Legal
Privacy Policy
Last updated: June 10, 2026
This Privacy Policy explains how Ouranos OS(“we”, “us”, or “our”) collects, uses, shares, and protects personal information when you visit this website, submit a form, or use our platform and services. It also explains the choices and rights available to you, including rights under the Indiana Consumer Data Protection Act (ICDPA).
When we build and operate websites or lead systems for our business clients, we generally process the personal information collected through those systems on the client’s behalf and under their instructions. Those websites carry their own privacy policies; this policy covers our own website and platform.
Information we collect
Information you give us
- Contact details: name, email address, and phone number when you submit our Get Started form or otherwise contact us.
- Business details: company name, trade or industry, and anything you include in a message to us.
- Account information: if you become a client and receive platform access, your login email and role.
Information collected automatically
- IP address: used to rate-limit form submissions and prevent abuse.
- Server logs: standard technical records of requests to our site, kept on a short rolling window by our hosting provider.
- A theme preference stored on your device: kept in your browser’s local storage and never sent to us. We do not set cookies on this website and do not use analytics or advertising trackers. See our Cookie Policy.
Information generated by our systems
- AI-assisted lead notes and scores: when you submit an inquiry, we may use an AI service to help us prioritize and summarize it (for example, a fit score and a short summary). This is used only to decide how quickly and how best to follow up with you. It does not produce legal or similarly significant effects about you, and a person reviews inquiries before any business decision is made.
How we use information
- Respond to your inquiry and communicate with you.
- Provide, operate, and improve our website and platform.
- Prioritize and qualify inbound inquiries (see above).
- Protect against spam, abuse, and security threats.
- Comply with legal obligations and enforce agreements.
We do not sell personal information, and we do not use your personal information for targeted advertising or profiling that produces legal or similarly significant effects.
Who we share information with
We share personal information only with service providers that help us run the business, under contracts that limit how they may use it:
- Netlify: website hosting and delivery.
- Supabase: our database, where inquiries and platform data are stored.
- Resend: email delivery (for example, notifying us of your inquiry).
- Anthropic: AI processing used for inquiry qualification.
- Stripe: payment processing, if you become a paying client. We never see or store full card numbers.
- Twilio: SMS and call features, where a client has enabled them.
We may also disclose information if required by law, to protect our rights or the safety of others, or as part of a business transfer (such as a merger or sale), in which case this policy continues to apply to information collected before the transfer.
SMS consent: SMS opt-in data and consent are not shared with third parties for their marketing purposes.
How long we keep information
- Inquiries: up to 24 months after our last interaction with you, unless you ask us to delete them sooner.
- Client platform data: for the duration of the engagement, then deleted or returned within 90 days of termination.
- SMS and call records (where used): typically 90 days.
- Server logs: short rolling windows set by our hosting provider.
We may keep information longer where required by law (for example, tax and accounting records) or to resolve disputes.
How we protect information
We use industry-standard safeguards: encryption in transit (TLS) and at rest, role-based access controls, database-level row security that isolates each client’s data, and verification of inbound webhooks. No system is perfectly secure, but we design for least privilege and defense in depth.
Your privacy rights
If you are an Indiana resident, the ICDPA gives you the right to:
- Know and access: confirm whether we process your personal data and obtain a copy of it in a portable format.
- Correct: inaccuracies in your personal data.
- Delete: personal data you provided or that we obtained about you.
- Opt out: of the sale of personal data, targeted advertising, and certain profiling. (We do none of these today.)
To exercise any right, email michael.gar236@gmail.com with your request. We will verify the request using the email address associated with your information, respond within 45 days (extendable once by 45 days with notice), and will not discriminate against you for exercising your rights.
Appeals: if we decline a request, you may appeal by replying to our decision; we will respond to appeals within 60 days. If your appeal is denied, you may contact the Indiana Attorney General.
Residents of other states may have similar rights under their own laws; we honor the same process for any verified request.
Children
Our website and services are for businesses and are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
Changes to this policy
We will update this policy as our services evolve and will revise the “Last updated” date above. Material changes will be noted on this page.
Contact us
Privacy questions or requests: michael.gar236@gmail.com. Ouranos OS is based in Indianapolis, Indiana, USA.