Skip to content
Oxrion

Legal

Privacy Policy

Last updated: June 2026

1. Overview

This policy describes how Oxrion ("we", "us", "our") collects, uses, and shares information when you use our services. We aim to collect the minimum information needed to operate the Service, process payments, and provide support.

2. Data we collect

2.1 Account data

Email address, hashed password, name (optional), and billing details. Payment card details are handled entirely by Lemon Squeezy — we never store or see your card information.

2.2 Usage data

Files protected, API requests, dashboard interactions, IP address, and browser type. Used for enforcing quotas, debugging, and detecting abuse.

2.3 Uploaded files (Oxrion Cloud)

PHP files you upload are processed to produce protected output. Source content is processed in memory and stored encrypted at rest where retention applies; it is never written to disk in plaintext. We do not read or use your source code except as necessary to perform the protection you requested.

3. How we use it

  • To provide and operate the Service.
  • To process payments and prevent fraud (via Lemon Squeezy).
  • To respond to support requests.
  • To send essential service emails (security alerts, billing notices).
  • To protect the Service from abuse, including bot protection.
  • To improve the Service through aggregated, non-identifying analytics.

4. Cookies

We use a minimal set of cookies: a session cookie for the dashboard, a CSRF token for security, and a theme preference. We do not use advertising or cross-site tracking cookies.

5. Third parties

We share data only with service providers necessary to operate the Service. Each operates under its own privacy policy.

  • Lemon Squeezy — payment processing, billing, and tax handling (Merchant of Record).
  • Google reCAPTCHA — bot and abuse protection. Processes IP address and interaction signals, subject to Google's Privacy Policy.
  • Railway — hosting of our application and database.
  • Vercel — hosting of our marketing website.
  • Crisp — live chat support.

We do not sell your personal information to anyone.

6. Where your data is stored

Your account and usage data are stored on infrastructure provided by Railway, and our website is served via Vercel. These providers may process data in data centers located in various regions. Where data is transferred internationally, we rely on the safeguards offered by these providers (such as standard contractual clauses) to protect your information.

7. Data retention

  • Account data is retained for the lifetime of your account, plus up to 90 days after deletion for backup purposes.
  • Usage logs are kept for up to 12 months.
  • Encrypted files follow the file lifetime defined by your plan.

8. Security & breach notification

We use industry-standard measures to protect your data, including encryption in transit and at rest where applicable, hashed passwords, and access controls. No method of transmission or storage is completely secure, but we work to protect your information.

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authorities as required by applicable law.

9. Your rights

You can request access to, correction of, or deletion of your personal data by emailing support@oxrion.com. We respond within 30 days. Depending on your location, you may have additional rights described below.

10. GDPR (EU/EEA residents)

Under the GDPR, you have rights to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal bases for processing are contractual necessity (operating the Service) and legitimate interest (security and fraud prevention). You also have the right to lodge a complaint with your local data protection authority.

11. KVKK (Türkiye residents)

Under Türkiye's Personal Data Protection Law No. 6698 ("KVKK"), you have the right to learn whether your personal data is processed, request information about such processing, request correction or deletion, and object to outcomes resulting from automated analysis. Personal data is processed based on the legal grounds set out in the KVKK, including the necessity of processing for the performance of a contract and our legitimate interests. You may exercise your rights by contacting us at support@oxrion.com.

12. CCPA (California residents)

Under the CCPA, you have rights to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.

13. Contact

Privacy inquiries: support@oxrion.com.