Privacy Policy

Introduction

Opossum CMS ("we," "us," "our," or "oCMS") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://ocms.tech/ (the "Site").

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use the Site.

Data Controller & Contact Information

The entity responsible for processing your personal data is:

For any privacy-related inquiries, questions, or requests, please contact us at webmaster@ocms.tech.

What Data We Collect

Data You Provide Directly

• Email (Newsletter Signup): If you subscribe to our newsletter, we collect your email address
• Contact Form Data: If available, any information you submit through contact forms
• User Accounts: If you create an account, we collect username, email, and any profile information you provide

Data Collected Automatically

• Cookies: We use the ocms_lang cookie to remember your language preference (see Cookie Policy)
• Server Logs: When you visit the Site, our web server automatically records:
  • Your IP address
  • Request method (GET, POST, etc.)
  • URL path and query parameters
  • HTTP status code
  • Timestamp
  • Referer URL (if sent by your browser)
  • User-Agent (browser/device info)
• Analytics (if enabled): If you consent to Google Analytics, additional behavioral data is collected (see Third-Party Services)

Data You Choose NOT to Provide

You are not required to provide any personal data to use the Site. Most of our content is publicly available without registration or data submission. However, some features (e.g., newsletter) require an email address.

Legal Basis for Processing

Under GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), LGPD (Brazil), and similar laws, we process your data based on the following legal grounds:

We conduct balancing tests for legitimate interest claims to ensure your rights are respected. You can always object to processing by contacting webmaster@ocms.tech.

How We Use Your Data

We use your data for the following purposes:

1. Providing & Improving the Site

• Serve you the correct language version
• Diagnose technical issues and bugs
• Monitor server performance and security
• Improve user experience based on usage patterns

2. Communications

• Send you newsletter emails (if you subscribed)
• Respond to your inquiries or support requests
• Send updates about new features or important changes
• Notify you of this Privacy Policy updates (if required)

3. Legal Compliance & Safety

• Comply with legal obligations (law enforcement requests, court orders)
• Protect against fraud, abuse, or unauthorized access
• Enforce our Terms & Conditions
• Maintain server security and prevent attacks

4. Analytics (If Enabled)

• Understand which pages are most popular
• Track conversion goals (e.g., newsletter signups)
• Analyze user demographics and behavior

We will never:

• Sell your data to third parties
• Use your email for marketing purposes without consent
• Share your data with advertisers
• Use behavioral tracking for targeted ads

Data Retention

You can request deletion of your data at any time. See Your Privacy Rights for instructions.

Third-Party Services & Data Sharing

Services That May Receive Your Data

1. GitHub (Source Code Hosting)

What data: If you access the oCMS repository on GitHub, GitHub collects your IP address and usage data per their privacy policy.

Privacy Policy: GitHub Privacy Statement

2. Google Analytics (Optional)

Status: Currently disabled; may be enabled in the future with your consent.

What data: Page views, time on site, bounce rate, referrer, user demographics (age, gender, interests)

Cookies: _ga, _gid, _gat, _gcl_au

Privacy Policy: Google Privacy Policy

How to opt out: Google Analytics Opt-out Browser Add-on

3. hCaptcha (Bot Detection)

Status: May be used on forms (e.g., newsletter signup) to prevent spam.

What data: IP address, mouse movements, keystroke timing (to detect bots)

Privacy Policy: hCaptcha Privacy Policy

4. Email Service Provider (Future)

Status: If newsletter is launched with a third-party provider, email addresses will be stored by that provider.

Data Processing Agreement: We'll ensure the provider is GDPR-compliant.

Data We DON'T Share

We do not share your data with:

• Advertising networks
• Data brokers
• Marketing companies
• Social media platforms (Facebook, Twitter, etc.)
• Any third party for commercial purposes

Your Privacy Rights

Depending on your location, you have the following rights under privacy laws (GDPR, CCPA, LGPD, etc.):

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Include your request details (e.g., "I request a copy of all data you hold about me"). We'll respond within 30 days (GDPR requirement).

CCPA Rights (California Residents)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: What personal data is collected, used, and shared
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of the sale or sharing of your personal data (we don't do this, but you can confirm)
• Right to Non-Discrimination: We won't discriminate for exercising your rights

Do Not Sell My Personal Information: We do not sell your data. If you have questions, contact webmaster@ocms.tech.

Data Security

We take security seriously and implement industry-standard measures to protect your data:

Technical Safeguards

• HTTPS Encryption: All data transmitted to/from the Site is encrypted via SSL/TLS (HTTPS)
• Cookie Flags: Cookies are set with HttpOnly and Secure flags to prevent unauthorized access
• Server Security: Regular security updates and patches
• Firewall & Intrusion Detection: Protected against common attacks
• Content Security Policy (CSP): Prevents injection attacks

Administrative Safeguards

• Access Control: Only authorized personnel can access your data
• Logging: Access to sensitive data is logged for audit purposes
• Incident Response: We have a plan to respond to security breaches

Your Responsibility: You're also responsible for maintaining the security of your account. Use strong passwords and don't share your credentials.

Children's Privacy

The Site is not intended for children under age 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that a child has provided personal data, we'll delete it immediately and notify the parent/guardian.

Parents/Guardians: If you believe your child has submitted data to us, please contact webmaster@ocms.tech immediately.

International Data Transfers

Opossum CMS serves an international audience. Your data may be stored or processed in countries outside your location, including the United States.

Data Transfer Mechanisms

When we transfer data internationally, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual clauses for transfers outside the EU/EEA
• Adequacy Decisions: Transfer to countries deemed adequate by the EU Commission (e.g., Canada, Japan)
• Your Consent: Explicit consent for specific transfers

For details on where your data is stored or processed, contact webmaster@ocms.tech.

EU-US Data Transfers

If your data is transferred to the US, we ensure safeguards are in place to protect it, even though US privacy laws differ from GDPR.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes to our data practices
• New legal requirements
• New features or services

How we'll notify you:

• Material changes will be announced via email (if you're subscribed) or a prominent notice on the Site
• The "Last Updated" date will be updated at the top of this policy
• Your continued use of the Site after changes means you accept the new policy

Check this page regularly for updates. We recommend reviewing it annually.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Related Documents

• Cookie Policy — Details on cookies and tracking
• Terms & Conditions — Website use agreement
• Accessibility Statement — Our accessibility commitment

Data Protection Authority

If you're in the EU/UK and we don't resolve your concern, you have the right to lodge a complaint:

• EU: European Data Protection Board (EDPB)
• UK: Information Commissioner's Office (ICO)

This Privacy Policy was last updated on March 24, 2026. We're committed to transparency and will keep this policy current as our practices evolve.