Last updated: 1 June 2026
Privacy Policy
Goexa (oexa.org operator) ("we", "us") operates https://oexa.org. This Privacy Policy explains how we collect, use, and protect personal data.
1. Who is responsible
Controller: Goexa (oexa.org operator), United States — full registered address on request via legal@oexa.org.
Privacy contact: privacy@oexa.org
2. What we collect
- Newsletter: email address, subscription status, confirmation tokens
- Contact form: email, message content (when the form is enabled)
- Admin users: account identifiers, role, activity logs
- Technical data: IP address, browser type, cookies (see below)
- Editorial / AI workflows: prompts, drafts, and generated content you submit in admin tools — avoid unnecessary personal data in prompts
3. Why we use data (legal bases)
- Performance of contract or steps at your request (accounts, services)
- Consent (newsletter, non-essential cookies, certain analytics)
- Legitimate interests (security, improving the Site, aggregated analytics)
- Legal obligations
4. Newsletter
We use double opt-in: after signup you must confirm via email before receiving messages. We send mail through our email provider (e.g. Resend). You can unsubscribe via the link in every email. We retain subscription records until you unsubscribe or we delete your data.
5. Cookies and similar technologies
Essential cookies are required for authentication and basic site operation. Analytics cookies (e.g. Google Analytics 4) help us understand traffic; we load them only if you choose "Accept all" in our cookie banner.
You can change your choice by clearing site data or using the banner when we offer settings. See also browser controls for cookies.
6. Analytics and Search Console
If enabled, Google Analytics 4 and Google Search Console process usage and search performance data under Google's terms. We configure these only for authorized administrators and, where required, after cookie consent.
7. Subprocessors
We use service providers that may process personal data on our behalf, including:
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, storage |
| Hosting provider (VPS) | Application hosting, logs |
| OpenAI / Google (GenAI) | Text and image generation in admin tools |
| Resend | Transactional and newsletter email |
| Google (Analytics, Search Console) | Analytics and search performance |
| Fal.ai (if enabled) | Image generation |
A business DPA is available at our DPA page.
8. International transfers
Data may be processed in the United States and other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses.
9. Retention
We keep data only as long as needed for the purposes above, unless a longer period is required by law. Newsletter data is kept until unsubscribe; logs are rotated per operational policy.
10. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, object, port data, and withdraw consent. Contact privacy@oexa.org. You may lodge a complaint with your local supervisory authority.
11. Children
The Site is not directed at children under 16. We do not knowingly collect their data.
12. Changes
We may update this policy. Check the date at the top of this page.
These pages are template drafts for review by qualified counsel before relying on them for compliance purposes.