OOPLOT

Privacy Policy

Last updated: May 3, 2026

1. Introduction

OOPLOT values your privacy. This privacy policy explains how we collect, use, store and protect your personal information. Please read this policy carefully before using our services. Continued use means you agree to the terms of this policy.

2. Information Collection

We may collect the following types of information:

  • Account Information: Email address, username, nickname, etc. provided when you register.
  • Usage Data: Pages you visit, features you use, IP address, browser type, device type, etc.
  • Uploaded Content: CSV data files you upload and generated chart code.
  • Payment Information: Payment status and transaction ID returned by Stripe / PayPal (we do not store full bank card numbers).

3. Cookies & Tracking Technologies

We use cookies and similar technologies to store user preferences, analyze traffic and provide personalized advertising. We use the following categories of cookies:

  • Necessary Cookies (cannot be turned off): Login status, security verification, gate pass credentials. Examples: ooplot_token, ooplot_gate_pass.
  • Analytics Cookies (optional): Statistical page visits, user behavior analysis. You can choose to decline in the cookie banner.
  • Advertising Cookies (optional): Google AdSense may use cookies to collect non-personally identifiable interest data to deliver relevant ads. You will still see non-personalized ads after declining.

You can manage consent preferences through our cookie popup on first visit, or clear cookies in your browser settings at any time.

4. Third-Party Services & Data Sharing

We share necessary data with the following trusted third parties:

  • Google (AdSense): Shares anonymized page visit data for ad delivery. Privacy policy: policies.google.com/privacy
  • Stripe / PayPal: Shares payment-related information to process subscription payments.
  • Supabase: As a database hosting service provider, encrypts and stores user account data and template data. Data may be stored on servers in the United States or the European Union. We have ensured GDPR-compliant adequate protection levels through Supabase's Data Processing Agreement (DPA).

We will not sell your personal information to any third party.

5. Information Usage

We use the information collected to provide services, improve user experience, analyze platform performance, process payments, prevent fraud and abuse, and contact you when necessary. AI call logs and token usage are used for billing audit and preventing service abuse.

6. Data Security

We adopt industry-standard security measures to protect your data, including HTTPS transmission encryption, database row-level security (RLS), sensitive configuration AES encryption storage, etc. All chart generation and data processing are completed locally in your browser (based on WebAssembly), and sensitive raw data will not be uploaded to our servers.

7. Data Retention Periods

  • Account information: retained for 90 days after you delete your account (for financial audit and compliance)
  • Payment records: retained for 7 years (tax regulation requirements)
  • Chart generation logs: retained for 12 months
  • AI call logs: retained for 6 months
  • Cookie consent records: retained for 12 months

8. International Data Transfers

OOPLOT uses Supabase as its database service. Data may be stored on servers in the United States or the European Union. We have ensured GDPR-compliant adequate protection levels through Supabase's Data Processing Agreement (DPA). For users from the European Economic Area, the legal basis for your data transfer is the Standard Contractual Clauses (SCC) under Article 46 of the GDPR.

9. User Rights

Under applicable data protection laws (including GDPR and the Personal Information Protection Law), you have the following rights regarding your personal information:

  • Right of Access: View the data we hold about you in User Center Settings after logging in
  • Right to Rectification: Modify inaccurate information on the profile page
  • Right to Erasure: Send an email to support@ooplot.net to request deletion of your account and all data
  • Right to Restriction of Processing: Request restriction of our processing of your data under specific circumstances
  • Right to Data Portability: Request export of your personal data (JSON format)
  • Right to Object: Object to data processing for direct marketing purposes

We will respond within 30 days of receiving the request. If you are dissatisfied with the handling result, you have the right to complain to the data protection regulatory authority in your location.

10. Protection of Minors

OOPLOT's services are primarily aimed at university students, graduate students and researchers. We do not knowingly collect personal information from children under 13. If you find that a minor has provided us with personal information, please contact us immediately and we will take measures to delete the relevant information.

11. Policy Updates

We may update this privacy policy from time to time. The updated policy will be published on this page with the 'Last updated' date changed. Major changes will be notified to you through website announcements or emails. Please check back regularly for the latest content.

12. Contact Us

If you have any questions about this privacy policy, or wish to exercise your data rights, please contact us via support@ooplot.net .