Privacy Policy

Last updated: January 2025

1. Introduction

OPSONIS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using OPSONIS, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

  • Name and contact information (email address, phone number)
  • Company information (company name, role, company size)
  • Account credentials (username, password)
  • Payment information (processed securely through our payment provider)
  • Communication preferences and feedback

2.2 Process Data

When you use our process mining services, we collect:

  • Event logs and process data you upload
  • Process analysis results and insights
  • Visualizations and reports you generate
  • User interactions within the platform

2.3 Automatically Collected Information

We automatically collect certain information when you use our services:

  • Device information (browser type, operating system, IP address)
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies
  • Performance and error logs

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our process mining services
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Communication: To send you service updates, security alerts, and marketing communications (with your consent)
  • Analytics: To analyze usage patterns and improve our platform
  • AI Processing: To generate insights using AI (Claude 3.5 Sonnet) based on your process data
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We work with third-party service providers who perform services on our behalf:

  • Supabase: Database and authentication services (data stored in EU)
  • Anthropic: AI-powered insights generation (Claude API)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Resend: Email delivery service
  • Vercel: Hosting and CDN services

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for data in transit (TLS 1.3)
  • Encryption at rest for stored data (AES-256)
  • Multi-tenant data isolation with Row Level Security (RLS)
  • Regular security audits and penetration testing
  • Access controls and authentication (including 2FA)
  • Automated backup and disaster recovery
  • SOC 2 Type II compliance (in progress)

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Closed Accounts: Data deleted within 90 days of account closure (unless legally required)
  • Process Data: Retained according to your subscription plan and deletion requests
  • Backup Data: Retained for up to 90 days in backup systems
  • Financial Records: Retained for 7 years for tax and accounting purposes

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, contact us at privacy@opsonis.com. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

8.1 Essential Cookies

Required for the platform to function (authentication, security, preferences)

8.2 Analytics Cookies

Help us understand how you use our platform (Google Analytics, with your consent)

8.3 Marketing Cookies

Track your interests for targeted advertising (with your consent)

You can manage cookie preferences through our cookie consent banner or your browser settings.

9. International Data Transfers

OPSONIS is based in the European Union (Romania, company registration in progress). Your data is primarily stored in EU data centers. If data is transferred outside the EU, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Privacy Shield Framework (where applicable)
  • Adequacy decisions for countries with equivalent data protection laws

10. Children's Privacy

OPSONIS is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 16, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for material changes)

Your continued use of OPSONIS after changes indicates acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

OPSONIS Data Protection Officer

Email: contact@opsonis.com

Company: OPSONIS (registration number TBD - company formation in progress)

Address: Bucharest, Romania, European Union (full address TBD)

Note: Company registration is in progress. Full legal details will be updated upon completion.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of alleged infringement. In Romania, the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

Related Documents

Terms of Service →GDPR Compliance →Security Practices →Contact Us →