Skip to content

§ 302 · Legal ·

Privacy.

We collect only what we need to fulfill orders and operate the site. This page explains what that is, how we use it, and what your options are.

What we collect

  • Account information: your name, email, shipping address, and a hashed password. We do not store plaintext passwords.
  • Order history: products, quantities, prices, shipping status, and dates.
  • Access logs: timestamp, IP, and user agent on requests that mutate data (to investigate security incidents).
  • Payment references: the last few digits of a card, a crypto transaction hash, or an invoice number — enough to reconcile your order. We do not store card numbers or bank credentials.

What we don’t collect

  • Precise location. Approximate location may be inferred from IP in server logs.
  • Cross-site tracking. We do not set third-party advertising cookies.
  • Biometric or health data beyond what a customer chooses to provide by email.

How we use it

To process orders, keep your account secure, meet legal obligations, and improve the site. We do not sell your information.

Who we share it with

  • Service providers operating under data-processing agreements: our database host (Neon), email sender (Resend), rate-limit store (Upstash), and media storage (Cloudflare R2).
  • Shipping carriers, when you have placed an order that requires fulfillment.
  • Authorities, when we have a good-faith belief that disclosure is required by law.

Retention

Order records are retained for as long as applicable tax and commercial law require — typically seven years. Account records are kept until you ask us to delete them or until the account has been inactive for five years.

Your choices

  • Request a copy of your data: privacy@oxresearch.com.
  • Request deletion: same address. We will confirm within 30 days.
  • Opt out of non-essential email: every message has an unsubscribe link.

Security

We use TLS for all traffic, httpOnly session cookies, per-collection access control, and mandatory two-factor authentication for staff accounts. Our security posture is summarized in the SECURITY.md file shipped with the site’s source.

Changes to this policy

We may update this policy as the site and business evolve. Material changes will be announced to the email address on your account.

Contact

Privacy questions or complaints: privacy@oxresearch.com.