Privacy Policy
How OpsIQ collects, uses, stores and protects information for our customers, their end-users, and visitors to this website.
1. Overview
This Privacy Policy describes how OpsIQ ("OpsIQ", "we", "us") handles personal data when you visit this website, sign up for an account, install the OpsIQ product (Cloud or Self-Hosted), or interact with the AI operating layer that we provide as a service to our customers.
OpsIQ acts as a data controller for the marketing site, your account information and your billing relationship with us. OpsIQ acts as a data processor on behalf of our customers when their visitors and end-users interact with OpsIQ-powered chat, tickets, analytics or actions on the customer's website.
2. What we collect
Account & billing
- Name, email, company name, country, phone (optional)
- Billing address, payment method tokens (we never store full card numbers — those live with our payment processor)
- Plan choice, subscription status, invoice history, transaction logs
Product usage
- Login activity, IP, browser/OS, session timestamps
- Connected sites & configured connectors (slug, settings, API endpoints)
- AI prompts, responses, and per-turn metadata you generate inside your workspace (owner-only AI History)
End-user data (processed on behalf of our customers)
- Chat conversations between your visitors and the AI / your team
- Visitor analytics: IP, user-agent, session ID, pages visited, country/city (from IP), device, traffic source, scroll depth, time on page
- Ticket data: subject, body, attachments, replies, internal notes, status, department
- Identity hints if your site exposes them (logged-in customer email, ID, name)
Cookies & similar technologies
OpsIQ uses essential cookies for authentication and the cookie-consent banner on this site. The customer-side widget uses localStorage for visitor identifiers. See Cookies for full details.
3. How we use it
- To provide the OpsIQ service to you and your end-users
- To process payments, issue licenses, provision cloud tenants, and prevent fraud
- To improve product reliability, quality and security
- To send transactional notices (incidents, password resets, billing receipts)
- To send product announcements you opted in to receive
- To meet legal, regulatory and tax obligations
We do not train AI models on your data. AI calls are forwarded to the model provider you choose (Anthropic, OpenAI, Gemini, Grok, or self-hosted) with the live conversation context only.
4. Legal bases (GDPR / equivalents)
| Activity | Legal basis |
|---|---|
| Provide the service | Performance of contract |
| Billing & tax records | Legal obligation |
| Security & fraud prevention | Legitimate interest |
| Product analytics | Legitimate interest (opt-out available) |
| Marketing emails | Consent |
| Cookies (non-essential) | Consent |
5. Sub-processors
OpsIQ uses a small set of trusted sub-processors. We notify customers of material changes and maintain DPAs with each.
| Sub-processor | Purpose | Region |
|---|---|---|
| Cloud infrastructure provider | Hosting, storage, backups | EU / West Africa |
| Stripe / Paystack / PayPal | Payment processing | Global |
| Anthropic / OpenAI / Gemini / Grok | AI model inference (provider you choose) | US / EU |
| Mailgun / SendGrid / SMTP relay | Transactional email delivery | EU / US |
| Cloudflare | CDN, DDoS protection | Global |
6. Retention
- Account data: retained while your account is active and 90 days after deletion.
- Billing records: retained 7 years to satisfy tax / accounting law.
- Audit logs: 12 months by default; longer if your plan requires it.
- End-user data on customer workspaces: retained per your workspace settings — you control retention.
- Backups: rotated on a 30-day cycle; deletions propagate within that window.
7. Your rights
Under GDPR, CCPA and equivalents, you have the right to access, correct, export, restrict, object to processing, or delete your personal data.
- Export & delete are available self-serve from your Account → Privacy.
- Data subject access requests can also be sent to
privacy@opsiqai.com— we respond within 30 days. - You can complain to your local data protection authority at any time.
8. Security
AES-256 at rest. TLS 1.3 in transit. HMAC-SHA256 on every webhook delivery. Per-tenant keys on cloud. Per-action audit logs. See the Trust Center for full details.
9. Children
OpsIQ is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has shared data with us, contact privacy@opsiqai.com and we will delete it.
10. International transfers
Where personal data crosses borders, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards. EU customer data is hosted in EU regions by default.
11. Changes to this policy
We update this policy when our services change. The Effective date at the top reflects the current version. Material changes are emailed to account admins and posted on this page at least 14 days before they take effect.
12. Contact
Privacy questions: privacy@opsiqai.com
Security questions: security@opsiqai.com
Mailing address: see About for our company details.
This policy is a working draft. Customers in regulated industries should review with counsel before deployment.