Legal

Privacy Policy

Effective: 15 July 2026 Last updated: 15 July 2026 Version 1.0

This policy describes exactly what OdooBridge collects, why, how long we keep it, and who else touches it. It is written to be read. If anything here is unclear, email [email protected] and we'll explain it in plain terms.

On this page
  1. Who is responsible
  2. What we collect
  3. Why, and on what legal basis
  4. Cookies and tracking
  5. Your Odoo data and BYOK
  6. The demo Odoo instance
  7. Who else processes data
  8. How long we keep it
  9. Your rights
  10. Security
  11. Children
  12. Changes

1. Who is responsible

OdooBridge is a product of IndaPoint Technologies Private Limited, which is the data controller for the information described in this policy.

IndaPoint Technologies Private Limited
311–315, Third Floor, Ananta Stallion,
Gotri – Sevasi Rd, above Westside, Gotri,
Vadodara, Gujarat 391101, India

Email: [email protected]
Company website: indapoint.com

2. What we collect

We collect two things, and only two things. There is no hidden third.

a. What you type into the demo request form

Data collected by the OdooBridge demo request form
FieldRequired?What it's used for
NameYesTo address you in the demo email
Work emailYesTo send your demo token and setup instructions
CompanyNoTo understand who is evaluating
RoleNoTo tailor our reply (partner vs. developer)
Number of Odoo clientsNoTo understand partner scale
MessageNoWhatever you choose to tell us

That's the complete list. We don't enrich it, buy data about you, or look you up in third-party databases.

b. Your IP address — briefly

When you submit the form we record the originating IP address for a maximum of one hour. It is used for exactly one purpose: to stop a script from requesting hundreds of demo tokens (we allow 3 sign-ups per IP per hour). It is deleted automatically once that hour has passed — not archived, not aggregated. It is never used to identify, profile, or track you.

3. Why, and on what legal basis

Where the GDPR applies to you:

We do not use your data for automated decision-making or profiling. We do not sell, rent, or share it with anyone for their own marketing. You will not be added to a marketing list because you requested a demo.

4. Cookies and tracking

Worth stating plainly

This website sets no cookies and runs no analytics or tracking scripts. No Google Analytics, no tag manager, no advertising pixels, no session recording, no third-party fonts. That is why you were never shown a cookie banner — there is nothing to consent to.

Our web server keeps ordinary short-term operational logs (the kind every web server keeps) for security and debugging. Traffic to this site passes through Cloudflare, which acts as our CDN and network-security layer and processes connection data on our behalf.

5. Your Odoo data and BYOK

Read this one — it's the important one

OdooBridge is BYOK (bring your own key). You supply your own AI provider key — OpenAI, Anthropic, OpenRouter, or another. This has a direct privacy consequence you should understand before you connect it to a real Odoo:

When you use OdooBridge against your own Odoo, the Odoo data involved in a request is sent to whichever AI provider you chose, under that provider's terms and privacy policy — not ours. We are not in that path and we do not see, store, or process that data. The choice of provider, and the data-processing terms that come with it, is yours.

OdooBridge runs as a stateless container. It holds no copy of your Odoo records: data passes through in memory to answer the request in front of it and is not retained. Your own Odoo credentials stay with the OdooBridge instance you or your provider runs, and are not transmitted to us.

Audit logging records that an action happened — which tool, which model, when, by whom — not the field values involved.

If you deploy OdooBridge for your own clients, note that for their data you are the controller and we are not a party to it, unless we have separately signed an agreement saying otherwise. If you need a Data Processing Agreement in place before a deployment, email us and we'll arrange one.

6. The demo Odoo instance

The demo token we issue points at a shared demo Odoo instance we run, pre-loaded with Odoo's sample data. It exists so you can see the product work against something real.

Please don't

Do not put real, personal, confidential, or client data into the demo instance. It is shared, non-production, reset periodically, and is not an appropriate place for anything that matters. Anything you enter there may be visible to us and is deleted when the instance is reset.

Demo tokens are scoped and metered: 10 Odoo actions, expiring after 3 days.

7. Who else processes data

The complete list of third parties involved in the data described above:

WhoWhat they doWhat they see
EmailitDelivers the demo emailYour name and email address
Amazon Web Services (S3, Mumbai — ap-south-1)Hosts the installer downloadsDownload requests via time-limited signed links
CloudflareCDN and network security in front of the siteConnection data (IP, request metadata)

Our own infrastructure is operated by IndaPoint. Because we are based in India, data you send us is processed in India; some of the providers above operate internationally. Where personal data of EU/UK residents is transferred, it is transferred on the basis of the appropriate safeguards those providers maintain, and it is limited to the minimal fields listed above.

Your AI provider is deliberately not in this table — because it is your choice, not ours, and the relationship is between you and them. See section 5.

8. How long we keep it

DataKept for
IP address (abuse prevention)1 hour, then automatically deleted
Demo token and its usage counterExpires 3 days after issue
Your name, email, company, role, messageUp to 24 months from your last contact with us, so we can pick up a conversation where it left off — or until you ask us to delete it, whichever comes first
Demo Odoo contentsDeleted when the instance is reset

9. Your rights

You can ask us to: give you a copy of what we hold about you; correct it; delete it; restrict or object to how we use it; or send it to you in a portable form. Where we rely on legitimate interests, you can object — and for marketing-style follow-up, we will stop, no questions asked.

Email [email protected]. We'll respond within 30 days. There's no form and no fee.

Given the amount of data involved, "delete everything you have about me" is usually a single database row and takes us about a minute.

If you're in the EU or UK and you think we've handled your data badly, you're entitled to complain to your local supervisory authority. We'd genuinely rather you told us first.

10. Security

The site and API are served over HTTPS. Demo tokens are random, scoped, metered and short-lived. Installer downloads are served only through time-limited signed links to people who requested a demo — the storage bucket itself is private. Access to the systems holding sign-up data is limited to the IndaPoint staff who need it.

No system is perfectly secure, and we won't pretend otherwise. If you find a security issue, please report it to [email protected] — we will thank you properly.

11. Children

OdooBridge is a business product sold to companies. It is not intended for anyone under 18, and we do not knowingly collect data from children.

12. Changes

If we change this policy we'll update the "Last updated" date at the top and bump the version. If a change materially affects people who have already given us their details, we'll email them — we have their address; using it for that is the least we can do.

Questions about this policy? [email protected] · See also our Terms of Service.