Privacy Policy

1. Who we are

ODOpt is operated by Oosthuizen Consulting. References to "we", "us", or "our" in this policy refer to Oosthuizen Consulting. References to "you" refer to any person accessing or using the ODOpt service at odopt.uk.

For privacy-related enquiries, please use the contact form at odopt.uk/contact.

2. Data we collect and why

Account data. When you create an account, we collect your email address and a hashed password via Firebase Authentication (Google). This is used solely to identify your account and enable login.

Usage data. If you accept analytics cookies, we collect anonymised usage data (pages visited, features used, session duration) via analytics software. This helps us understand how the product is used and where to improve it. No personally identifiable information is included in analytics data.

AI assistant interactions. When you use Ask ODO, your message and the computed plan outputs in your current session are sent to a cloud function proxy, which forwards them to a third-party AI provider (Anthropic) to generate a response. These messages are not stored by us beyond the duration of your session. Please refer to Anthropic's privacy policy for how they handle API request data.

Plan inputs and scenario data. Retirement plan inputs, scenario configurations, and simulation results are stored in your browser's localStorage. They are not transmitted to or stored on our servers unless you explicitly use a save or sync feature.

Payment data. Subscription payments are processed by a third-party payment provider. We do not receive or store your payment card details.

3. Cookies and local storage

We use browser localStorage for essential functions including saving your plan inputs, theme preference, and consent choices. This data stays on your device.

Optional analytics cookies may be set if you accept them. You can manage your cookie preferences at any time via the Cookie Preferences page.

We do not use marketing cookies or advertising trackers.

4. Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

• Contract — account data is processed to provide the service you have signed up for.
• Legitimate interests — anonymised analytics help us improve the product without identifying individual users.
• Consent — optional analytics cookies are only set with your explicit consent.

5. Third-party services

We use the following third-party services in the operation of ODOpt:

• Firebase (Google) — authentication and hosting.
• Anthropic — AI language model powering the Ask ODO assistant.
• Payment provider — subscription billing and payment processing.

Each provider operates under its own privacy policy and data processing terms. We have data processing agreements in place where required.

6. Data retention

Account data is retained for as long as your account is active. If you close your account, we will delete your account data within 30 days, except where retention is required by law.

Plan data stored in localStorage is under your control and can be cleared via your browser settings at any time.

7. Your rights

Under UK GDPR you have the right to access, correct, or delete the personal data we hold about you. You also have the right to object to or restrict certain processing, and to data portability where applicable.

To exercise any of these rights, please contact us via the contact page. We will respond within 30 days.

8. Changes to this policy

We may update this policy from time to time. We will indicate the date of the most recent revision at the top of this page. Continued use of the service after a material change constitutes acceptance of the updated policy.