Ozi Agency builds tools that handle the work you'd rather not. Some of
that work involves data — your data, your team's, sometimes your
customers'. This document explains exactly what we collect, why, where
it goes, and what you can do about it.
01. Who we are
"Ozi Agency" (referred to as "Ozi", "we",
"us", or "our") is an efficiency company
based in Aruba that designs and operates AI-powered systems for business
clients. Our principal place of operation is Aruba, Caribbean Netherlands.
You can reach us at dennis@oziagency.com
for any matter relating to this Policy.
02. What this Policy covers
This Policy applies to two distinct contexts:
- Our website — the marketing site at oziagency.com and any subdomains we operate as part of it.
- Our applications and services — the AI assistants, automated reporting tools, and lead-generation systems we build, deploy, and operate for or on behalf of our clients (collectively, the "Services").
Where a section applies to only one of these contexts, we'll say so.
Where a section applies to both, it does.
03. Information we collect
From the website
- Contact information you give us — name, email, company, message — when you submit a contact form or email us directly.
- Technical information — IP address, browser type, device type, pages visited, referring URL, and approximate location — collected automatically through standard server logs.
- Cookies — we use essential cookies only. We do not run third-party advertising or analytics trackers on our marketing site by default. If this changes, we will update this Policy and notify visitors.
From the Services
- Account information — name, email, role, and access permissions for users authorized to use a Service we deploy.
- Operational data — the documents, prompts, responses, and outputs generated through the Service while you or your team are using it.
- Connected-service data — when a Service is connected to a third-party platform (for example, Google Workspace, see Section 06), we access only the specific data permitted by the scopes you authorize.
- Usage logs — timestamps, action records, and error logs needed to operate, maintain, and improve the Service.
04. How we use it
We use the information described above only for the following purposes:
- To respond to your inquiry, prepare a proposal, or carry out a contracted engagement.
- To operate, maintain, debug, and improve the Services we have built for you.
- To generate the outputs you've explicitly asked the Service to produce (reports, replies, summaries, etc.).
- To comply with legal obligations and protect against fraud or abuse.
We do not sell your data. We do not share it with advertisers. We do not
train general-purpose AI models on your data. We do not use one client's
data to improve a Service we deliver to another client.
05. Where it goes — third-party processors
To deliver our Services we rely on a small number of trusted third-party
providers, each of which operates under their own enterprise privacy and
security terms. As of the effective date of this Policy these are:
- Anthropic, PBC — for large-language-model inference. Data sent to Anthropic is not used to train their general models when accessed via the API.
- Google LLC — for connected-services data (Sheets, Drive, Gmail) where the client has authorized it. Governed by Google's terms and the additional safeguards in Section 06.
- n8n GmbH — workflow orchestration software running on infrastructure we control.
- Hostinger International Ltd. — VPS hosting for our infrastructure.
We update this list as our stack evolves. If we add a sub-processor that
handles client data, we update this Policy.
06. Google APIs — application-specific notice
Some of our Services integrate with Google Workspace through Google's
official APIs. When you authorize such a Service to access your Google
account, we request only the minimum scopes required for the function
you have asked us to perform. The current list of scopes we may request,
and the use we make of each, is:
Sheets
Reading from and writing to specific spreadsheets the user has identified, in order to produce, update, or summarise structured data the user has asked us to handle.
Drive
Reading specific files the user has identified, and writing generated outputs (reports, documents) back to a user-designated folder.
Gmail
Reading messages the user has explicitly directed us to process (for example, leads from a specific inbox label) and sending messages on the user's behalf when the user has configured a workflow to do so.
Ozi's use of Google user data
Ozi's use and transfer of information received from Google APIs to any
other app will adhere to the Google API Services User Data Policy,
including the Limited Use requirements.
Specifically, this means we:
- Use Google user data only to provide or improve user-facing features of the specific Service the user authorized.
- Do not transfer Google user data to third parties except as necessary to provide the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- Do not use Google user data for advertising purposes.
- Do not allow humans to read Google user data unless we have the user's specific consent, the data is necessary for security purposes, the data is required by law, or the data is aggregated and used for internal operations.
07. How long we keep it
We keep data only as long as it remains useful for the purpose we
collected it for, or as long as a contract, tax requirement, or other
legal obligation requires us to.
- Marketing inquiries — kept for up to 24 months after our last meaningful contact.
- Active client operational data — kept for the life of the engagement, plus the contractually agreed handover and retention window.
- Backups and logs — rotated and erased on a rolling schedule, typically within 90 days.
- Records we are required to keep by law (such as tax records under Aruban law) — kept for the period required by the relevant statute.
When data is no longer needed, we delete it or anonymize it beyond
practical recovery.
08. Security
We apply commercially reasonable safeguards to protect the data we hold:
encryption in transit (TLS), encryption at rest where supported by the
underlying provider, access controls limited to authorized members of
our team, and ongoing monitoring of our infrastructure. No system is
perfectly secure. If we ever experience a breach affecting your data,
we will notify affected clients without undue delay and explain what
happened and what we are doing about it.
09. Your rights
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct data that is inaccurate or incomplete.
- Deletion — ask us to delete your data, subject to any legal obligation that requires us to retain it.
- Revoke authorization — revoke Google OAuth or other third-party authorizations at any time, either through the third party directly (e.g. Google account permissions) or by contacting us.
- Object or restrict — object to certain processing or ask us to restrict it.
- Portability — receive a copy of the data you have provided in a structured, machine-readable format.
To exercise any of these rights, email
dennis@oziagency.com. We will respond
within thirty days. If we cannot fulfil a request for legal reasons, we
will tell you why.
10. Children
Our Services are not directed to children under sixteen. We do not
knowingly collect personal data from children. If you believe a child
has provided us with personal data, contact us and we will delete it.
11. International data transfers
Because our infrastructure providers and AI providers may be based
outside Aruba (including in the United States and the European Union),
your data may be transferred to and processed in those jurisdictions.
Where such transfers occur, we rely on the contractual safeguards
offered by the relevant providers and on applicable adequacy decisions
where they exist.
12. Changes to this Policy
We may update this Policy from time to time. The "effective" date at
the top of this page will reflect the most recent revision. Material
changes will be communicated to active clients directly.
13. Contact
Questions, requests, or concerns about privacy can be sent to
dennis@oziagency.com. We treat every
message as a person writing — not a ticket — and reply accordingly.