Data Protection Policy

OIESU may process lead details, contact records, advertising account access, analytics data, website logs, form submissions, strategy inputs, invoices, payment metadata, chat messages, support communications, and project files.

We use access controls, server permissions, encrypted transport, restricted admin access, secret storage, audit logs, backups, monitoring, and operational controls appropriate to the project. No internet-connected system can be guaranteed perfectly secure, but OIESU works to reduce practical risk.

Access is limited to personnel, contractors, service providers, and systems that need it for delivery, support, billing, compliance, security, or troubleshooting. Clients must protect their own credentials and must not share passwords through insecure channels.

We retain records for as long as needed for services, legal compliance, tax, billing, fraud prevention, dispute handling, security, analytics, marketing exclusion, and legitimate business operations. Internal visitor, attribution, consent, and analytics records may be retained for up to 5 years unless a shorter period is legally required or operationally configured. Deletion may be refused or delayed where retention is legally or operationally necessary.

If we become aware of a data incident requiring notice under applicable law, we will investigate and notify affected parties or regulators where required. Client delay, third-party platform compromise, weak client passwords, or unauthorised sharing by the client may fall outside OIESU responsibility.