Logo
Return Back Home

Privacy Policy

This Data Protection Notice (“Notice”) sets out the basis on which OceanURL (“we”, “us”, or “our”) may collect, use, disclose, or otherwise process personal data of our customers in accordance with applicable data protection laws. This Notice applies to personal data in our possession or under our control, including personal data in the possession of third-party organisations that we have engaged to collect, use, disclose, or process personal data on our behalf.

PERSONAL DATA

1. Definitions

For the purposes of this Notice:

  • “customer” refers to an individual who (a) has contacted us through any means to learn more about our platform or services, or (b) may have entered into, or has entered into, an agreement with us for the use of our services.

  • “personal data” refers to data, whether true or not, about a customer who can be identified (a) from that data alone, or (b) from that data and other information to which we have or are likely to have access.

2. Types of personal data we may collect

Depending on how you interact with OceanURL, examples of personal data we may collect include:

  • Name

  • Email address

  • Phone number

  • Residential or business address

  • Account information

  • IP address

  • Browser/user-agent information

  • Payment or billing information (processed through payment providers: Stripe, PayPal, Tap Payments; not stored by OceanURL)

3. Terms and references

Other terms used in this Notice have the meaning given to them under applicable data protection law.

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

4. When we collect personal data

We generally do not collect your personal data unless:

(a) You provide it to us voluntarily, directly or through an authorised representative, after

  • you have been informed of the purposes for which the data is collected, and

  • you have given consent for us to collect and use it;

or

(b) Collection and use without consent is permitted or required by applicable law.

We will request your consent before collecting additional personal data or using your personal data for purposes not previously notified (unless otherwise permitted or required by law).

5. Purposes for which we may collect and use your personal data

We may collect and use your personal data for any or all of the following purposes:

(a) Performing obligations in connection with providing the services you requested;
(b) Verifying your identity and account ownership;
(c) Responding to queries, feedback, support requests, or complaints;
(d) Managing your account and ongoing relationship with us;
(e) Processing subscription payments (via Lemon Squeezy) or other payment transactions;
(f) Complying with applicable laws, regulations, guidelines, and requests from authorities;
(g) Any purpose for which you have provided the information;
(h) Disclosing to third-party service providers — including payment gateways (Stripe, PayPal, Tap Payments), hosting providers, analytics providers, and governmental authorities — for the above purposes;
(i) Any other business-related purposes reasonably connected to the above.

6. Disclosure of personal data

We may disclose your personal data:

(a) Where necessary to fulfil our contractual obligations in providing our services; or
(b) To third-party service providers, agents, partners, or organisations engaged to perform tasks related to the purposes listed above.

7. Continuation of purposes after relationship ends

The purposes stated in this section may continue to apply even after your relationship with us has ended, for a reasonable period, including where required to enforce contractual rights or comply with legal obligations.

RELIANCE ON LEGITIMATE INTERESTS

8. Legitimate interests exception

Where permitted by law, we may collect, use, or disclose your personal data without consent for legitimate interests of OceanURL or another party, provided that such processing does not override your rights or cause undue harm.

9. Purposes under the legitimate interests exception

These include:

(a) Fraud detection and prevention;
(b) Preventing misuse, abuse, or security threats to the platform;
(c) Network and system monitoring to prevent financial crime and ensure operational integrity.

These purposes may continue to apply for a reasonable period even after your relationship with us ends.

WITHDRAWING YOUR CONSENT

10. Requesting withdrawal of consent

Your consent remains valid until withdrawn in writing. You may withdraw your consent for any or all uses of your personal data by sending a written request to our Data Protection Officer (DPO) at the contact details below.

11. Processing your withdrawal request

Once your request is received, we may require a reasonable amount of time to process it and inform you of any potential consequences (including how withdrawal may affect the services provided). We aim to process all withdrawals within twenty (20) business days.

12. Effects of withdrawal

Depending on your request, we may not be able to continue providing certain services. We will notify you if this is the case. You may cancel your withdrawal request at any time by informing us in writing.

13. Limitations

Withdrawal of consent does not affect our right to continue collecting, using, or disclosing personal data where permitted or required by law.

ACCESS TO AND CORRECTION OF PERSONAL DATA

14. Requesting access or correction

You may request:

(a) Access to personal data we hold about you; or
(b) Correction of inaccurate or outdated personal data.

Requests may be submitted in writing to our DPO.

15. Fees

A reasonable fee may be charged for access requests. If applicable, we will notify you before processing the request.

16. Response time frame

We strive to respond within seven (7) business days. If more time is needed, we will inform you within ten (10) days of receiving your request. If a request cannot be fulfilled, we will generally explain the reason (unless restricted by law).

PROTECTION OF PERSONAL DATA

17. Security measures

To safeguard personal data from unauthorised access, disclosure, modification, or loss, we implement appropriate administrative, technical, and physical measures including:

  • Minimisation of collected data

  • Access control and authentication

  • Encryption where appropriate

  • Secure password handling

  • Regular software maintenance and patching

18. Security limitations

While we strive to protect your information, no method of electronic transmission or storage is fully secure. We continuously review and enhance our security practices.

ACCURACY OF PERSONAL DATA

19. Maintaining accuracy

We generally rely on information you or your authorised representative provide. Please notify us in writing if your personal data changes, so we can ensure it remains accurate and complete.

RETENTION OF PERSONAL DATA

20. Retention period

We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by law.

21. Cessation of retention

We will cease to retain (or will anonymise) personal data once it is reasonable to assume retention is no longer required for legal or business purposes.

DATA PROTECTION OFFICER

22. Contact information

You may contact our Data Protection Officer regarding questions, feedback, or requests relating to this Notice:

Email: hello@oceanurl.com
Address: Muscat, Oman

EFFECT OF NOTICE AND CHANGES

23. Relationship to other notices

This Notice applies together with any other applicable terms, notices, or policies relating to the collection and processing of personal data.

24. Updates to this Notice

We may revise this Notice from time to time without prior notice. You may check the “Last updated” date to determine if changes have been made. Your continued use of our services constitutes acceptance of such changes.

Effective date: 21/11/2025
Last updated: 21/11/2025