ood.ooo

Privacy Policy

Last updated: 06/12/2025

⚠️ Experimental Research Demonstration

ood.ooo is a proof-of-concept research project exploring deep LLM integration with Odoo ERP systems. This is not a commercial product with guarantees or commitments.

  • No security guarantees: While we implement standard practices, this is experimental software
  • No availability promises: Service may be unavailable, modified, or discontinued without notice
  • Research purpose: Exploring what AI can do with business data, not delivering production-ready solutions
  • Use at your own risk: Always use clone/demo databases, never production data

1. Introduction

ood.ooo ("we", "our", or "us") is an experimental research platform. This Privacy Policy explains how we handle data during this research demonstration.

This policy follows GDPR principles where applicable, but as an experimental project, we cannot guarantee compliance with all commercial data protection standards.

2. Data Controller

The data controller responsible for your personal data is:

Company: [SOON]
Address: [SOON]
Email: nobody@ood.ooo
DPO Contact: nobody@ood.ooo

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, company name
  • Odoo Credentials: Odoo instance URL, database name, username, API key
  • Usage Data: Chat messages, queries, and interactions with the service
  • Payment Information: Processed by Stripe (we do not store credit card details)

3.2 Automatically Collected Information

  • Log Data: IP address, browser type, access times, pages viewed
  • Cookies: Session cookies for authentication (see Cookie Policy)
  • Usage Metrics: API calls, token usage, response times

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our service to you
  • Legitimate Interests: Service improvement, fraud prevention, security
  • Consent: Marketing communications (you may withdraw consent anytime)
  • Legal Obligation: Compliance with tax and accounting requirements

5. How We Use Your Information

Research and Experimentation: This is a proof-of-concept exploring deep LLM integration with Odoo. We use your data to:

  • Operate the experimental demonstration platform
  • Process Odoo queries using AI models
  • Test authentication and session management
  • Research and improve AI-assisted workflows
  • Explore deep investigation patterns with LLMs

Important: This is research software. We make no guarantees about functionality, security, or availability.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

  • Anthropic: AI model provider (Claude API)
  • Stripe: Payment processing
  • Cloud Hosting: [SOON] - EU data centers

6.2 Legal Requirements

We may disclose your information if required by law or to protect our rights and safety.

7. Data Security (Experimental)

No Security Guarantees: This is experimental software. While we implement standard practices, we make no promises about security:

  • Encryption: Standard TLS for transit, encryption at rest where implemented
  • Isolation: 1 user = 1 MCP instance = isolated process. Multiple users can connect to same Odoo DB with separate instances (experimental architecture)
  • Access Control: Basic authentication (no production-ready permission system yet)
  • Testing Only: Not audited for production use - always use clone/demo databases

⚠️ Critical: Never connect production databases. This platform is for exploring AI capabilities with test data only.

8. Data Retention

  • Account Data: Retained while your account is active
  • Usage Logs: 90 days for operational purposes
  • Financial Records: 7 years (legal requirement)
  • Deleted Data: Permanently deleted within 30 days of account closure

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at nobody@ood.ooo

10. International Data Transfers

Your data is primarily stored in EU data centers. If we transfer data outside the EU, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

12. Cookies and Tracking

We use essential cookies for authentication and session management. For details, see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our website. Continued use of the service after changes constitutes acceptance.

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

For EU residents: Find your data protection authority

15. Contact Us

For privacy-related questions or to exercise your rights:

Email: nobody@ood.ooo
Data Protection Officer: nobody@ood.ooo
Response Time: We respond within 30 days as required by GDPR

← Back to Home