Privacy Policy for OBENA

Last updated: 7 May 2026.

OBENA (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use our platform. By accessing or using OBENA, you agree to the practices described in this Privacy Policy.

This Policy applies to the OBENA web platform and any related services that link to or reference it. It does not apply to third-party services, websites, or apps that link to OBENA — those are governed by their own privacy notices.

1. Who we are & how to contact us

“OBENA” is a brand. The legal name of the entity operating the platform and our postal address will appear here and in the Terms of Service once OBENA’s corporate vehicle for operating the platform is finalized.

Controller of your personal information: OBENA. The full legal name of the controller is published alongside OBENA’s other formal disclosures — see Terms of Service §21.
General contact: our contact channel.
Privacy & data-rights requests: our contact channel, marked “Privacy request.”
EU/UK representative & Data Protection Officer (DPO): No Article 27 representative or DPO is designated at this time. If OBENA determines it is required to appoint either under GDPR or UK GDPR, we will publish contact details here and update this Policy accordingly. See international users.

If you cannot use the contact form for accessibility or other reasons, please indicate that in your message, and we will accept alternative reasonable channels of communication.

2. Information we collect

We collect the following types of information to provide and improve our services.

2.1 Information you provide

When you use OBENA, you may provide us with various types of personal information, including:

Account information: When you register, we collect your name, email address, and any other information you choose to provide.
Profile information: You may choose to add additional details to your user profile, such as a biography or profile picture.
Content submissions: Any posts, comments, or other content you share on the platform.
Communication information: Information you provide when contacting us, requesting support, or participating in surveys.

2.2 Information we collect automatically

When you use OBENA, we may collect certain information automatically, including:

Usage data: Information about your interactions with the platform, such as pages visited, features used, and time spent on the site.
Device information: Data about the device you use to access OBENA, including operating system, browser type, language settings, and IP address.
Cookies & similar technologies: We use cookies, local storage, and similar technologies. See Section 8 (Cookies & similar technologies) for details, including categories, purposes, and durations.

2.3 Information from third parties

We may receive information from third parties, such as social-media platforms, identity providers, or analytics services, if you choose to connect your accounts or interact with us through those services. The information we receive is governed by the privacy notices of those services and your settings with them.

3. Categories of personal information & purposes

The table below summarizes the categories of personal information we collect and the purposes we use them for. We use these categories instead of providing a complete list of every data point because the regulator-defined categories below are well understood and easy to map to your rights under U.S. state privacy laws.

Category (CCPA/CPRA framing)	Examples	Why we collect it
Identifiers	Name, email, account ID, IP address	Provide the service, authenticate you, secure accounts
Customer-records information	Profile details you provide	Display your profile, enable participation
Internet or other electronic network activity	Pages visited, features used, referring URLs, device/browser info	Operate the platform, debug issues, prevent abuse, improve the product
Geolocation data (general, IP-derived)	Approximate city/region inferred from IP	Security, fraud prevention, regional compliance
Inferences drawn from the above	Topics you engage with	Personalize recommendations and content surfaces
User-generated content	Posts, comments, messages	Operate the community features

We do not intentionally collect biometric information, precise GPS geolocation, government-issued IDs, financial-account information, or health information. If you provide any of these voluntarily inside content you post, please consider whether you really want it on a public community platform.

3.1 Sensitive personal information

We do not knowingly collect sensitive personal information as defined by California’s CPRA or comparable U.S. state laws. We do not use or disclose sensitive personal information for purposes that require a separate right-to-limit notice under those laws. If our practices change, we will update this Policy and the table above and notify you as a material change.

4. How we use your information

We use your information to:

Provide, maintain, and improve the OBENA platform.
Facilitate communication and collaboration between users.
Personalize your experience by tailoring content and recommendations.
Respond to your inquiries and provide support.
Monitor and analyze usage to enhance platform functionality and reliability.
Detect, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms of Service.
Comply with legal obligations and protect the rights, safety, and property of OBENA, our users, and the public.
Send transactional and service messages (e.g., confirmations, security alerts) and, where you have opted in or where permitted by law, marketing or product-update messages from which you can unsubscribe at any time.

We share your information only as described below. We do not sell your personal information for money. See Section 6 for the CCPA/CPRA-specific framing of “sell” and “share.”

Service providers (processors): Trusted third-party vendors that help us operate and improve OBENA — for example, hosting and infrastructure providers, analytics services, email-delivery providers, customer-support tools, and security services. They may only use your information to provide services to us and must protect it under contract.
Other users: Content you choose to make public (e.g., posts, comments, profile information you choose to display) is visible to other users and, depending on settings, the broader internet.
Legal compliance & safety: Authorities or other parties when we believe in good faith that disclosure is required or appropriate to comply with law, legal process, or a lawful request, or to protect the rights, property, or safety of OBENA, our users, or the public.
Business transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred to the new entity. We will give you notice (for example, by email or an in-app notice) before your personal information becomes subject to a different privacy policy.
With your consent: Information shared based on your explicit permission or instructions.

We do not sell your personal information for money.

California’s CPRA defines “sale” and “share” more broadly than a normal cash transaction — it can include disclosing personal information to third-party advertising or analytics partners for cross-context behavioral advertising or other valuable consideration.

We do not currently engage in cross-context behavioral advertising and do not “share” personal information for that purpose, as those terms are defined under California law.
If we ever begin “selling” or “sharing” personal information as those terms are defined, we will update this Policy, give you a clear opt-out via a “Do Not Sell or Share My Personal Information” mechanism, and honor recognized opt-out signals such as the Global Privacy Control (GPC) as required by law.
We honor GPC signals broadcast by your browser as a request to opt out of any future “sale” or “share” of personal information.

7. Your choices & rights

We respect your control over your personal information. The specific rights available to you depend on where you live.

7.1 Everyone

You can update or delete your profile information through your account settings.
You may delete content you have posted, subject to backup and legal-retention exceptions described in Section 11.
You can opt out of marketing communications by following the unsubscribe instructions in our emails or by contacting us.
You can manage cookies and tracking through your browser, device, and operating system settings.

7.2 California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
Access a copy of the specific personal information we hold about you (in a portable format where required).
Correct inaccurate personal information.
Delete your personal information, subject to legal exceptions.
Opt out of any “sale” or “sharing” of personal information (see Section 6) and to limit the use of sensitive personal information (see Section 3.1).
Non-discrimination for exercising any of these rights.
Designate an authorized agent to make a request on your behalf. We may verify the agent’s authority and your identity before acting.

To exercise these rights, please contact us and mark your message “California privacy request.” We will verify your request using information you provide and information already associated with your account.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you generally have the right to: access; rectification; erasure (“right to be forgotten”); restriction of processing; objection (including to direct marketing); data portability; and to withdraw consent (where processing is based on consent), without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority.

The lawful bases on which we rely include: performance of a contract (to provide the platform you signed up for); legitimate interests (e.g., securing the platform, preventing abuse, improving the product) where those interests are not overridden by your rights; consent (where required, e.g., for non-essential cookies or marketing in jurisdictions that require it); and compliance with legal obligations.

7.4 Other U.S. states

Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others) generally have rights similar to the rights described above, including the right to access, correct, delete, opt out of certain processing, and appeal a denial of a request. Please contact us and identify your state to exercise these rights.

7.5 How to make a request

To exercise any privacy right above, please contact us. We may need to verify your identity before acting on your request. We will respond within the timeframes required by applicable law (typically 45 days under U.S. state laws and one month under GDPR/UK GDPR, with extensions where allowed).

If we deny your request, you may appeal by replying to our response and explaining why you believe the decision was incorrect. We will provide a written response to your appeal within the timeframe required by your state’s law.

8. Cookies & similar technologies

We use cookies and similar technologies (such as local storage and pixels) for the following purposes:

Strictly necessary: Required for the platform to work — for example, keeping you signed in, maintaining your session, and protecting against attacks. These cannot be turned off through our controls without breaking the platform.
Functional: Remember your preferences and settings (e.g., language) so the platform behaves the way you expect.
Analytics: Help us understand how the platform is used so we can fix problems and improve features. We use analytics in an aggregated way and do not use them for cross-context behavioral advertising.
Security: Detect and prevent abuse, fraud, and unauthorized access.

Cookie durations range from session-only (deleted when you close your browser) to persistent (typically up to 13 months for analytics cookies, in line with common guidance), unless a different duration is required.

You can manage or refuse cookies through your browser settings or any cookie-management interface we offer in the platform. Disabling some cookies may impact functionality.

9. International users

OBENA is operated from and primarily targeted to users in the United States. If you access OBENA from outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions where our service providers operate. These jurisdictions may have data-protection laws that differ from those in your country.

If we determine that we are subject to GDPR or UK GDPR — for example, because we offer the service to people in the EEA or UK or monitor their behavior — we will implement appropriate transfer safeguards (such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum), appoint an Article 27 representative if required, and update this Policy with the corresponding details.

Until those determinations and safeguards are formally documented, EEA, UK, and Swiss users should be aware that the platform is intended for U.S. use, and information you submit will be processed under U.S. law.

10. Security

We take reasonable administrative, technical, and physical measures to protect your personal information from unauthorized access, loss, alteration, or disclosure. No system can guarantee complete security. We encourage you to use strong, unique passwords and to notify us immediately of any suspected account breach.

If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities to the extent required by applicable law.

11. Data retention

We retain personal information only for as long as needed to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. As general defaults:

Account information: retained for the life of your account; deleted or anonymized within a commercially reasonable period (target: 30 days) after account deletion, subject to backup-cycle and legal-hold exceptions.
User content: retained while published; deleted or de-indexed from the live service within a commercially reasonable period after you delete it or your account, subject to the license-survival exceptions in the Terms of Service §6.
Server logs & security events: typically retained up to 90 days, longer if needed to investigate a specific incident.
Analytics data: typically retained in aggregated or pseudonymized form; raw event data is retained no longer than needed to produce aggregates.
Communications & support tickets: retained as long as needed to handle the request and resolve any related issues, generally not longer than 24 months.
Legal-hold exceptions: information subject to a legal hold, audit, regulatory request, or pending dispute is retained until the matter is resolved.

We will publish more specific retention schedules as the product matures.

12. Children’s privacy

OBENA is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. We do not knowingly collect personal information from children under 13 in the United States, consistent with the Children’s Online Privacy Protection Act (COPPA), or from children under 16 in the EEA/UK in any way that would require parental consent under GDPR/UK GDPR.

If you believe a child under 18 has provided us with personal information, please contact us and we will take steps to delete the information and terminate the account.

13. Changes to this privacy policy

We may update this Privacy Policy from time to time. We treat changes that adversely affect your rights or that materially expand how we use, share, or retain your information as “material” changes.

For material changes, we will give you at least 30 days’ advance notice through email (if you have provided one) and through an in-app notice or banner before the change takes effect.
For non-material changes (typo fixes, clarifications, formatting), we will update the “Last updated” date at the top of this Policy and post the new version.

We will also review this Policy at least once every twelve months and confirm or refresh the “Last updated” date.

Continued use of OBENA after the effective date of a change constitutes your acceptance of the revised Policy. If you do not agree to a material change, your remedy is to stop using OBENA and, if you wish, delete your account before the effective date.

14. Third-party links

OBENA may include links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before engaging with them.

15. Contact us

If you have questions or concerns about this Privacy Policy, please contact us. We aim to acknowledge privacy requests within five business days and to provide a substantive response within the timeframes required by applicable law.

If you cannot use the contact form for accessibility or other reasons, please indicate that in any communication, and we will accept alternative reasonable channels.

Thank you for trusting OBENA with your personal information. Together, we aim to foster a safe and connected community.