OSSERVA
Sign In
Legal

Privacy Policy

Last updated: April 21, 2026

OSSERVA OFFICE is committed to protecting the privacy of users and the confidentiality of data processed through the platform. This Privacy Policy explains what information we collect, how we use it, how it is stored and protected, and what rights you have as a user.

This policy applies to all individuals who access the platform, including firm administrators, staff users, and any third parties whose data is processed through the platform on behalf of a subscribing organisation.

1. Information We Collect

We collect the following categories of information through the operation of the platform:

Account Information

  • Full name and email address provided during account creation.
  • Job title and phone number if provided by the user or administrator.
  • Hashed password credentials (stored in encrypted form; never readable by OSSERVA staff).
  • Preferred interface language and display settings.

Operational Data

  • Case records, client information, appointments, tasks, and documents created by users.
  • Internal messages exchanged between team members.
  • Check-in and attendance records for employees.
  • Activity logs recording actions taken within the platform.

Technical Data

  • Session tokens stored in encrypted browser sessions to maintain authentication.
  • Basic server-side logs including access timestamps, error records, and request metadata.
  • Integration configuration data such as Gmail OAuth tokens when enabled by the administrator.

2. How Information Is Used

All data collected through the platform is used exclusively to provide, maintain, and improve the OSSERVA OFFICE service. Specifically:

  • To authenticate users and maintain secure session access.
  • To display relevant records, assignments, calendars, and documents within the platform.
  • To send internal notifications and messages between team members.
  • To generate reports, dashboards, and financial summaries for account administrators.
  • To diagnose technical issues and maintain service reliability.
  • To comply with applicable legal obligations if required.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data to train third-party machine learning models.

3. Data Storage and Protection

OSSERVA OFFICE is deployed on production-grade cloud infrastructure. Data protection measures include:

  • Encrypted connections over HTTPS for all platform access.
  • Password credentials stored using a one-way cryptographic hash; plaintext passwords are never retained.
  • Session tokens are cryptographically signed and expire after the configured session lifetime.
  • Database access is restricted to application-layer processes; no direct public database access is permitted.
  • Uploaded documents are stored in access-controlled storage with path randomisation.

No security system is infallible. While we maintain strong technical controls, we cannot guarantee absolute security. We encourage users to follow strong password practices and report suspected security issues promptly to our team.

4. User Responsibilities

Users and account administrators are responsible for:

  • Ensuring that only authorised individuals are granted access to the platform.
  • Managing the accuracy and appropriateness of data entered into the platform.
  • Complying with applicable data protection regulations when entering client or third-party personal information.
  • Ensuring that clients and third parties whose data is stored in the platform have been informed appropriately under applicable law.
  • Reporting unauthorised access, security incidents, or data breaches to OSSERVA promptly.

5. Third-Party Services

OSSERVA OFFICE may interact with third-party services when enabled by account administrators. These integrations are governed by the respective providers' privacy policies:

Google Gmail API

When the Gmail integration is enabled, the platform accesses email data using OAuth tokens authorised by the account administrator. Only the mailbox associated with the authorised credentials is accessed. OSSERVA does not share this data with any other party.

OpenAI API

The Legal Consultant feature may send anonymised legal query context to the OpenAI API for AI-assisted analysis. No personally identifiable information is intentionally included in these requests. Administrators may disable this feature.

Cloud Infrastructure

The platform is hosted on production cloud infrastructure. Database contents, uploaded files, and session data reside on this infrastructure within the selected deployment region.

6. Data Retention

Data is retained for the duration of the active subscription and for a reasonable period thereafter to allow for account recovery and export requests.

  • Active account data is retained for the duration of the subscription.
  • Following account termination or cancellation, data may be retained for up to 30 days to allow for export or appeal.
  • After the retention period, data is permanently deleted from production systems.
  • Anonymised aggregate usage statistics may be retained indefinitely for internal analysis.
  • Backup copies of data may persist for a limited period beyond deletion from production systems, consistent with standard backup practices.

Account administrators may request a full export of their organisation's data at any time by contacting us at the address below.

7. Contact and Data Requests

For any questions regarding this Privacy Policy, data access or deletion requests, or to report a suspected security incident, please contact us:

OSSERVA OFFICE

Privacy inquiries: privacy@osserva.com

General contact: contact@osserva.com

We aim to respond to all privacy-related inquiries within five business days.