Privacy Policy

Opsion is built for operators who take security seriously — and we hold ourselves to the same standard. We collect the minimum data required to run the service. We do not use third-party analytics, advertising networks, or tracking pixels. We do not sell, rent, or share your data with anyone, for any reason.

We do not set any cookies in your browser. We do not use Google Analytics, Mixpanel, Segment, Hotjar, or any other third-party analytics tool. We do not fingerprint your browser. We do not track you across other websites.

Our website may log standard HTTP request metadata (IP address, user agent, referrer) in server-side access logs for security and abuse prevention purposes. These logs are retained for a maximum of 30 days and are never used for advertising or profiling.

When you sign up for Opsion, we collect:

• Email address — used to identify your account and send you alerts and transactional emails.
• Password — stored as a salted bcrypt hash. We never see your plaintext password.
• Billing information — processed directly by Stripe. We never store raw card numbers.
• Wallet addresses — the public blockchain addresses you choose to monitor. These are not personal data under most definitions, but we treat them with the same care.

We use your data solely to provide the Opsion service:

• Sending alert notifications and transactional emails (account changes, billing receipts).
• Processing subscription payments via Stripe.
• Generating compliance evidence packs on your request.
• Responding to support requests.

We do not use your data to train machine learning models, build advertising profiles, or for any purpose beyond operating the service you signed up for.

We share your data with a minimal set of sub-processors, each of which is necessary to operate the service:

• Stripe — payment processing. Subject to Stripe's privacy policy.
• Hetzner / cloud infrastructure providers — server hosting in the EU.
• Resend — transactional email delivery (alerts, receipts).

We do not share your data with any other third parties. We will never sell your data.

Your account data is retained for as long as your account is active. When you delete your account, all associated personal data is permanently deleted within 30 days, except where we are legally required to retain records (e.g. billing records for tax compliance, which are kept for 7 years per EU regulations). Compliance audit logs you have exported are your own data — we do not retain copies beyond the service period.

Under the GDPR and equivalent regulations, you have the right to access, correct, export, or delete your personal data at any time. You can:

• Export all your account data from Settings → Data Export.
• Delete your account and all associated data from Settings → Delete Account.
• Email team@opsion.xyz for any other data requests.

We will respond to all data requests within 3 days.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted to authorised personnel, protected by hardware MFA, and subject to audit logging. We conduct regular security reviews and promptly address any vulnerabilities.

If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. Continued use of Opsion after that date constitutes acceptance of the updated policy. The current version is always available at this URL.