Privacy · UK GDPR

Privacy policy.

What we collect, why we collect it, where it lives, and how to ask us to give it back. Last updated 27 April 2026. Effective from the same date.

Plain-English summary. If you visit ozric.ai we collect almost nothing. If you submit the invite form we collect your email and read it personally. We do not run third-party trackers. We are UK-based, GDPR-compliant by design, and our infrastructure is UK and EU-hosted. You can ask for a copy of your data, ask us to delete it, or ask us to stop processing it — we honour every request within thirty days.

1. Who we are

This privacy policy is published by OZRIC AI LIMITED ("OZRIC AI", "we", "us", "our"), a company incorporated in England & Wales under company number 17241218. Our registered address is in Greater London, United Kingdom. We are the controller of personal data described below.

2. What this policy covers

This policy covers personal data we process when you:

visit any page on the OZRIC marketing site (ozric.ai and any subdomain);
submit the “Request invitation” form;
email us at oracle@ozric.ai;
are accepted into the OZRIC invitation-only beta and onboard onto a hardware-bonded OZRIC AI System.

Once you onboard onto an OZRIC installation, the data processed by that installation is governed by your engagement letter with us in addition to this policy. The engagement letter is the canonical document for the operational data on your dedicated Mac.

3. What we collect — in order of how much

3a. When you visit the site

The standard server log: your IP address, the URL you requested, the referring URL, the user-agent string, and a timestamp. This is needed for the page to load and for security / abuse monitoring.

We do not run third-party advertising trackers, retargeting pixels, fingerprinting scripts, or session-replay tools on this site. We do not currently set non-essential cookies. We do not use Google Analytics. We do not embed Facebook Pixel on this site.

3b. When you submit the invite form

We collect:

The email address you enter in the form.
The source label for the form (which CTA you came from on the page) so we know which message resonated.
Server-side: timestamp + IP address (kept with the standard server log retention below).

We do not require a name, phone number, company, role, or any other field. The form has one input.

3c. When you email us directly

We process the message contents, the email address you wrote from, and any signature or attachment you chose to include. Email is read by humans at OZRIC AI. There is no automated reply.

3d. If you onboard onto an OZRIC installation

The data processed by your dedicated Mac is described in your engagement letter and the bespoke privacy review we run before install. It is NOT processed on our infrastructure: the Mac is yours, hosts your estate, and is handed over with everything intact at the end of the engagement.

4. Why we collect it (lawful basis)

Under UK GDPR Articles 6(1) we rely on the following lawful bases for the processing above:

Legitimate interest for server logs, abuse monitoring, and replying to inbound email. Our legitimate interest is operating a secure website and corresponding with people who reach out to us.
Consent for invite-form submissions. You provide consent by submitting the form. You can withdraw consent at any time by emailing oracle@ozric.ai; we will erase your invite record within thirty days.
Contract for any data we process once you have accepted onto an OZRIC engagement.
Legal obligation for the small subset of data we are required to retain for accounting, tax, or anti-money-laundering reasons.

5. Where data lives

Marketing-site requests are served from the EU and UK regions of our content delivery network. The invite form posts to our Cloudflare Worker (UK / EU region) which forwards the email address to our OZRIC AI Mac via an authenticated webhook; the Mac is physically located in the United Kingdom.

Email correspondence is hosted on Google Workspace under our business agreement; Google's standard contractual clauses apply. Outbound email delivery from the system uses Resend (resend.com) under a data-processor agreement.

For OZRIC installations, ALL operator data lives on the operator's dedicated Mac, on hardware they ultimately own. The Mac is normally physically located at the operator's address of choice, typically in the United Kingdom.

6. Who we share it with

We do not sell, rent, or trade personal data. We share data only with:

Cloudflare — CDN, DNS, and Worker runtime. Standard contractual clauses, EU/UK regions.
Resend — transactional email delivery. Standard data-processor agreement.
Google Workspace — for our internal email and collaboration. Standard data-processor agreement.
Netlify — hosting for the marketing site through the pre-launch period. Migrating to Cloudflare Pages on public launch; Netlify's data-processor terms apply meanwhile.
HMRC, Companies House, ICO — where we are legally obliged.

We will never share operational data from an OZRIC installation with any third party without the operator's explicit instruction or a court order.

7. Retention

Server logs: 90 days.
Invite form submissions: 24 months from submission, then automatic erasure.
Inbound email: kept until the conversation is concluded, plus 24 months for record. Earlier on request.
Engagement records: 7 years from the end of the engagement (UK accounting / tax requirement).

You can ask for earlier erasure at any time. Some categories (engagement records held for tax) cannot be erased before the statutory retention expires; we will tell you which fall into that category in our reply.

8. Your rights under UK GDPR

You have the right to:

Access — receive a copy of the personal data we hold about you.
Rectification — correct anything we hold that is inaccurate.
Erasure — have your data deleted (subject to the statutory retention exceptions named above).
Restriction of processing — ask us to stop using your data while a dispute is resolved.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interest.
Withdraw consent — for processing based on consent.
Lodge a complaint with the UK Information Commissioner's Office at ico.org.uk. Direct to them is fine; we'd appreciate a chance to put it right first.

To exercise any right above, email oracle@ozric.ai. We will respond within thirty days.

9. International transfers

Our default infrastructure is UK and EU-hosted. Where a sub-processor transfers data outside the UK / EEA (Resend operates in the United States), we rely on the UK addendum to the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or an adequacy decision, as applicable.

10. Cookies

This site does not currently set non-essential cookies. If we add an analytics cookie or similar in future, we will surface a consent banner before any cookie is set, and will update this policy with the cookie purpose, duration, and provider.

11. Children

OZRIC is a product for adult founders and operators. We do not knowingly collect data from children under 16. If you believe we have collected data from a minor, email oracle@ozric.ai and we will erase the record on receipt.

12. Changes to this policy

We may update this policy from time to time — for example, when we add new infrastructure or sub-processors. The “Last updated” date at the top of this page reflects the most recent change. Material changes will be communicated to operators of active OZRIC installations directly via email before they take effect.

13. Contact

Questions about this policy or your data: oracle@ozric.ai with the subject line "Privacy · [topic]".

OZRIC AI LIMITED · Greater London, United Kingdom · Companies House 17241218