Privacy PolicyYour Data, Your Control
Oktima S.r.l. is committed to protecting your privacy and ensuring the security of your personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.
1. Data Controller
The data controller for the processing of your personal data is:
Oktima S.r.l.
Via Provinciale Osovana 13
33030 – Buja (UD), Italy
Email: privacy@oktima.ai
PEC: oktima@legalmail.it
2. Data We Collect
2.1 Account and Registration Data
When you register for Oktima, we collect:
- Name, email address, and company information
- Authentication credentials and account preferences
- Billing and invoicing information
2.2 IDE and Platform Usage Data
When you use the Oktima IDE and related services, we may collect:
- Feature usage analytics and telemetry data
- Error reports and diagnostic information
- Emulator and debugger session metadata
- License activation and usage data
2.3 AI Agent Interaction Data
When you use the integrated AI Agent, we process:
- Prompts and instructions you submit to the AI Agent
- AI-generated outputs (UI designs, Flow logic, configurations, translations)
- Request counts and usage metrics for your AI allocation
2.4 Cloud Services Data
When you use Oktima Cloud Services, we process:
- Device management and monitoring data
- OTA update history and deployment records
- Runtime license management information
- Custom board SDK download and configuration data
2.5 Website Browsing Data
When you visit our website, we collect aggregated, anonymous analytics through Plausible Analytics (a cookie-free, privacy-first tool):
- Page URLs, referrer sources, and country-level location (no IP addresses are stored)
- Browser and device type (aggregated, not linked to individuals)
- Authentication cookies for login sessions (see Section 9)
3. Purposes and Legal Basis for Processing
We process your personal data for the following purposes, each supported by a specific legal basis under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain Platform services (IDE, Runtime, Cloud) | Performance of contract (Art. 6(1)(b)) |
| Process AI Agent requests and deliver outputs | Performance of contract (Art. 6(1)(b)) |
| Manage licenses and billing | Performance of contract (Art. 6(1)(b)) |
| Provide customer support | Performance of contract (Art. 6(1)(b)) |
| Improve Platform functionality and AI services using aggregated, anonymized data | Legitimate interest (Art. 6(1)(f)) |
| Website analytics (cookie-free, via Plausible) and error diagnostics | Legitimate interest (Art. 6(1)(f)) |
| Send marketing communications and product updates | Consent (Art. 6(1)(a)) |
| Comply with legal and regulatory obligations (tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Ensure Platform security and prevent fraud | Legitimate interest (Art. 6(1)(f)) |
4. AI Agent Data Processing
The Oktima AI Agent is a core feature of the Platform that assists with UI creation, Flow logic, device configuration, translations, and datasheet interpretation. Given the nature of AI processing, we provide the following specific disclosures:
- Processing purpose: AI inputs and outputs are processed solely to provide the requested functionality within the Platform
- Confidentiality: Project data submitted to the AI Agent is treated as confidential and is not used to train AI models
- Aggregated data: Aggregated, anonymized usage data may be used to improve the AI service quality
- Third-party providers: AI processing may involve third-party AI service providers acting as data processors under appropriate contractual safeguards (see Section 5)
- No automated decision-making: The AI Agent provides suggestions and generated content for your review; it does not make autonomous decisions with legal or significant effects on you
5. Data Sharing and Third Parties
We do not sell, trade, or rent your personal data. We may share your data only in the following circumstances:
- Cloud infrastructure providers: Hosting and computing services for the Platform and Cloud Services, bound by data processing agreements
- AI service providers: Third-party AI providers used to power the AI Agent, acting as data processors under GDPR-compliant contractual safeguards
- Payment processors: For billing and payment processing related to license purchases
- Legal requirements: When required by law, regulation, or valid legal process
- Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to you
All third-party processors are bound by data processing agreements (DPA) ensuring GDPR compliance. A list of current sub-processors is available upon request at privacy@oktima.ai.
6. International Data Transfers
Your personal data may be processed in servers located within the European Union or in other jurisdictions. For any transfer of personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- EU adequacy decisions for the destination country
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules or other approved transfer mechanisms
This applies in particular to AI processing services that may involve data centers outside the EEA. You may request details about the specific safeguards in place by contacting us at privacy@oktima.ai.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of the contractual relationship, plus any legally required retention period |
| Usage analytics and telemetry | 1 month by default; may be reduced to zero depending on license terms |
| AI Agent interaction data | 1 month by default; may be reduced to zero depending on license terms |
| Billing and invoicing data | 10 years (Italian tax law requirements) |
| Device and license management data | Duration of the license validity period |
| Support communications | Duration of the contractual relationship, plus 1 year |
| Website browsing data (Plausible) | Aggregated and anonymous; no personal data stored. Auth cookies expire with session. |
Certain license plans may include enhanced data minimization options that allow shorter retention periods or immediate deletion of usage and AI interaction data. Please refer to your specific license agreement for details.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest (AES-GCM)
- Access controls and role-based authentication
- Regular security assessments and penetration testing
- Incident response and breach notification procedures
- Employee training on data protection and security
- Secure development practices with Rust for memory safety and thread safety
ISO 27001 Certification
Oktima S.r.l. is currently undergoing ISO 27001 certification for its information security management system, with certification expected by end of 2026. This internationally recognized standard ensures systematic management of sensitive information through risk assessment, security controls, and continuous improvement.
9. Cookies and Analytics
9.1 Website Analytics
We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and does not track visitors across websites. All data is aggregated and no individual visitor profiles are created. Plausible is compliant with GDPR, CCPA, and PECR without requiring cookie consent.
9.2 Essential Cookies
Our website uses only essential cookies that are strictly necessary for the functioning of the Platform:
- Authentication cookies: Session and security tokens required for login and account access (managed by our authentication provider)
- Consent preference: Local storage entry to remember your cookie consent choice
These cookies do not require consent under GDPR as they are strictly necessary for the service you requested. We do not use any marketing, profiling, or third-party tracking cookies.
You can manage cookies at any time through your browser settings or our Cookie Settings page. Note that disabling essential cookies may affect authentication functionality.
10. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access (Art. 15): Obtain confirmation of whether your data is being processed and request a copy
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations
- Right to restriction (Art. 18): Request restriction of processing in specific circumstances
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest, including profiling
- Right to withdraw consent (Art. 7): Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@oktima.ai. We will respond within 30 days as required by law.
Right to lodge a complaint
You have the right to lodge a complaint with the Italian data protection authority: Garante per la Protezione dei Dati Personali, Piazza Venezia 11, 00187 Roma, Italy – www.garanteprivacy.it
11. Children's Privacy
The Oktima Platform is a professional development tool intended for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us at privacy@oktima.ai and we will take steps to delete such information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable laws. We will notify you of material changes by:
- Posting the updated policy on our website with a revised date
- Sending an email notification for significant changes
- Displaying a notice within the Oktima IDE
Material changes will be communicated at least 30 days before they take effect. We encourage you to review this policy periodically.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us:
Privacy inquiries: privacy@oktima.ai
General inquiries: oktima@oktima.ai
PEC (certified email): oktima@legalmail.it
Address: Oktima S.r.l. – Via Provinciale Osovana 13, 33030 Buja (UD), Italy
14. Governing Law
This Privacy Policy is governed by the laws of Italy and Regulation (EU) 2016/679 (GDPR). Any dispute arising from this Policy shall be subject to the exclusive jurisdiction of the Court of Udine, Italy, without prejudice to any mandatory consumer protection provisions of your jurisdiction of residence.
Questions About Privacy?
We're here to help. Contact our privacy team for any questions or concerns about your data.