Legal

Privacy Policy

Effective date: June 1, 2026

1. Overview

OSSeva ("OSSeva," "we," "us," or "our") operates osseva.io (the "Site") and provides enterprise open-source software support, CVE remediation, compliance documentation, and managed operations ("Services"). This Privacy Policy describes how we collect, use, and share information.

2. Information We Collect

  • Contact and inquiry data: When you submit a discovery call request, CVE alert subscription, or webinar registration, we collect your name, work email address, company name, and technology stack details via Formspree (formspree.io).
  • Usage and analytics data: We use Google Analytics 4 to collect standard web analytics including pages visited, time on site, referring URLs, browser type, and approximate geographic location (country/region). This data is pseudonymous.
  • Visitor identification data: We use Warmly (getwarmly.com) and VisitorTracking (visitortracking.com) to identify companies visiting the Site based on IP address and firmographic signals for B2B marketing purposes. Individual identity is not collected without a form submission.
  • Technical data: Standard server and CDN logs may record your IP address, user agent, and request timestamps for security and operational purposes, retained for up to 90 days.

3. How We Use Information

  • Service delivery: To respond to discovery call requests, deliver CVE alert subscriptions, and fulfill contracted Services.
  • Marketing outreach: To contact you about OSSeva Services relevant to your technology stack or compliance requirements. You may opt out at any time.
  • Site improvement: To understand how visitors use the Site and improve content, navigation, and conversion flows.
  • Legal compliance: To meet our legal obligations and enforce our Terms of Service.

4. Information Sharing

We do not sell your personal information. We share information only as described here:

  • Service providers: Formspree (form processing), Google LLC (analytics), Warmly (visitor identification), and VisitorTracking (visitor identification) process data on our behalf under their own privacy terms.
  • CRM and sales: Form submissions may be entered into our CRM and used for sales follow-up.
  • Legal requirements: We may disclose information when required by law or to protect the rights and safety of OSSeva, customers, or the public.
  • Business transfers: In the event of a merger or acquisition, your information may be transferred as part of that transaction.

5. Data Retention

We retain contact and inquiry data for up to three years after last contact, or as required to meet legal obligations. Analytics data is retained per Google Analytics 4 defaults (14 months). You may request deletion of your data at any time.

6. International Transfers and GDPR

OSSeva serves enterprise customers globally, including in the European Economic Area (EEA). If you are in the EEA, UK, or Switzerland, we process your personal data on the basis of legitimate interests (responding to inquiries, B2B marketing) or consent (CVE subscriptions). Transfers to the US are made under standard contractual clauses or equivalent safeguards.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to marketing processing. California residents may opt out of the sharing of personal information under CCPA. To exercise any right, contact us at the address in Section 12.

8. Cookies and Tracking

The Site uses cookies and similar technologies for analytics and visitor identification. You may control cookies through your browser settings. Disabling cookies does not prevent Site use but may affect analytics accuracy.

9. Security

We implement industry-standard technical and organizational measures including TLS encryption in transit and access controls. No method of Internet transmission is 100% secure; we cannot guarantee absolute security.

10. Children

The Site is directed to enterprise professionals and is not intended for individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised effective date.

12. Contact

To exercise your rights or ask questions about this policy, contact us at: privacy@osseva.io

Terms of Service →Security Policy →Contact Us →

Frequently asked questions

How do I request deletion of my personal data?

Email privacy@osseva.io with 'Data Deletion Request' in the subject line. We will confirm receipt within 24 hours and fulfill the request within 30 days, subject to any legal retention requirements.

Does OSSeva sell my personal information?

No. OSSeva does not sell personal information to third parties. Visitor identification data (via Warmly and VisitorTracking) is used solely for OSSeva's own B2B marketing purposes and is not sold or shared with other organizations for their independent use.

How do I opt out of B2B marketing emails from OSSeva?

Reply to any OSSeva email with 'Unsubscribe' or 'Remove me' and we will remove you from all marketing communications within 5 business days. You can also email privacy@osseva.io to request removal.

Does OSSeva comply with GDPR?

Yes. OSSeva processes personal data of EEA residents under legitimate interests (business inquiry response) and consent (CVE alert subscriptions). We honor all GDPR data subject rights including access, correction, deletion, portability, and objection. Contact privacy@osseva.io to exercise your rights.