How we handle your data.

1. Who controls your data

The data controller is ōku edge, a tech-first digital agency based in Portugal, operating remotely worldwide. For anything concerning your data or GDPR requests:

• Email: edge@oku.pt
• Phone: +351 930 625 043
• Address: Portugal (remote · no public address)

We're not yet required to appoint a Data Protection Officer (DPO), but you deal directly with a member of the founding team.

2. What data we collect

a) Contact form

When you fill in the brief, we collect: name, email, phone (optional), project type, desired timing, and the free-text message. We also store your IP and browser user-agent for spam prevention.

b) Cookies and browser identifiers

Two categories:

• Strictly necessary (always on): your consent choice is stored in localStorage as oku-edge-consent. Cloudflare also sets short-lived cookies to route traffic via its edge network, protect against DDoS, and verify you're human. Without these, the site cannot be reached safely.
• Analytics (opt-in): Google Analytics 4 with Consent Mode v2 and IP anonymisation. Only runs after you click "accept" or enable the toggle in "customise". We never use advertising or remarketing.

3. Why we process it

• Respond to your brief (legal basis: pre-contractual measures, GDPR art. 6(1)(b)).
• Send a confirmation email to the address you provided (same basis).
• Understand what works on the site via Google Analytics (legal basis: consent, art. 6(1)(a)).
• Protect the site and users from abuse, DDoS and spam via Cloudflare (legal basis: legitimate interest, art. 6(1)(f)).

We don't profile, score, run automated decisions, do unsolicited marketing, or use your data to train AI models.

4. Where the data runs

The site and submitted briefs are hosted on servers in the European Union (Germany). Processing happens in the EU, with no transfers to third countries for normal operations. Our hosting provider is a processor with a signed DPA under GDPR art. 28.

Cloudflare (Cloudflare, Inc.) serves the site via its global edge network. When you request a page, Cloudflare may process your IP and request headers temporarily to route, cache and protect the connection. Cloudflare is a processor under a DPA with EU Standard Contractual Clauses.

Google Analytics (Google Ireland Limited) sends aggregated data to Google servers. This is the only case where data may be transferred outside the EEA, under the European Commission's Standard Contractual Clauses (SCCs) and with IP anonymisation. If you don't want this transfer, decline consent in the cookie banner — the site works fine either way.

5. How long we keep data

• Submitted briefs: 24 months after last contact, or immediately on your request.
• Exchanged emails: while the contractual relationship is active + 5 years for tax purposes (legal obligation).
• Consent in localStorage: until you change or clear it, or 12 months automatically.
• Google Analytics: 14 months (GA4 minimum).
• Server logs (IP, user-agent): 30 days.

6. Your rights

At any time you can, free of charge, ask to:

• Access a copy of your data (art. 15)
• Rectify incorrect data (art. 16)
• Erase (right to be forgotten, art. 17)
• Restrict processing (art. 18)
• Port your data to another format (art. 20)
• Object to processing based on legitimate interest (art. 21)
• Withdraw consent at any moment (click "cookies" in the footer)

We respond within 30 days. If you think we didn't handle your request well, you have the right to lodge a complaint with Portugal's Data Protection Authority (CNPD) or the one in your country of residence.

7. Security

Mandatory HTTPS (HSTS active), A+ security headers, Traefik rate limiting, encrypted passwords where applicable, access to data limited to the ōku edge team. In case of a breach affecting your data, we notify you within 72 hours as required by GDPR art. 33.

8. Changes to this policy

When we change anything substantive, we update the date at the top and — if it affects consent — increment the version (CONSENT_VERSION) so you can decide again. We never retroactively change legal bases.