P
odooPXL
P
odooPXL
Start FreeBook Demo

Privacy Policy

Last updated: March 24, 2026

1. Introduction

odooPXL (“we”, “us”, or “our”) is operated by 3Stars Consulting LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the odooPXL platform, website (odoopxl.com), Odoo module, JavaScript tracker, and related services (collectively, the “Service”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

2. Data Controller & Processor Roles

When you use our website: We are the Data Controller for personal data you provide (e.g., contact forms, account registration).

When you use our platform: You (the Odoo store operator) are the Data Controller for your end-user data. We act as a Data Processor, processing data on your behalf according to your instructions and our Data Processing Agreement (DPA).

3. PII Hashing & Data Minimization

odooPXL is designed with privacy by default. All personally identifiable information (PII) — including email addresses, phone numbers, and IP addresses — is hashed using SHA-256 at the edge before being transmitted to our servers or any third-party ad platform.

  • We never store raw email addresses or phone numbers
  • IP addresses are truncated and hashed before storage
  • Hashed identifiers are used solely for conversion matching and attribution
  • Raw PII is processed transiently in memory and never written to disk

4. Information We Collect

4.1 Account Information

When you register for an account, we collect your name, email address, company name, and billing information (processed by Stripe). We use this to provide and bill for the Service.

4.2 Conversion Event Data

We process server-side conversion events from your Odoo instance (e.g., sale confirmations, lead form submissions, POS transactions). This data includes hashed customer identifiers, order values, product categories, and UTM parameters.

4.3 Tracker Data

Our JavaScript tracker collects anonymized browsing behavior including page URLs, referrer, device type, and a first-party cookie identifier. No fingerprinting techniques are used.

4.4 Usage & Diagnostics

We collect aggregated platform usage metrics (API call counts, error rates) to improve service reliability. These are not linked to individual end-users.

5. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process conversion signals and send them to your connected ad platforms
  • Generate attribution reports and analytics
  • Communicate service updates and support responses
  • Process billing through Stripe
  • Comply with legal obligations

6. Data Sharing & Sub-processors

We share data only with the sub-processors necessary to deliver the Service:

Sub-processorPurposeLocation
HetznerInfrastructure hostingEU (Germany)
StripePayment processingUS
PostHogProduct analytics (opt-in)EU
Bird (MessageBird)Messaging triggers (opt-in)EU (Netherlands)
ClerkAuthenticationUS

Ad platform APIs (Meta, Google, TikTok, LinkedIn, Snapchat, Pinterest, Microsoft) receive only hashed identifiers and conversion data as instructed by you, the Data Controller.

7. Data Retention

  • Conversion event data: Retained for 25 months, then automatically purged
  • Attribution reports: Retained for 25 months
  • Account information: Retained while your account is active, then deleted within 30 days of account closure
  • Tracker cookies: First-party cookies expire after 12 months
  • Backups: Encrypted backups are retained for 90 days

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure:Request deletion of your data (“right to be forgotten”)
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Restrict processing: Limit how we use your data

To exercise any of these rights, contact us at privacy@odoopxl.com. We will respond within 30 days.

9. Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Credentials stored in an encrypted vault (never in environment variables)
  • Multi-tenant data isolation at the database level
  • Regular penetration testing and dependency audits
  • Role-based access control for internal systems

10. Cookies

Our website uses only essential cookies for authentication and session management. The odooPXL JavaScript tracker sets a first-party cookie to maintain a visitor identifier for attribution purposes. No third-party tracking cookies are used.

When the consent management feature is enabled, the tracker respects your end-users' consent preferences and will not set cookies or fire signals until consent is granted.

11. International Transfers

Our primary infrastructure is hosted in the EU (Hetzner, Germany). Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) and ensure appropriate safeguards are in place.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that we have collected data from a child under 16, we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website and, where appropriate, sending an email notification. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:

3Stars Consulting LLC (odooPXL)

Oakland, California, United States

Email: privacy@odoopxl.com