Revised as of April 16, 2025
OSF Digital is committed to protecting your privacy. We value your privacy, and we are committed to protecting your personal information.
This Privacy Statement (“Statement”) sets out the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide, and certain rights and options that you may have in this respect.
These websites are owned and operated by OSF Global Services, Inc. d/b/a OSF Digital and/or its affiliates and subsidiaries (herein “OSF” or “We”). Your privacy while visiting our websites, including but not limited to osf.digital and allai.digital (collectively, the "Sites"), is of the utmost importance to us.
This Statement applies only to information collected on the Sites and will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not visit our Sites or provide us with any information.
As used in this Statement, “Personal Data (PII)” means information relating to an identified or identifiable natural person, which enables the natural person to be identified, directly or indirectly.
This Privacy Statement explains:
Your rights and choices when it comes to your data.
For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 - the "GDPR"), your data will be controlled by the OSF affiliate or subsidiary that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data.
This Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates) collect, use, share or process Personal Data. All the details about how OSF acts as a processor can be found in https://osf.digital/company/compliance.
OSF Digital is responsible for safeguarding your Personal Data. Depending on the services you use or the team you interact with, your data may be handled by OSF or one of our affiliated companies. Information on our subsidiaries can be found here.
When you receive services from us or our partners, we may also handle data on behalf of other organizations. In those cases, we act as a service provider, and the privacy policy of that organization will apply.
We collect Personal Data when you interact with our websites or provide information directly. This can happen when you:
The types of Personal Data we may collect include:
If you post on our public forums, blogs, or message boards, please note that this content—along with your profile details—may be visible to others. Even if you delete your account, some posts and profile info might remain publicly accessible.
We also collect standard website data, like:
Aggregated data on how users interact with the site.
If you apply for a job using the ”Jobs at OSF” website section (https://osf.digital/careers/jobs), you will be required to offer your explicit consent for your data to be further processed for recruitment purposes; in general, recruitment data refers to your Personal Data, such as your name, date of birth, phone number, e-mail address, and your resume and cover letter, if applicable. The information you will submit for recruitment purposes is collected through Zoho Recruit platform (https://www.zoho.com/recruit/), a third-party, and Zoho Recruit’s Privacy Policy terms will apply (https://www.zoho.com/privacy.html).
Sensitive Information. We do not usually seek to collect or obtain any sensitive information about individuals.
Your PII may be used by OSF to:
We will communicate with you primarily in the form of e-mails. You can opt-out of receiving certain communications from the Sites by clicking the “Unsubscribe” link at the bottom of each email or emailing us at [email protected]. Please note that even if you unsubscribe or opt-out, we may still send you Sites related communications (e.g., e-mails related to your comments).
Consistent with international legislation, we do not knowingly request personally identifiable information from anyone under the age of 13. Please read the final section of this Statement for more detailed country-specific elements.
We may also use your Personal Data to create anonymous data records by excluding information that makes the data personally identifiable to you.
Like most websites, we use cookies and similar tools to improve your experience on our Sites. These help us understand how visitors use our pages, remember your preferences, and recognize you when you return. Unless you choose to identify yourself to OSF, either by responding to a promotional offer, registering to download a product, or filling out a web form (such as a “Contact Me”), you remain anonymous to OSF. We may collect basic information like:
Cookies don’t store personal data directly or access anything on your device. They simply help connect your activity on our Sites to information you've already provided — like if you filled out a form or signed up for updates.
When you first visit our website, you’ll be asked if you want to allow cookies. You can:
If you choose to block or disable cookies, some parts of our website might not work properly. For guidance on managing cookies, check the “Help” section of your browser. There, you’ll find step-by-step instructions on how to:
Delete existing cookies
We do not correlate this information with data about individual users. We do aggregate and compile overall usage statistics according to a user’s domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user’s browser).
OSF sometimes tracks and catalogs the search terms users enter in our Search function, however this tracking is never associated with individual users. We use tracking information to determine which areas of our Sites users prefer based on traffic to those areas. We do not track what individual users read, but rather how well each page performs overall. This may help us continue to build a better online experience for you.
DISCLOSURE TO THIRD PARTIES
We do not sell, rent, or trade your Personal Data for any financial gain. Your information is only shared when necessary to support our services, meet legal obligations, or ensure business continuity.
We may share your data with:
1. Trusted Service Providers
We work with third-party providers who help us run our websites and services (like hosting, IT infrastructure, or email systems). These companies only use your data to perform tasks on our behalf and are contractually required to protect it through Data Processing Agreements (DPAs), which ensure your information is used responsibly and in line with data protection laws.
2. Legal or Regulatory Authorities
We may be required to share your data when the law demands it — for example, in response to a court order or official investigation. We may also disclose information if it’s necessary to protect our rights, prevent fraud, or ensure the safety of you or others.
3. OSF Global Affiliates
Because we operate internationally, your data may be shared with other OSF affiliates around the world to provide you with services or support. These affiliates follow the same data protection standards, including the use of the European Commission’s Standard Contractual Clauses to safeguard data shared between regions such as the EU/EEA, UK, and others.
4. In Case of a Business Transition
If OSF is ever acquired, merged, or enters bankruptcy, your Personal Data may be transferred to the new organization as part of that transition.
We apply strong security measures and legal safeguards when transferring data and are happy to provide more details about these agreements if requested. Similar appropriate safeguards are also in place with our third-party service providers and partners.
INTERNATIONAL TRANSFERS WITHIN OUR GROUP
As a global company, OSF may transfer your PII to other OSF affiliates around the world to support our operations and deliver services. Please see https://osf.digital/contact-us for a list of OSF Affiliates and their locations. No matter where your data goes, we ensure it’s protected to the highest standards.
We follow Binding Corporate Rules (BCRs) internal rules approved by the European Data Protection Board (EDPB) that guide how we handle and protect personal data across all our global offices. These rules are designed to fully align with the requirements of the General Data Protection Regulation (GDPR).
When data is transferred outside of the European Economic Area (EEA), Switzerland, or the UK, we also rely on:
Additional technical and organizational safeguards where needed, such as data encryption, secure transfer protocols, and strict access controls.
These measures ensure your personal data remains secure and protected, no matter where it is processed.
In accordance with the data minimization principle, we retain Personal Data for the purpose for which it was collected. We maintain specific records management and retention policies and procedures so Personal Data are deleted after a reasonable time according to the following retention criteria:
We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us) or as otherwise needed in order to comply with our global legal and contractual obligations.
INTERNATIONAL TRANSFERS TO THIRD PARTIES
Some of the third parties which provide services to us under contract are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we use a variety of legal mechanisms to safeguard the transfer including the European Commission approved Data Privacy Framework Standard Contractual Clauses (SCC), as well as additional safeguards where appropriate. For transfers to or from the United Kingdom, we make use of the UK Addendum. For transfers to or from Canada, we make use of the SCCs. Please contact us if you need more information about the legal mechanisms, we rely on to transfer personal data outside the EEA, Switzerland, Canada, and UK.
We have put in place security measures to prevent your Personal Data from being used or accessed in an unauthorized way. We have also put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable supervisory authority or regulator of a breach where we are legally required to do so. You can read OSF's commitment statement here.
Some of the security measures that we have put in place are the following:
The Sites may contain links to other third-party web sites, products and services (collectively, "Linked Sites"). Such Linked Sites are offered for your convenience and/or information. OSF is not responsible for the contents or privacy practices of any Linked Site. Information collected by third parties may include location data or contact details. OSF makes no representations regarding the use of data by third-party websites-- third-party collection of data is governed by the privacy practices of those third parties. We encourage you to review the privacy statements posted on the other websites you visit.
We offer settings to control and manage certain Personal Data we have about you.
You have the right to:
To exercise these rights, contact us at [email protected] or by filling in this Data Subject Complaint/Request Form. We will respond within 30 (thirty) days. In more detail, your rights are the following:
Complain: You have the right to complain to a data protection authority about our collection and use of your Personal Data.
We may update this Privacy Statement from time to time. Any changes will be posted on this page along with the updated “Revised” date. We recommend checking back occasionally to stay informed about how we protect your data.
The names of companies and products mentioned within any website owned and operated by OSF may be the trademarks of their respective owners.
For Users in the EEA and EUROPE/UK
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your PII in line with the General Data Protection Regulation (GDPR) and applicable local data privacy laws.
Our legal basis for processing your data may include:
OSF typically acts as a Data Controller when handling your Personal Data. If we process data on behalf of a customer (for example, through services we provide), we act as a Data Processor, and the customer is responsible for how your data is managed.
We may rely on the following legal bases to process your Personal Data:
Contact details for data protection authorities in the EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.