Privacy & Data Protection Policy
Last Updated: June 18, 2026
This Privacy & Data Protection Policy explains how Ombrezga LLC, a Wyoming limited liability company operating the Oxezga brand and website ("Ombrezga", "Oxezga", "Company", "we", "us", or "our"), collects, uses, discloses, stores, and protects personal information in connection with oxezga.com and our B2B services.
Our services are directed to businesses, founders, professionals, and authorized representatives worldwide. We do not intentionally offer services to children or to users acting primarily for personal, household, or consumer purposes.
1. Controller & Contact Information
For personal information collected through oxezga.com and our direct B2B service intake, Ombrezga LLC is the data controller or business responsible for determining the purposes and means of processing, except where we process data strictly on behalf of a client under a separate written agreement.
Company Name: Ombrezga LLC
Brand / Website: Oxezga, oxezga.com
Registered Address: 30 N Gould St, Ste R, Sheridan, WY 82801, USA
Privacy Contact: info@ombrezga.com
2. Personal Information We Collect
We collect only the information reasonably needed to operate the website, evaluate leads, provide B2B services, communicate with you, secure our systems, and comply with legal obligations.
- Business contact data: name, company, role, corporate email, phone number, website, country, and communication preferences.
- Lead and project data: selected services, budget ranges, goals, project details, questionnaire answers, URLs, business context, requested timelines, and files or materials you choose to provide.
- Booking and communication data: meeting details, calendar metadata, email content, call notes, support messages, and inquiry history.
- Chatbot data: messages you send to the Ox AI assistant and related technical metadata needed to provide a response and protect the service.
- Technical and usage data: IP address, device type, browser, pages viewed, approximate location inferred from technical data, timestamps, referrer, cookie choices, and website interaction data.
- Client account data: platform access, permissions, account IDs, campaign information, pixels, analytics, audiences, and other materials provided for service delivery, only where relevant to the project.
- Billing and business records: invoice data, payment status, transaction references, tax or accounting records, and contract/order history. We do not ask you to send full payment card numbers through website forms or chatbot messages.
Please do not submit unnecessary sensitive information, passwords, government identifiers, health information, payment card numbers, or confidential personal data through the website, chatbot, or ordinary email unless we specifically request it through an appropriate secure channel.
3. Sources of Information
We collect information directly from you when you submit forms, use the chatbot, book a call, answer a questionnaire, email us, or engage our services. We may also receive information from your authorized team members, business partners, public business sources, analytics tools, CRM systems, calendar providers, ad platforms, and service providers used to operate the website.
4. Purposes & Legal Bases
Where GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases depending on context:
- Contract / pre-contract steps: to respond to inquiries, prepare proposals, provide services, manage projects, process business records, and communicate with clients.
- Legitimate interests: to operate and secure the website, prevent abuse, improve services, manage B2B leads, maintain business records, enforce terms, and communicate with business contacts, provided those interests are not overridden by applicable privacy rights.
- Consent: for non-essential cookies, analytics where consent is required, optional marketing communications, and any other processing where we ask for consent.
- Legal obligations: to comply with tax, accounting, corporate, regulatory, sanctions, security, dispute, and recordkeeping obligations.
5. How We Use Information
- to evaluate whether our services are a fit for your business;
- to create and manage leads, questionnaires, proposals, invoices, projects, campaigns, automations, and client communications;
- to operate the chatbot, booking flow, website forms, cookie preferences, analytics, and security controls;
- to provide, maintain, troubleshoot, personalize, and improve the website and services;
- to detect spam, fraud, abuse, unauthorized access, and other security incidents;
- to comply with law, enforce agreements, resolve disputes, and protect rights; and
- to send B2B service updates, administrative messages, and marketing communications where permitted by law or consented to by you.
6. Cookies, Local Storage & Analytics
We use essential cookies or local storage for site operation, cookie preference storage, questionnaire flow continuity, and security. These are necessary for the website to function properly.
Google Analytics and similar non-essential analytics are intended to load only after you accept analytics cookies through the cookie banner. If you decline, analytics scripts are not intentionally loaded by our website. You can reopen cookie settings from the floating cookie settings button.
Third-party embedded services, such as Cal.com booking, may use their own cookies or similar technologies under their own policies when you interact with them.
7. AI Chatbot & Automated Processing
The Ox chatbot is an AI-powered assistant designed to answer questions about Oxezga and route visitors to relevant services or contact options. It is not a human agent and does not provide legal, financial, medical, or other regulated professional advice.
Chat messages may be processed by our infrastructure provider and AI provider to generate a response, protect against abuse, and maintain service reliability. Do not submit passwords, secrets, payment details, confidential client data, or sensitive personal information into the chatbot.
We do not use the chatbot to make decisions that produce legal or similarly significant effects about you without human involvement.
8. Service Providers & Subprocessors
We use trusted service providers to operate our website and services. They may process information on our behalf or as independent controllers depending on their role and terms.
- Cloudflare Inc. - infrastructure, security, API routing, rate limiting, and edge processing. Privacy Policy
- Zoho CRM / Zoho Corporation - CRM, lead management, and client records. Privacy Policy
- EmailJS - server-side email notifications for lead and questionnaire alerts. Privacy Policy
- Groq Inc. - AI model/API processing for chatbot responses. Privacy Policy
- Cal.com - appointment booking and scheduling. Privacy Policy
- Google Analytics - website analytics after cookie acceptance where applicable. Privacy Policy
- Hosting, email, accounting, legal, security, and operations providers - used as reasonably necessary to run the business and comply with obligations.
9. International Data Transfers
Ombrezga LLC is based in the United States, and our providers may process information in the United States, the European Economic Area, the United Kingdom, and other countries. These countries may have data protection laws different from those in your location.
Where required for transfers from the EEA, UK, Switzerland, or similar jurisdictions, we rely on appropriate safeguards such as Standard Contractual Clauses, UK transfer mechanisms, provider data processing terms, adequacy decisions, or other lawful transfer mechanisms available under applicable law.
10. Data Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.
- Lead and questionnaire data: retained while evaluating, providing, or following up on B2B services, and then as needed for business records, disputes, legal, tax, and accounting purposes.
- Client and project records: retained for the duration of the relationship and for a reasonable period afterward to support continuity, legal defense, tax/accounting, and service history.
- Cookie choices: retained as needed to remember your preference.
- Temporary session tokens: used to connect application/questionnaire flow and designed to expire automatically; they are not intended to expose personal data in URLs.
- Security logs: retained for a limited period reasonably needed to detect abuse, investigate incidents, and protect systems.
11. Security Measures
We use technical and organizational measures designed to protect information, including HTTPS/TLS, server-side API routing, Cloudflare security controls, restricted secret management, access controls, least-privilege practices, rate limiting, and separation of public website code from private API credentials.
No method of transmission or storage is 100% secure. You are responsible for using secure passwords, limiting access to accounts you share with us, and notifying us promptly if you believe information or account access has been compromised.
12. Your Privacy Rights
Depending on your location and applicable law, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about how your personal information is processed. You may also have the right to lodge a complaint with a data protection authority.
To exercise rights, contact info@ombrezga.com. We may need to verify your identity and authority before fulfilling a request. We will respond within the timeframe required by applicable law. Some requests may be limited by legal obligations, security needs, contractual records, dispute records, or rights of other persons.
13. U.S. State Privacy Notices
Some U.S. state privacy laws provide residents with rights regarding personal information. Because Oxezga is a B2B-focused business, certain consumer privacy laws may apply only if legal thresholds are met. Where applicable, we honor legally required rights, including access, correction, deletion, portability, opt-out rights, and non-discrimination for exercising privacy rights.
We do not sell personal information for money. We do not knowingly sell or share personal information of minors. If our use of analytics or advertising technologies is considered "sharing", "targeted advertising", or similar under an applicable law, you may control non-essential cookies through the cookie banner/settings and may contact us to submit a rights request.
14. Canada, Brazil & Other Regions
Where PIPEDA, Quebec Law 25, Brazil's LGPD, UK GDPR, Swiss law, or similar privacy laws apply, we process personal information in line with the rights and obligations required by those laws, including transparency, purpose limitation, security, access/correction rights, deletion or anonymization where applicable, and the right to withdraw consent where processing is based on consent.
15. Children's Privacy
Our website and services are intended for businesses and professionals. We do not knowingly collect personal information from children under 16. If we learn that a child has provided personal information, we will take reasonable steps to delete it.
16. Client-Provided Data
If you provide customer lists, audience data, analytics, pixels, CRM records, advertising data, or other personal information relating to third parties, you represent that you have all notices, consents, rights, permissions, and legal bases required to provide that information to us and to instruct us to process it for the services.
17. Changes to This Policy
We may update this Policy from time to time. The updated version will be posted on this page with a new "Last Updated" date. Material changes may be communicated through the website or another reasonable method where required by law.
18. Contact Us
For privacy requests, questions, or concerns, contact:
Email: info@ombrezga.com
Mailing Address: Ombrezga LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA