OpsOS ("we", "us", "our") operates a software platform designed to support business operations, including planning, inventory, CRM, and related modules.

We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1 Information you provide

Name, email address, and contact details
Account credentials
Company or organisation details
Any data you input into the platform (e.g. schedules, inventory, notes)

1.2 Automatically collected data

IP address
Browser and device information
Usage data (pages visited, actions taken)
Logs and diagnostic data

1.3 Third-party data

If integrations are enabled (e.g. APIs, external services), we may receive data from those services as authorised by you.

2. How We Use Your Information

We use your data to:

Provide and operate the OpsOS platform
Authenticate users and manage accounts
Improve functionality and performance
Monitor usage and prevent abuse
Communicate important service updates
Comply with legal obligations

We do not sell your personal data.

3. Data Storage and Security

Data is stored on secure infrastructure (e.g. VPS, cloud providers such as AWS)
Access is restricted to authorised systems and personnel
We implement reasonable technical and organisational safeguards

Certain sensitive data — such as supplier bank account details and sort codes — is encrypted at the point of entry using envelope encryption. This means that even OpsOS staff and support personnel cannot read these values. Decryption requires both an application-level key and a tenant-specific key, neither of which is stored together.

You are responsible for keeping your login credentials secure.

4. Multi-Tenant Data Separation

OpsOS is a multi-tenant platform. We take reasonable measures to ensure that:

Data belonging to one organisation is not accessible to another
Access controls are enforced at the application level

5. Data Retention

We retain data only as long as necessary to:

Provide services
Comply with legal obligations
Resolve disputes

When you delete a record within OpsOS — such as a user, supplier, or document — it is marked as deleted and immediately removed from active views. However, the underlying data may be retained for a period in order to maintain the integrity of historical records, support auditing, and allow recovery in the event of accidental deletion. OpsOS support staff can assist with recovering data that has been accidentally deleted during this retention window.

You may request permanent deletion of your data — see Section 8.

6. Cookies and Tracking

We may use cookies or similar technologies to:

Maintain sessions
Improve user experience
Analyse site performance

You can control cookies via your browser settings.

7. Third-Party Services

We may use third-party services such as:

Hosting providers (e.g. AWS, VPS providers)
Analytics tools
Email delivery systems

These providers may process data on our behalf under appropriate data processing agreements.

8. Your Rights (UK / GDPR)

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion
Restrict or object to processing
Request data portability

9. Data Transfers

Your data may be processed in the UK or other jurisdictions where our infrastructure is located. We take reasonable steps to ensure appropriate safeguards are in place.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised date.

11. Contact

For privacy questions or data requests, please use the contact form on our website.