: 30 days after creation or last use
  • Login logs: 90 days (for abuse detection)

6. Data Storage Location

Your data is stored on servers in Finland (HEL1-DC4). OCENOX Ltd is a New Zealand company; the servers are located in the European Union (Finland) and are therefore subject to GDPR.

7. Data Security

We employ technical and organizational security measures to protect your data. However, we cannot guarantee absolute security. Users are responsible for backing up their own data.

8. Your Rights under GDPR

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

9. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. Since our servers are in the EU (Finland), you can contact the Finnish Data Protection Authority or the supervisory authority responsible for your place of residence.

10. Deletion of Your Data

You can delete your account and all associated data at any time at: https://okr.ocenox.com/modules/auth/delete-account.php. After deletion, all your personal data will be irrevocably removed.

11. Data Processing Agreement (DPA) for Businesses

If you use the OKR tool within your organization and process personal data of your employees, a Data Processing Agreement (DPA) according to Art. 28 GDPR may be required. We will gladly provide you with a DPA upon request. Please contact us at: support@ocenox.com

12. Contact

For requests to exercise your GDPR rights or data protection questions, please contact: support@ocenox.com

13. Changes to Privacy Policy

We reserve the right to amend this privacy policy to reflect changes in law or changes to our service. Users will be informed of significant changes via email.

Back