Privacy Policy
Effective date: 9/27/2025
This Privacy Policy explains how OXVO ("OXVO", "we", "us", or "our") collects, uses, discloses, and protects personal data when you visit our website, create an account, use our applications, APIs, and related services (collectively, the "Service"). It also explains your privacy rights and how to exercise them.
If you do not agree with this Privacy Policy, do not use the Service.
1. Who we are
OXVO is a SaaS platform that provides customer support and engagement tools, automation and workflows, reporting and analytics, and optional session replay and co-browsing capabilities, including AI-enabled features.
Controller. For purposes of applicable data protection laws, OXVO is the "controller" for personal data we process about website visitors, prospective customers, and customer account users (such as administrators and agents) when we process that data for our own business purposes (e.g., operating our website, billing, marketing, and security).
Processor. When our customers use OXVO to process personal data about their own end users (e.g., visitors, customers, or prospects who interact with a customer's website/app), OXVO generally acts as a "processor" (or "service provider") on behalf of that customer. In those cases, the customer is responsible for determining lawful bases and providing required notices and consents.
Contact. If you have questions about this Privacy Policy or want to exercise your rights, contact us at: privacy@oxvo.com. Postal address: [insert address].
2. Scope
This Privacy Policy applies when you:
visit our website, marketing pages, documentation pages, or other pages that link to this Privacy Policy (the "Site");
create an account, sign in, or use the Service as a customer user (e.g., admin/agent);
communicate with us (e.g., support, sales, partnerships);
receive marketing communications from us; or
interact with OXVO features embedded or deployed by our customers (where we process data on the customer’s behalf).
If you are an end user interacting with a customer using OXVO (for example, chatting with support, being recorded via session replay, or co-browsing), the customer’s privacy policy will also apply. If you have questions about how a customer uses OXVO, contact that customer directly.
3. Personal data we collect
The personal data we collect depends on how you interact with OXVO. We may collect data in the following categories:
3.1 Data you provide to us
Account and profile data: name, email address, password (hashed), profile photo/avatar (optional), company name, role, and preferences.
Support and communications: the content of messages you send to us, including support tickets, chat messages, emails, feedback, and attachments you choose to share.
Billing and transaction data: plan details, invoices, billing address, and payment status. Payment card details are typically processed by our payment processor(s) and are not stored by OXVO unless explicitly stated.
Sales/marketing data: information you submit through forms (e.g., demos, contact requests), event registrations, or surveys.
3.2 Data collected automatically
Device and technical data: IP address, browser type, device identifiers, operating system, language, time zone, and similar device metadata.
Usage data: pages viewed, features used, clicks, timestamps, referring URLs, and diagnostic/performance logs.
Cookie and tracking data: cookie IDs, pixels, SDK events, and similar technologies described in the Cookies section below.
3.3 Data processed on behalf of customers (customer content)
When customers use OXVO, we may process personal data under their instructions, which may include:
Conversation and support content: messages, tickets, contact records, attachments, and knowledge base content configured by the customer.
Session and analytics data (if enabled by the customer): event streams (e.g., clicks, navigation), technical diagnostics (e.g., console errors), and metadata such as timestamps, device type, browser, approximate location inferred from IP, and session identifiers.
Co-browsing data (if enabled by the customer): shared page view context and interaction cues needed to support real-time assistance.
Important: Session replay and co-browsing can capture what users do on a customer’s site/app. Customers are responsible for configuring masking/redaction and for providing legally required notices and obtaining consent where required.
3.4 Sensitive data
OXVO is not designed to collect sensitive personal data (such as government ID numbers, health data, precise location, biometric data, or full payment card details). Customers and users should not submit sensitive data to the Service unless explicitly agreed and configured with appropriate safeguards. If sensitive data is submitted, it will be processed as part of the customer content.
4. How we use personal data
We use personal data for the following purposes:
4.1 Provide, operate, and secure the Service
create and manage accounts, authenticate users, and provide core functionality;
process transactions, manage subscriptions, and provide invoices/receipts;
monitor and maintain system performance and reliability;
detect, prevent, and investigate fraud, abuse, and security incidents.
4.2 Support and communications
respond to support requests, troubleshoot, and provide customer care;
send service-related communications (e.g., security notices, changes, outages, billing notices).
4.3 Improve and develop the Service
analyze product usage and trends to improve features and usability;
debug and fix issues using logs, diagnostics, and (where applicable) session replay data in customer environments, under customer instructions;
develop and evaluate new features, including AI-enabled features.
4.4 Marketing and sales
send marketing communications where permitted (and where required, with your consent);
personalize marketing and measure campaign performance;
manage leads, demos, and business relationships.
4.5 Compliance and legal obligations
comply with applicable laws, enforce agreements, and respond to lawful requests;
protect the rights, safety, and property of OXVO, customers, and others.
5. Legal bases for processing (EEA/UK/Switzerland)
If you are located in the EEA, the UK, or Switzerland, we rely on the following legal bases when processing personal data as a controller:
Contract: to provide the Service and perform our agreement with you.
Legitimate interests: to operate and improve the Service, secure our systems, prevent fraud, and market to business contacts, where these interests are not overridden by your rights.
Consent: where required, such as for certain cookies or marketing communications.
Legal obligation: to comply with legal and regulatory requirements.
When we process personal data on behalf of customers (as a processor), the customer is responsible for identifying the appropriate legal basis.
6. AI features
OXVO may offer AI-enabled features (e.g., suggested replies, summaries, classification, routing assistance, analytics insights). These features may process inputs you provide and customer content under customer instructions.
6.1 Inputs and outputs
"Input" means data submitted to AI features (such as text, prompts, or content). "Output" means the generated results. Output may be inaccurate or incomplete. You are responsible for reviewing Output before relying on it or sharing it with end users.
6.2 Use of third-party AI providers
Some AI features may use third-party service providers (including model providers) to generate Output. Where used, we share only what is necessary to provide the AI feature, and we apply contractual and technical safeguards appropriate to the processing. Customers can control certain AI settings and integrations depending on plan and configuration.
6.3 Model training
Unless explicitly stated in your agreement or enabled by your configuration, OXVO does not use customer content to train generalized AI models. We may use aggregated and/or de-identified data (where feasible) to improve product performance and reliability. If we ever introduce optional programs that involve using customer content for training, we will provide clear notice and appropriate controls.
7. How we share personal data
We may share personal data with the following categories of recipients:
7.1 Service providers
We use vendors to help operate the Service (e.g., hosting, storage, analytics, customer support tooling, email delivery, payment processing, security monitoring). These providers process personal data under contractual obligations and only as needed to provide services to us.
7.2 Affiliates
We may share personal data with our corporate affiliates where needed to operate the Service and for internal business purposes, subject to appropriate safeguards.
7.3 Integrations enabled by customers
If a customer enables an integration, we may share data with the third-party service as directed by the customer. The customer is responsible for reviewing the third party’s privacy practices.
7.4 Legal and safety
We may disclose data if we believe disclosure is required by law or necessary to protect rights, safety, and security, investigate fraud, or respond to lawful requests.
7.5 Business transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to standard protections.
7.6 Aggregated or de-identified data
We may share aggregated or de-identified data that cannot reasonably identify you for analytics, benchmarking, and product improvement.
8. Cookies and similar technologies
We use cookies and similar technologies (collectively, "Cookies") to operate and secure the Site and Service, remember preferences, understand usage, and measure marketing performance.
8.1 Types of cookies
Strictly necessary: required for core functionality (e.g., authentication, security).
Preferences: remember settings (e.g., language, UI preferences).
Analytics: help us understand how the Site and Service are used.
Marketing: help measure and personalize marketing where permitted.
8.2 Cookie controls
You can control cookies through your browser settings. If your region requires consent for non-essential cookies, we provide a cookie banner or preference manager where applicable. Disabling cookies may affect the functionality of the Site and Service.
8.3 Do Not Track and Global Privacy Control
Some browsers transmit Do Not Track signals. There is no industry-standard response, and we may not respond to such signals. Where required by law, we will honor browser-based opt-out signals such as Global Privacy Control for applicable activities.
9. Session replay and co-browsing
OXVO may support session replay, analytics, and co-browsing features. These features are optional and are enabled and configured by customers.
9.1 What may be collected
Depending on customer configuration, these features may collect interaction and technical data such as page navigation, clicks, scrolling, form interactions, timestamps, device/browser details, and diagnostic events (e.g., console errors). Co-browsing may enable a support agent to see a customer’s current page context to help resolve issues.
9.2 Masking and consent
Customers are responsible for configuring masking/redaction features, deciding what data is captured, and for providing legally required disclosures and obtaining consent where required (for example, for session replay or co-browsing in certain jurisdictions).
10. Data retention
We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
Retention periods vary based on the type of data, customer configuration, plan, and legal requirements. Some data may remain in backups for a limited period. Customers can delete or export certain customer content through Service controls where available.
11. Security
We implement commercially reasonable technical and organizational measures designed to protect personal data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. International data transfers
OXVO may process and store personal data in countries other than where you live. Where required, we use appropriate safeguards for cross-border transfers, such as standard contractual clauses or other lawful transfer mechanisms.
13. Your privacy rights
Depending on your location, you may have rights such as access, correction, deletion, restriction, objection, and data portability. You may also have the right to withdraw consent where processing is based on consent.
To exercise your rights, contact us at privacy@oxvo.com. We may need to verify your identity before responding.
13.1 EEA/UK/Switzerland
You may lodge a complaint with your local data protection authority.
13.2 California and certain US states
If applicable, you may have rights to know/access, delete, correct, and opt out of certain data sharing for targeted advertising. We do not sell personal information for money. If we engage in data sharing that is considered "sharing" under applicable law (e.g., for targeted advertising), we provide opt-out mechanisms where required.
Authorized agents may submit requests where permitted by law, subject to verification.
14. Children’s privacy
The Service is not intended for children under 16 (or a higher age where required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps.
15. Third-party websites and services
The Site and Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies, and we are not responsible for them.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will update the effective date at the top of the page and may provide additional notice if changes are material. Your continued use of the Service after the update means you accept the updated Privacy Policy.
17. Contact
If you have questions about privacy or want to exercise your rights, contact:
Privacy: privacy@oxvo.com
Address: [insert postal address]