PRIVACY POLICY

1. INFORMATION WE COLLECT

Information You Provide

• Account Data: Email address, username, pattern (6-character identifier with colors), password (hashed, never stored in plain text)
• Profile Information: Display name, bio lines, location, profile picture, category tags
• Content: Modules you create (links, text, images, embeds), Pattern Chain selections, Pulses you post
• Payment Information: Processed by Stripe; we store only transaction IDs and subscription status

Automatically Collected

• Analytics: Profile views, unique visitors, click-through rates, module interactions
• Fire System Data: Fire status calculations, torch giving/receiving, streak tracking
• Technical Data: IP addresses, browser type, device information, referrer URLs
• Pattern Chain Activity: Position assignments, mutual connections, relationship milestones

2. HOW WE USE YOUR INFORMATION

• Platform Functionality: Authentication, profile display, module rendering, grid management
• Social Features: Fire status calculation, Pattern Chain connections, discovery algorithm, torch system
• Analytics: Individual and aggregate metrics, platform performance, fire heat maps
• Communications: Transactional emails (password resets, invites, subscription confirmations), optional notifications
• Payments: Process subscriptions, marketplace purchases, creator payouts
• Security: Fraud prevention, abuse detection, rate limiting
• Improvement: Bug fixes, feature development, user experience optimization

3. INFORMATION SHARING & VISIBILITY

Public by Default

Your profile is visible to everyone unless you change visibility settings:

• Pattern and display name
• Profile picture and bio
• Modules you create
• Fire status and streak
• Profile views count
• Active Pulses

Members-Only Features

Visible only to authenticated O××OO× users:

• Pattern Chain (The Six)
• Torch history
• Detailed analytics
• Achievement badges

Private Information

Never publicly visible:

• Email address
• Password
• Payment details
• IP addresses
• Account settings

Third-Party Services

• Stripe: Payment processing (see Stripe Privacy Policy)
• AWS SES: Email delivery (see AWS Privacy Notice)
• CDN/Hosting: Static file delivery, performance optimization

We never sell your data.

4. YOUR PRIVACY CONTROLS

Profile Visibility

Choose from three modes:

• Public: Profile visible to everyone
• Members Only: Only authenticated users see social features
• Ghost Mode: Anonymous browsing, minimal profile exposure

Pattern Chain Privacy

• Control who can add you to their Pattern Chain
• Approve position assignments (optional)
• Hide your Pattern Chain from others

Fire Suppression

Reduce unwanted attention by suppressing fire visibility while maintaining functionality.

5. YOUR RIGHTS

Access & Download

• View all data associated with your account
• Download your profile data (JSON export)
• Export your modules and Pattern Chain history

Modification & Deletion

• Edit profile information anytime
• Delete modules, Pulses, or Pattern Chain entries
• Delete your entire account

Account Deletion

When you delete your account:

• Profile and content removed immediately from public view
• 30-day grace period for recovery
• Permanent deletion after 30 days
• Some data retained for legal/security purposes (transaction records, abuse reports)

EU Users (GDPR Rights)

If you're in the European Union, you have additional rights:

• Right to rectification (correct inaccurate data)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Contact privacy@oxxoox.com to exercise these rights.

6. DATA SECURITY

We implement industry-standard security measures:

• Encryption: HTTPS for all connections, encrypted database backups
• Password Protection: PBKDF2 hashing (Django default), no plain text storage
• Access Controls: Role-based permissions, admin audit logs
• Regular Backups: Daily automated backups, disaster recovery plan
• No Card Storage: Payment data handled exclusively by Stripe (PCI DSS compliant)
• Rate Limiting: Protection against brute force attacks
• Security Updates: Regular patching of dependencies and infrastructure

While we take security seriously, no system is 100% secure. Report vulnerabilities to security@oxxoox.com.

7. DATA RETENTION

• Active Accounts: Data stored indefinitely while account is active
• Deleted Accounts: 30-day grace period, then permanent deletion
• Analytics Data: Individual metrics retained for 90 days, then anonymized and aggregated
• Transaction Records: Retained for 7 years for tax/legal compliance
• Abuse Reports: Retained for platform safety and legal requirements
• Backup Archives: Rotated every 30 days

8. COOKIES & TRACKING

Essential Cookies

Required for platform functionality (cannot opt out):

• Session Cookie: Authentication, maintains logged-in state
• CSRF Token: Security protection against cross-site attacks

Optional Cookies

Can be disabled in settings:

• Analytics: Aggregate usage statistics, no personal identification
• Preferences: Remember visibility settings, theme choices

Third-Party Cookies

• Stripe: Payment processing cookies (see Stripe's cookie policy)

No Advertising Trackers: We do not use Google Analytics, Facebook Pixel, or similar tracking tools.

9. AGE REQUIREMENTS

You must be 18 years or older to use O××OO×.

We do not knowingly collect information from anyone under 18. If we discover underage usage, we will:

• Immediately delete the account and associated data
• Contact the email on file (if possible)
• Block future registration from that email

Parents: Report underage accounts to abuse@oxxoox.com.

10. INTERNATIONAL USERS

Data Location

Our servers are located in [specify region, e.g., United States]. By using O××OO×, you consent to data transfer and processing in this location.

EU Users

We comply with GDPR. Legal basis for processing:

• Contract: Providing the service you signed up for
• Consent: Optional features (analytics, notifications)
• Legitimate Interest: Platform improvement, fraud prevention

California Users (CCPA)

California residents have additional rights:

• Know what personal information we collect
• Know whether we sell personal information (we don't)
• Opt out of sale (not applicable)
• Request deletion
• Non-discrimination for exercising rights

11. CHANGES TO THIS POLICY

We may update this policy to reflect:

• New features or functionality
• Legal or regulatory changes
• Security improvements

Notification Process

• Minor Changes: Updated on this page with new effective date
• Material Changes: Email notification to all users 30 days before effective date

Continued use after changes constitutes acceptance. If you disagree, delete your account before the effective date.

Policy History: View previous versions

12. CONTACT INFORMATION

Questions, concerns, or rights requests:

• General Privacy Inquiries: privacy@oxxoox.com
• Data Deletion Requests: privacy@oxxoox.com
• Security Issues: security@oxxoox.com
• Abuse Reports: abuse@oxxoox.com

Mailing Address:
O××OO× Platform
Des Moines, IA