OYRB

Legal

Privacy Policy

Effective: April 22, 2026 · Last updated: April 22, 2026 · Version v1.1

1. Overview

OYRB LLC, a Georgia limited liability company("OYRB", "we", "us", or "our") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with your use of our Platform at oyrb.space. By using the Platform, you consent to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account info: name, email, password (hashed), profile photo, business name, phone.
  • Business info (Professionals): services offered, pricing, hours, location, bio, gallery images, tagline, social links.
  • Booking info (Clients): name, email, phone, notes, service selected, date/time, and any intake form responses.
  • Payment info: we do not store full card numbers. Stripe, Inc. processes and stores this data per their PCI-DSS certified practices.
  • Communications: emails and messages you send to support.

2.2 Information Collected Automatically

  • Usage data: pages visited, actions taken, device type, browser, IP address, timestamps.
  • Cookies & similar technologies: used for authentication, session management, and analytics.
  • Location: approximate location from IP address or (with permission) precise location via your browser, used to show featured businesses near you.

2.3 Information from Third Parties

  • Google (if you sign in with Google): name, email, profile image.
  • Stripe: subscription and payment status.

3. How We Use Information

  • To provide, operate, and maintain the Platform;
  • To process bookings and payments;
  • To send booking confirmations, reminders, receipts, and account notifications;
  • To respond to customer support requests;
  • To detect, prevent, and investigate fraud, abuse, and security issues;
  • To improve Platform features and user experience through analytics;
  • To comply with legal obligations and enforce our Terms.

We do not sell your personal information to third parties.

4. How We Share Information

We share information only as described here:

  • With Professionals you book with: your name, email, phone, booking details, and any notes you provide.
  • With Clients who book you (Professionals only): client-provided contact and booking info.
  • Service providers: Stripe (payments), Supabase (database & authentication), Resend (transactional email), Vercel (hosting & CDN), Unsplash (stock photos), Google (OAuth), ImprovMX (email forwarding).
  • Legal & safety: to comply with law, respond to lawful requests, or protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, user data may be transferred.

5. Data Retention

  • Account & business data: retained for as long as your Subscription is active.
  • After cancellation or termination: retained for ninety (90) days as a reactivation window, then permanently deleted from production systems.
  • Payment & transaction records: retained for seven (7) years as required by IRS and state tax-record rules. We never store full card numbers — Stripe handles those.
  • System backups: rotated out within thirty (30) days, after which the deleted data cannot be recovered from backups either.
  • Directory listing data: removed from the public directory within five (5) minutes of delisting; cached search-engine snapshots may take additional time to clear at the search engine's discretion.
  • Consent records (Terms, Privacy, Directory acceptance): retained for the life of the account plus seven (7) years for legal-defense and audit purposes.

6. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access, correct, or delete your personal data;
  • Object to or restrict certain processing;
  • Data portability;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

California residents (CCPA/CPRA):you have the right to know what personal information we collect, to request deletion, to correct inaccuracies, and to opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising).

To exercise any rights, contact support@oyrb.space.

7. Security

We implement reasonable technical and organizational measures to protect personal data, including TLS encryption in transit, encrypted database storage (Supabase), and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

We will notify affected users of a data breach involving their personal information in accordance with applicable law (typically within 72 hours of discovery).

8. Age Requirement & Children's Privacy

The Platform is not intended for users under the age of 18. By creating a Professional account or Client account, you confirm that you are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that an account belongs to a user under 18, we will delete the account and the associated personal data, and (where required by law) notify the user's parent or guardian.

9. International Users

The Platform is operated in the United States. By using the Platform, you consent to the transfer of your data to the United States, which may have different data-protection laws than your country.

10. Directory Data

When you opt into the OYRB public directory, the specific information you have selected in your Directory settings becomes publicly visible at oyrb.space/find. You control exactly what is shown — every field is opt-in, and your business name is the only required field.

  • You may allow or disallow search-engine indexing via a separate explicit toggle. When disabled, OYRB serves a noindex tag so search engines should not list your directory page.
  • You can delist at any time from your Dashboard. The public listing is removed within five (5) minutes; cached search-engine snapshots may take additional time to clear.
  • OYRB does not sell directory data to third parties. Aggregated, de-identified directory statistics may be published for marketing or research.
  • Each acceptance of the Directory Agreement is recorded with timestamp + version in the directory_consent_log table for audit purposes.

11. Cookies & Tracking

  • Essential cookies: required for authentication, session continuity, CSRF protection, and basic Platform functionality. Disabling these prevents you from signing in.
  • Analytics: Vercel Analytics records aggregated, IP-anonymized page-view data to help us improve the Platform. No third-party advertising trackers, no cross-site tracking pixels, no behavioral-ad cookies.
  • Stripe Checkout: when you reach a payment screen, Stripe sets its own cookies governed by Stripe's privacy policy.

We do not participate in the IAB Transparency & Consent Framework or any ad-tech bidstream. There is no advertising on the Platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-platform notice at least 30 days before taking effect. The "Last updated" date reflects the most recent version.

13. Contact

Privacy questions or requests? Email support@oyrb.space.