Privacy Notice

Last updated: 2026-06-08

This Privacy Notice explains how OdoMate ("we," "us," "our") collects, uses, and protects your personal data when you visit https://odomate.pro, sign up for our waitlist, or use the OdoMate platform once invited.

We take privacy seriously. We collect only what we need, we tell you exactly what we do with it, and you can ask us to delete it at any time.

1. Who we are

OdoMate is operated by Maryana Zelinska & Andriy Zelinskyy (operating as OdoMate), the data controller for the purposes of the EU General Data Protection Regulation (GDPR).

Contact for privacy matters: privacy@odomate.pro

OdoMate is currently in a private validation phase. Access to the platform is invite-only via our waitlist.

2. What data we collect

2.1 When you visit https://odomate.pro

2.2 When you sign up for the waitlist

2.3 When you use the OdoMate platform (post-invitation)

We do not store the full code of generated modules in our database — only the ZIP archive in object storage.

3. Why we use your data, and our legal basis

PurposeData usedLegal basis (GDPR)
Operate the landing page and waitlistAnalytics, waitlist form fieldsConsent (Art. 6(1)(a)) for cookies and analytics; Consent for waitlist storage and communications
Send you waitlist updates and the launch invitationEmailConsent (Art. 6(1)(a))
Provide the OdoMate platform to invited usersAccount, specs, generated modules, conversationsPerformance of a contract (Art. 6(1)(b))
Detect abuse and ensure securityAccount, IP-derived signals (transient), logsLegitimate interest (Art. 6(1)(f)) — operating a secure service
Comply with legal obligations (tax, accounting)Billing data if applicableLegal obligation (Art. 6(1)(c))

We do not use your data for automated decision-making or profiling.

4. Who has access to your data

We share data only with the third-party service providers below ("sub-processors") who help us operate OdoMate. Each is bound by a data processing agreement.

Service providerWhat they processLocation
VercelLanding page and platform frontend hostingFrankfurt (EU)
RailwayBackend API, Odoo demo container, internal databaseAmsterdam (EU)
SupabaseAccount, specs, generation metadata, file storageFrankfurt (EU). Some authentication emails egress via AWS SES (US) under standard contractual clauses (SCCs).
Anthropic (Claude)Your business-need text and refinement messages, when generating modulesUS — under SCCs. Inputs retained ≤30 days for safety review; not used to train models.
OpenAIEmbedding queries on the Odoo knowledge base (no user data is embedded)US — under SCCs. Inputs retained ≤30 days; not used to train models.
GoogleOAuth sign-in (your name, email, profile picture)US — under SCCs
UpstashOdoo documentation lookup during module generationVaries — under SCCs
PostHogLanding-page and platform analytics (EU Cloud)EU — no international transfer
NotionInternal mirror of waitlist signups for team reviewUS — under SCCs

We do not sell your data, share it with advertising networks, or use it for marketing outside OdoMate.

5. International data transfers

Where data is transferred outside the EU/EEA, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, as referenced in each sub-processor's data processing agreement. We minimise such transfers where alternatives exist (e.g., PostHog is on EU Cloud, Supabase databases are EU-hosted).

6. How long we keep your data

If you ask us to delete your data, we will do so within 30 days, except where law requires retention.

7. Your rights

Under GDPR, you have the right to:

To exercise any of these rights, email privacy@odomate.pro. We respond within 30 days. If we need to verify your identity, we will reply asking for confirmation from the email address on file.

8. Cookies and analytics

We use the following cookies and tracking technologies. We do not load any of them until you opt in via our cookie banner.

CategoryPurposeProviderRequired?
Strictly necessaryKeep the site functionalOdoMate (first-party)Always on — no consent needed
AnalyticsUnderstand how visitors use the sitePostHog (EU Cloud)Optional — opt-in via banner
FunctionalEmbed scheduling and form widgetsCalendly, etc.Loaded only when you interact with the relevant feature

You can change your cookie preferences at any time by clicking the "Cookie settings" link in the page footer.

9. Children

OdoMate is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have, please contact us at privacy@odomate.pro and we will delete it.

10. Security

We use TLS (HTTPS) for all data transmission, role-based access control on our backend, and Row-Level Security on our database. Our sub-processors maintain their own security commitments under their contracts with us. No system is perfectly secure; if we ever experience a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and you without undue delay.

11. Changes to this notice

If we change this notice in a way that materially affects your rights, we will notify you by email (for waitlist subscribers and account holders) and update the "Last updated" date at the top. The previous version will remain available on request.

12. Contact us

Privacy questions or data subject requests: privacy@odomate.pro

Legal matters: legal@odomate.pro

Security or vulnerability reports: security@odomate.pro

General inquiries: info@odomate.pro