Privacy Policy

Your privacy is important to us. It is OCO 2020 Inc.'s ("OCO 20/20", "we", "us", or "our") policy to respect your privacy regarding any information we may collect from you across our website, https://www.oco2020.com (the "Service"), and other sites we own and operate.

This Privacy Policy applies to the OCO 20/20 web application and the associated desktop application. It describes how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

A. Personal Data

Personally identifiable information, such as your name, email address, and telephone number (if provided), that you voluntarily give to us when you register with the Service, subscribe to our services, or when you choose to participate in various activities related to the Service, such as online chat and message boards or contact forms.

B. Derivative Data (Usage Data)

Information our servers automatically collect when you access the Service, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Service. We also collect information about your use of the Service features, such as CPT code lookups and Excel upload activity, for analytics and service improvement. This includes audit log data for security and compliance purposes.

C. Financial Data

Financial information, such as data related to your payment method (e.g., valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Service. We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, Stripe. You are encouraged to review their privacy policy and contact them directly for responses to your questions.

D. Data from Desktop Application

The OCO 20/20 desktop application processes Explanation of Benefits (EOB) documents locally on your computer. The desktop application generates Excel files based on this processing. When you choose to upload these Excel files to our web Service, the data contained within these files (excluding any raw files, which are not stored by us) is collected. We have implemented measures to validate the structure of these Excel files and do not store files that might contain Protected Health Information (PHI) beyond what is necessary for the service and in line with our data minimization principles.

E. Cookies and Tracking Technologies

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Service to help customize the Service and improve your experience. When you access the Service, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Service.

2. How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

• Create and manage your account.
• Process your payments and subscriptions.
• Email you regarding your account or order.
• Provide and maintain our Service, including the desktop application functionalities when data is uploaded.
• Monitor and analyze usage and trends to improve your experience with the Service.
• Notify you of updates to the Service.
• Offer new products, services, and/or recommendations to you.
• Perform other business activities as needed.
• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
• Resolve disputes and troubleshoot problems.
• Respond to product and customer service requests.
• Compile anonymous statistical data and analysis for use internally or with third parties.
• Maintain audit logs for security and compliance purposes.

3. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

A. By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

B. Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing (Stripe), data analysis, email delivery, hosting services (Vercel), customer service, and database/authentication/storage services (Supabase).

C. Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

We do not sell your personal information.

4. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, audit log data may be retained for up to seven years to comply with regulatory requirements. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

5. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. This includes utilizing services like Supabase which provide robust security features for data storage and authentication. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

Specifically regarding data from Excel uploads, we do not store the raw Excel files. We validate the structure of uploaded data and process it to extract necessary information, aiming to minimize any potential exposure of sensitive data.

6. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of these rights, please contact us at the email address provided below. We will respond to your request within a reasonable timeframe.

7. Policy for Children

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:
OCO 2020 Inc.
Email: oco2020inc@outlook.com

Legal Disclaimer: This Privacy Policy is for general informational purposes only, and does not constitute legal advice. OCO 2020 Inc. is not a law firm and does not provide legal services. You should consult with a qualified legal professional to ensure compliance with all applicable laws and regulations for your specific situation and jurisdiction.

Last Updated: May 10, 2025