Privacy Policy
Contents
1. Scope
This policy describes how oddly collects, uses, and protects information when you use the platform at myoddly.com or any subdomain operated by Oddly Even Group Pte. Ltd. It covers personal data within the meaning of the Singapore Personal Data Protection Act 2012 (PDPA).
2. Data we collect
From you directly:
- Name and business email address (used to log in and to send the weekly digest and money-at-risk alerts).
- Optional: WhatsApp number, used only on the Autopilot tier to deliver money-at-risk pings.
- Billing details handled by Stripe. oddly does not store card numbers; we receive only the customer ID, plan, and invoice metadata.
From the systems you connect:
- Shopify: order, product, inventory, and content data for the stores you connect.
- Google Ads: campaign, keyword, search-term, and performance data for the accounts you authorise.
- Google Search Console: search performance, queries, and impressions for the properties you authorise.
- Meta Ads: campaign, ad, and audience performance data for the accounts you authorise.
From your use of the service:
- Standard server logs (IP address, request timestamp, user agent), retained for security and abuse detection.
- Audit log of platform actions taken on your behalf, kept so you can review what changed.
3. How we use it
We use the data above to:
- Deliver the platform: surface recommendations, send alerts, run scheduled actions.
- Bill you on the plan you chose.
- Communicate operational notices (digest, alerts, billing emails).
- Improve the platform, using aggregated and de-identified data only.
- Comply with legal obligations.
oddly does not sell personal data. oddly does not share customer-level data with third parties for advertising. oddly does not use customer data to train general-purpose machine learning models.
4. Who we share it with
We share data only with subprocessors that are necessary to operate the service:
- Stripe (payment processing). Receives billing details directly from you when you subscribe.
- Cloudflare (hosting, edge data store). Stores account and audit data.
- Email and WhatsApp delivery providers used to send notifications.
Each subprocessor is bound by a written agreement that requires them to handle data consistent with this policy.
5. Retention
Account and operational data is retained for as long as your account is active. Audit logs are retained for two years. On termination we delete your data within 30 days, except where retention is required by law (for example, financial records).
6. Security
Access tokens for connected platforms are stored server-side and never exposed in client code. Production secrets live in Cloudflare's secret store. Data in transit is encrypted with TLS. Internal access to production data is limited to operators who need it to run the service.
7. Your rights under PDPA
Under the Singapore PDPA you can:
- Request access to the personal data oddly holds about you.
- Request correction of personal data that is inaccurate.
- Withdraw consent for the processing described here. Note that withdrawing consent may end your access to the service.
To make a request, email [email protected] with the subject "Data Request". We respond within 30 days.
8. Cookies and analytics
The marketing pages on myoddly.com may set first-party cookies for essential session purposes. The dashboard uses no third-party analytics scripts. We do not embed Google Analytics, Meta Pixel, or similar tracking on authenticated pages.
9. International transfers
oddly stores data primarily in the Asia-Pacific region. Some subprocessors (Stripe, Cloudflare) may transfer data outside Singapore. Where this happens, those providers are bound to apply standards comparable to PDPA.
10. Contact
Privacy questions and PDPA requests:
Oddly Even Group Pte. Ltd.
206D Woodleigh Link #04-95
Singapore 364206
[email protected]