Privacy Policy
Contents
- Who We Are
- Information We Collect
- How We Use Your Information
- AI Processing Disclosure
- Data Sharing & Third Parties
- Multi-Tenant Data Isolation
- Healthcare Data
- Data Retention
- Security
- Cookies & Tracking
- Your Rights (CCPA & General)
- Children's Privacy
- Data Deletion Requests
- Changes to This Policy
- Contact
1. Who We Are
Opal Technologies, LLC ("Opal," "we," "us," or "our"), a Delaware limited liability company with a mailing address at c/o Republic Registered Agent LLC, 262 Chapman Rd, Ste 240, Newark, DE 19702, operates the Opal platform at www.myopal.io and app.myopal.io. We provide an AI-powered business management platform for operators, agencies, and portfolio managers. This Privacy Policy explains how we collect, use, store, and share information when you use our Service.
Questions? Contact us at info@myopal.io at any time.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name, email address, password (hashed, never stored in plaintext), and profile information
- Business information: Business names, types, locations, team members, and goals entered during onboarding or setup
- Payment information: Billing address and card details — collected and stored by Stripe, Inc. on our behalf. We never see or store your full card number.
- Communications: Emails, support requests, and feedback you send to us
- AI conversations: Messages you submit to Opal's AI chat features, stored to maintain conversation history
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, actions taken, and time spent in the application
- Device and browser data: Browser type, operating system, screen resolution, and IP address
- Login events: Timestamps and IP addresses associated with account logins
- Page views: Navigation events within the application
2.3 Data from Third-Party Integrations
When you connect third-party services, you authorize us to access and store data from those services. This may include financial data, operational data, booking data, and any other data within the scope of permissions you grant. You control which integrations are connected and can disconnect them at any time.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Generate AI-powered dashboards, insights, and Daily Pulse briefings
- Process payments and manage subscriptions
- Send transactional emails (verification, billing receipts, password reset)
- Send product-related communications — you may opt out of non-transactional emails at any time
- Maintain security and prevent fraud
- Respond to support requests
- Comply with legal obligations
- Analyze anonymized aggregate usage trends to improve the platform
We do not sell your personal data. We do not use your Customer Data for advertising purposes.
4. AI Processing Disclosure
Opal's AI features are powered by Anthropic's Claude API. When you use features such as AI dashboards, Daily Pulse, AI chat, or integration analysis, relevant data from your account is transmitted to Anthropic's API to generate responses.
- What is sent: Business context, KPIs, integration data, and your AI chat messages — only data required to generate a relevant response
- What is not sent: Payment information, passwords, or data from accounts you have not authorized
- Model training: We do not use your Customer Data to train AI models, and our commercial agreement with Anthropic prohibits Anthropic from using your data to train their models
- Third-party policy: Data processed by Anthropic is subject to Anthropic's Privacy Policy
- AI output limitations: AI-generated content may be incorrect, incomplete, or fabricated. We address these risks in our Terms of Service Section 6. You are solely responsible for verifying AI output before relying on it.
5. Data Sharing & Third Parties
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | All account and application data |
| Stripe, Inc. | Payment processing | Billing information, subscription status |
| Anthropic | AI model API (Claude) | Business context and AI chat messages |
| Nango | Integration OAuth middleware | Integration credentials and sync data |
| Resend | Transactional email | Email address, email content |
| Vercel | Application hosting | Web traffic and server logs |
We do not share your data with third parties for advertising, marketing, or data brokerage. We may share data if required by law, court order, or to protect the rights and safety of Opal or our users. In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred to the successor entity, subject to the protections of this Privacy Policy.
6. Multi-Tenant Data Isolation
Your data is logically separated from other customers' data at the database level through row-level security policies. Access to your data requires authentication as a user within your organization. Our team has limited, audited access to customer data — only for support, security, and operational purposes.
7. Healthcare Data
Opal is not designed as a HIPAA-compliant system by default and is not intended to store Protected Health Information (PHI). If you operate in a healthcare context, please review Section 8 of our Terms of Service and contact us at info@myopal.io before connecting systems that may contain PHI.
8. Data Retention
- Account data: Retained for the life of your account, then purged within 30 days of your final billing period end date
- Integration sync data: Retained for 13 months from last sync date
- AI conversation history: Retained for 12 months, then deleted
- Audit logs: Retained for 24 months
- Login event logs: Retained for 12 months
- Billing records: Retained for 7 years as required by law
- Anonymized aggregate data: May be retained indefinitely; cannot be re-associated with you
9. Security
We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encryption at rest, row-level security at the database level, multi-factor authentication, audit logging of sensitive actions, and access controls limiting internal team access to customer data. No method of transmission or storage is 100% secure; while we strive to protect your information, we cannot guarantee its absolute security. If we become aware of a data breach affecting your account, we will notify you as required by applicable law. To report a security concern, contact info@myopal.io immediately.
10. Cookies & Tracking
We use a minimal number of cookies: Essential cookies required for authentication and session management (cannot be disabled), and preference cookies that store your display settings. We do not use third-party advertising cookies, tracking pixels, or behavioral advertising networks. We do not sell data to data brokers. We honor the Global Privacy Control (GPC) browser signal where applicable.
11. Your Rights (CCPA & General)
11.1 Rights for All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Opt-out of marketing: Unsubscribe from non-transactional emails at any time
- Portability: Request your data in a structured, machine-readable format
11.2 California Residents (CCPA / CPRA)
California residents have the right to know what personal information we collect and how it is used, request deletion, request correction, opt out of sale or sharing (we do not sell or share personal information), limit use of sensitive personal information, and be free from discrimination for exercising these rights. To exercise any of these rights, submit a request to info@myopal.io. We will respond within 45 days as required by law. You may also designate an authorized agent to make requests on your behalf.
11.3 Categories of Personal Information Collected (CCPA)
| Category | Collected |
|---|---|
| Identifiers (name, email, IP address) | Yes |
| Commercial information (subscription, payment history) | Yes |
| Internet activity (pages visited, features used) | Yes |
| Professional information (business name, role) | Yes |
| Inferences (dashboard preferences, AI usage patterns) | Yes |
| Biometric data | No |
| Precise geolocation | No |
| Sensitive personal information | No |
12. Children's Privacy
The Service is intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 16. If you believe we have inadvertently collected information from a minor, contact us at info@myopal.io and we will promptly delete the relevant data.
13. Data Deletion Requests
You may request deletion of your personal data at any time by:
- Cancelling your subscription from within the app (Account Settings → Billing → Cancel Subscription), which initiates the deletion process automatically
- Emailing info@myopal.io with the subject line "Data Deletion Request"
- Visiting myopal.io/data-deletion for full instructions
Your data will be permanently deleted within 30 days of the request, with the exception of billing records (retained 7 years as required by law) and anonymized aggregate statistics (which cannot be re-associated with you).
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
15. Contact
Opal Technologies, LLC
A Delaware limited liability company
c/o Republic Registered Agent LLC
262 Chapman Rd, Ste 240
Newark, DE 19702
Email: info@myopal.io
Website: www.myopal.io