Privacy Policy

Learn how we collect, store, and use your information on this website.

Updated Date: January 15, 2026

At Oh My Luck, we respect your privacy and are committed to fully explaining how we handle your personal data. This Privacy Policy (the "Policy") informs you how we process information about you on the website ohmyluck.com (the "Site").

1. Our Services and Scope of this Policy

The Site allows you to use certain randomization and decision-making tools that help you randomly pick things, like names, winners, words, colors, countries, letters, numbers, and passwords. Also, it allows you to use certain features such as dice rolling, coin flipping, and placeholder text generation (collectively, the "Services").

This document describes the source and types of personal data we process, how we use that data, our legal basis for doing so, with whom we share it, and your rights and choices regarding your privacy.

2. Acknowledgment of the Policy

By accessing or using the Site, you acknowledge that you have reviewed the Policy and understood that through your use of the Site, the processing of your personal data will be undertaken in accordance with this Policy.

If you do not agree with the processing activities described in this Policy, or if you do not wish to be bound by these practices, please refrain from accessing the Site or using the Services. Your continued interaction with our Services constitutes an acknowledgement of our data practices as outlined in this document.

3. Data Controller

The data controller for this Site is:

  • Name: Burak Özdemir, a sole proprietor
  • Operational Address: Calle Puerto 14, 5th floor, 29016, Málaga, Spain
  • E-mail: contact {@} ozdemir {dot} dev

4. Sources, Types, Purposes & Legal Basis of Personal Data Processing

We collect and process personal data through different methods depending on how you interact with our Site and Services. You can find the details about the source and type of the data we process, our purposes, and legal basis below:

Technical Server Logs

When you visit the Site, our server (nginx) automatically collects certain technical information in log files.

These technical server logs include your IP address, browser type, operating system, and timestamp of access.

These server logs are processed and stored to comply with our legal obligations under Turkish Law No. 5651 (Regulation of Publications on the Internet and Suppression of Crimes Committed by Means of Such Publications). In accordance with Law No. 5651, we are required to store these logs for at least one (1) year. Our legal basis is complying with our legal obligations in this regard.

In addition, these server logs are processed to ensure the security and stability of the Site, detect and prevent DDoS attacks, identify malicious behavior, and troubleshoot technical problems. Our legal basis is legitimate interest since maintaining a secure platform is essential for our operations and your safety.

These logs are stored securely, are not used for marketing or analytics, and are only accessed if required by a formal legal request from authorized government agencies.

This data is stored within our DigitalOcean infrastructure. We use logrotate technology to ensure these logs are automatically deleted after the mandatory period of 365 days.

User Input (Local Storage)

We collect this information directly from you when you enter or upload text or lists into our tool, the Wheel of Names.

This data is stored locally on your device via your browser's local storage. We cannot access, see, or store this data on our servers. It remains entirely on your device.

We provide the technology to process this information solely to allow the tools to function and to ensure your lists are available for your convenience when you return to the Site.

You can delete this data at any time by clearing your browser cache or using the "clear" button within the tool.

User as a Data Controller

To the extent that you input personal data of third parties (such as names of students, employees, or customers) into our tool, the Wheel of Names, you acknowledge that you are the data controller of that information.

Because our Site processes this data locally on your device and does not have access to, custody of, or control over this information; Oh My Luck does not act as a Data Processor. You are solely responsible for ensuring your use of the Services complies with applicable data protection laws.

Analytics (Cookie-less)

We get it automatically via the Ahrefs Analytics integration. Unlike traditional analytics, this service is cookie-less. It does not track individual users across the web and does not store personal data that can identify you. It provides us only with anonymous, aggregated traffic statistics.

5. Third-Party Service Providers

To provide secure and sustainable service, we work with the following third parties:

Cloudflare

Cloudflare helps protect the Site from malicious activity and speeds up content delivery. Cloudflare may process your IP address and technical device data to distinguish between real human visitors and malicious bots or automated attacks.

Our legal basis is legitimate interest since this is necessary to protect the integrity of the Services.

Google AdSense

We use Google AdSense to serve advertisements. Google uses cookies to serve ads based on your prior visits.

Google processes online identifiers, including cookie IDs, device identifiers, and IP addresses.

The purpose of processing is to display advertisements, prevent ad fraud, and limit the frequency of ads shown to you. Depending on your choice in the consent banner, this data may be used for personalized advertising.

The legal basis for processing is your consent. This processing only occurs if you provide consent through the ad consent banner displayed on the Site.

  • Consent Management: We use Google's integrated CPM (Consent Management Platform). You can customize your ad preferences or revoke consent at any time through the ad settings overlay on the Site.

6. Cookies

Our Site

We do not set any first party cookies for tracking or functionality.

Third-Party Service Provider

As mentioned above, Google AdSense may set cookies for advertising purposes to serve ads based on your browsing history on this Site and elsewhere on the web.

You can opt out of personalized advertising by visiting Google's Ad Settings: https://www.google.com/settings/ads. To understand how Google processes data through its partners, visit Google's Partner Policy page: https://www.google.com/policies/privacy/partners.

7. Sharing of Personal Data

We value your privacy and do not sell, rent, or trade your personal data with third parties for their marketing purposes. We only share the limited personal data we collect in the following occasions:

  • Our hosting provider (DigitalOcean) and security provider (Cloudflare) process technical data (like IP addresses) only to provide the necessary infrastructure and security for the Site.
  • Google AdSense processes data upon your consent and as described above to serve advertisements.
  • Our authorized contractors or developers may access technical logs if necessary to investigate security threats (such as DDoS attacks) or troubleshoot critical system errors. All such parties are bound by strict confidentiality obligations.
  • If Oh My Luck undergoes a business transition, such as a merger, acquisition, or sale of assets, your technical information (server logs) may be among the assets transferred. In such an event, we will require the new entity to honor the terms of this Privacy Policy.
  • Respond to a lawful request from a court, law enforcement agency, or government authority (e.g., in response to a subpoena or court order). For any governmental data access request, we will attempt to notify you unless we are legally prohibited from doing so.
  • Protect the security and integrity of our Services and enforce our rights in the Terms of Service.

8. Data Retention and International Transfers

Storage Location

Oh My Luck is operated from the Republic of Turkey. However, our technical infrastructure is provided by DigitalOcean, with servers located in the United States. By using the Site, you acknowledge that your technical personal data (such as IP addresses in server logs) will be transferred to and processed in the United States. We ensure that out service providers maintain high standards of data security and comply with necessary data protection safeguards.

Data Retention Periods

  • Technical Server Logs (containing IP addresses and access data) are used for security purposes and complying our legal requirements under Turkish Law No. 5651 and are automatically deleted after mandatory retention period, 365 days, using logrotate technology on DigitalOcean.
  • Local Storage Content including any lists or data you input into our tool, the Wheel of Names, are stored only on your device. We do not have a retention period for this data because we do not host it; it remains there until you choose to delete it or clear your browser cache.
  • Our Analytics via Ahrefs are anonymized and aggregated; they do not contain any personal data and may be kept indefinitely for historical traffic analysis.

9. Security

We employ organizational, technical, and administrative measures designed to protect your personal data against unauthorized access, destruction, accidental loss, unauthorized alteration, or abuse. We partner with leading providers like Cloudflare to protect the Site against DDoS attacks, malicious bots, and unauthorized access. Our most effective security measure is that we do not store your input and tool-generated content on our servers. Because your lists and results stay in your browser's local storage, they are not vulnerable to a server-side data breach of our infrastructure. The security of that data depends on the security of your device. Access to our server logs is strictly limited to authorized personnel and is used only for troubleshooting and security investigations.

10. Your Data Protection Rights

You have the right under this Privacy Policy, and by mandatory law to the following:

  • Your right to access: You have the right to access your personal data, including information about the categories of data held, the purposes and period of processing, and any recipients of the data.
  • Your right to rectification: You have the right to request the correction or updating of your personal data if it is inaccurate or incomplete.
  • Your right to erasure ("right to be forgotten"): In certain cases, you have the right to request from us the erasure of your personal data. We may not be able to grant this right to you in certain cases, due to our obligations to fulfill certain legal requirements. Please note that for data stored in your browser's local storage, we do not have access to this data and therefore cannot erase it on your behalf; you must clear your browser cache to exercise this right.
  • Your right to restriction of processing: You have the right to request from us restriction of processing, for a certain period or in certain situations.
  • Your right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means. You have the right to receive your personal data from us in a structured format and you have the right to (let) transmit such personal data to another controller.
  • Your right to object to processing: In certain cases, you have the right to object to the processing of your personal data, including with regards to profiling or direct marketing.
  • Your right to be not subject to automated individual decision-making processing: Your have the right to not to be subject to a decision, based solely on automated processing if such decisions significantly affect you.
  • Your right to lodge a complaint: You have the right to lodge a complaint with the relevant data protection supervisory authority, if you are unhappy with the way we are handling your personal data after you have contacted with us about a personal data concern.

11. Exercising Your Data Protection Rights

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We provide information on action taken without undue delay and in any event, within one month of receipt of the request.

The one month period may be extended by two further months, where necessary, taking into account the complexity and number of requests. In this case, we will inform you of any extension within one month of receiving your request, and explain the reasons for the delay.

You may exercise your rights by simply contacting us at contact {@} ozdemir {dot} dev.

Your requests will be dealt with free of charge. Please note that we may ask you to verify your identity before responding to such requests.

12. Updates to this Policy and Notifications

We may change this Policy from time to time in response to changing legal, technical or business developments. Any changes are effective when we post the revised Policy. When we update this document, we will post it on the Site. You can see when this Policy was last updated by checking the "last updated" date displayed at the top of this Privacy Policy.

13. Translations of the Privacy Policy

The governing language of this Privacy Policy is English. Any translations provided are for reference only, and the English version shall prevail in the event of a conflict. Any communications related to this Policy, unless otherwise specified, shall be English.

14. Contact Information

If you have any questions or complaints about this Policy, or if you wish to exercise your rights under applicable data protection laws, please feel free to contact us in writing at contact {@} ozdemir {dot} dev.