Skip to content
GDPR

GDPR — how we handle your data.

We built Oden C.A.M around data minimization, EU hosting, and full transparency — not as an afterthought.

01

Where your data lives

All Oden data (control panel, logs, backups) is stored in Cloud Run and Firestore in the Finland region (europe-north1). Your WordPress sites run on whichever hosting you choose — if you want to move to us, we offer WEBBELi as an add-on (Scandinavian servers in Sweden). Backups are AES-256 encrypted and stay inside the EU. We use no subprocessors in the US or other non-EU/EEA countries — which means Schrems II concerns simply don't apply.

02

What data we process

Only what's needed to run your WordPress: your sites' URLs, plugin and theme versions, update history, and cryptographic keys. We never touch your visitors' data — there's no tracking pixel and no ads module.

  • Site metadata (URL, version, status)
  • Operations logs (security events, updates)
  • Backup archives (encrypted, 30 days)
  • Operator identity (your email, for support)
03

How it's protected

The connection between your WordPress and Oden goes via the WEBBELi worker plugin we install on your site — TLS 1.3 with Ed25519 keys. Stored secrets are envelope-encrypted (Cloud KMS). Audit logs are write-only and kept for 12 months.

04

Your rights

You can request access to, correction of, or deletion of your data. Email hello@oden.cam and we'll respond within 30 days (usually within 48 hours). At termination, all customer data is permanently erased within 60 days — except what we must retain under Swedish bookkeeping law (7 years).

05

Data incidents

If we confirm an incident affecting your personal data, we'll contact you within 72 hours with an initial report, in parallel with our notification to IMY (the Swedish DPA). The report covers what happened, what was affected, and what mitigations we're applying.

06

Data Processing Agreement (DPA)

A standard DPA is automatically included — no separate paperwork. It stipulates EU hosting, sub-processors (list available on request), and Swedish law as the applicable jurisdiction. Larger procurements can sign an extended agreement: hello@oden.cam.

Controller: NNi Solutions, Sweden. Questions? hello@oden.cam

GDPR

GDPR — how we handle your data.

We built Oden C.A.M around data minimization, EU hosting, and full transparency — not as an afterthought.

01

Where your data lives

All Oden data (control panel, logs, backups) is stored in Cloud Run and Firestore in the Finland region (europe-north1). Your WordPress sites run on whichever hosting you choose — if you want to move to us, we offer WEBBELi as an add-on (Scandinavian servers in Sweden). Backups are AES-256 encrypted and stay inside the EU. We use no subprocessors in the US or other non-EU/EEA countries — which means Schrems II concerns simply don't apply.

02

What data we process

Only what's needed to run your WordPress: your sites' URLs, plugin and theme versions, update history, and cryptographic keys. We never touch your visitors' data — there's no tracking pixel and no ads module.

  • Site metadata (URL, version, status)
  • Operations logs (security events, updates)
  • Backup archives (encrypted, 30 days)
  • Operator identity (your email, for support)
03

How it's protected

The connection between your WordPress and Oden goes via the WEBBELi worker plugin we install on your site — TLS 1.3 with Ed25519 keys. Stored secrets are envelope-encrypted (Cloud KMS). Audit logs are write-only and kept for 12 months.

04

Your rights

You can request access to, correction of, or deletion of your data. Email hello@oden.cam and we'll respond within 30 days (usually within 48 hours). At termination, all customer data is permanently erased within 60 days — except what we must retain under Swedish bookkeeping law (7 years).

05

Data incidents

If we confirm an incident affecting your personal data, we'll contact you within 72 hours with an initial report, in parallel with our notification to IMY (the Swedish DPA). The report covers what happened, what was affected, and what mitigations we're applying.

06

Data Processing Agreement (DPA)

A standard DPA is automatically included — no separate paperwork. It stipulates EU hosting, sub-processors (list available on request), and Swedish law as the applicable jurisdiction. Larger procurements can sign an extended agreement: hello@oden.cam.

Controller: NNi Solutions, Sweden. Questions? hello@oden.cam
Service

Get Oden C.A.M