Privacy Policy

1. Introduction

At OAcast, we respect your privacy. This policy explains how we collect and use your data when you use our platform, whether as a Content Creator or as a Subscriber.

Under the General Data Protection Regulation (GDPR), we act as the Data Controller for our Creators' account information, and as a Data Processor for the data of the Subscribers who use our Creators' customized websites.

2. The Data We Collect

We believe in data minimization. We only collect the following:

• Identity Data: Full Name.
• Contact Data: Email Address.
• Authentication Data: Encrypted passwords and session tokens.
• Payment Metadata: We do not store credit card numbers. All payment data is handled securely by our partner, Stripe. We only receive confirmation of payment and the last 4 digits of the card for support purposes.

While our marketing website primarily uses cookies, our Platform (the app) collects the following directly from you to fulfill our contract:

• Account Information: Name and Email Address used for authentication and service notifications.
• Service Data: Information regarding your subscription status and transaction history to ensure you can access the content you've paid for.
• Log Data: IP addresses and device identifiers, which we process for security purposes and to comply with EU anti-fraud regulations.

3. How We Use Your Data

We process your data based on the following legal grounds:

• Contractual Necessity (Art. 6.1.b GDPR): To create your account, manage your custom domain, and provide access to videos/live streams.
• Consent (Art. 6.1.a GDPR): For optional analytics (Google Analytics).
• Legal Obligation: For tax reporting and compliance with the EU Digital Services Act (DSA).

4. Cookies & Tracking Technologies

We use a "Privacy First" approach to cookies. You can manage your preferences through our Cookie Banner.

5. Third-Party Data Sharing

We do not sell your data. We only share data with service providers necessary to run the platform:

• Stripe: For payment processing and KYC (Know Your Customer) verification.
• Google Analytics: For platform performance metrics (only if you consent).
• Cloud Infrastructure Providers: For secure data storage within the EU.

6. Data Transfers

All personal data is stored on servers located within the European Economic Area (EEA). If we transfer data outside the EEA (e.g., to a US-based sub-processor), we ensure "Standard Contractual Clauses" (SCCs) are in place to protect your rights.

7. Your Rights

Under the GDPR, you have the following rights:

• Access: Request a copy of your data.
• Correction: Ask us to fix inaccurate info.
• Erasure ("Right to be Forgotten"): Request we delete your account and data.
• Data Portability: Request your data in a structured, machine-readable format.
• Withdraw Consent: Disable analytics at any time via your settings.
• Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority. For Bulgaria, this is the Commission for Personal Data Protection (CPDP) at www.cpdp.bg.

8. Data Retention

We keep your data only as long as your account is active. If you delete your account, we scrub your personal data within 30 days, except where we are legally required to keep it for tax/accounting purposes (usually 5–10 years depending on local law).

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised effective date. Where required by law, we will seek your consent to any changes that affect how your personal data is processed.