Privacy Policy

Last updated: March 2026

At Opusite, we take your privacy seriously. This policy describes how we collect, use, and protect your personal information when you use our platform. By using Opusite, you agree to the practices described here.

Information We Collect

We collect information you provide directly and information generated through your use of the platform:

  • Account information — your name, email address, and organization details when you create an account.
  • Content you create — documents, tasks, messages, contacts, files, and any other data you store within Opusite.
  • Usage data — how you interact with the platform, including pages visited, features used, and performance metrics.
  • Device information — browser type, operating system, and general location derived from your IP address.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Opusite platform.
  • Authenticate your identity and manage your account securely.
  • Send transactional emails such as password resets, invitation links, and billing receipts.
  • Monitor and fix errors to ensure platform reliability.
  • Analyze aggregated usage patterns to guide product development.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Storage & Security

Your data is stored securely using Supabase, which is hosted on Amazon Web Services (AWS) infrastructure. We implement multiple layers of protection:

  • All data is transmitted over HTTPS with TLS encryption in transit.
  • Database access is controlled by Row Level Security (RLS) policies, ensuring users can only access their own organization's data.
  • Sensitive data stored in the Vault module is encrypted with AES-256-GCM encryption at the application level.
  • Authentication is handled via Supabase Auth with secure session management.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data and account.
  • Export — request a machine-readable export of your data.
  • Objection — object to certain types of data processing.

Under the GDPR (for users in the European Economic Area) and the CCPA (for California residents), you have additional specific rights including the right to know what data is collected, the right to opt out of data sales (we do not sell data), and the right to non-discrimination for exercising your rights.

To exercise any of these rights, contact us at privacy@opusite.com. We will respond within 30 days.

Cookies & Tracking

Opusite uses a minimal approach to cookies and tracking:

  • Essential cookies — required for authentication and session management. These cannot be disabled.
  • Vercel Analytics — we use privacy-friendly analytics that do not use cookies and do not track individuals across sites. Data is aggregated and anonymized.
  • Cloudflare Turnstile — used on login and signup forms for spam prevention. Turnstile is a privacy-preserving alternative to traditional CAPTCHAs and does not track users.

We do not use advertising cookies, social media tracking pixels, or any third-party marketing trackers.

Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase (database, authentication, file storage) — hosted on AWS.
  • Vercel (hosting and deployment) — handles request routing and serverless function execution.
  • Sentry (error monitoring) — captures application errors to help us fix bugs. We have disabled the collection of personally identifiable information (sendDefaultPii is set to false).
  • Resend (transactional email) — used to send system emails such as invitations and password resets.
  • Cloudflare (Turnstile spam prevention) — used only on authentication forms.

Each third-party provider operates under their own privacy policy. We select providers that align with strong data protection standards.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data and content within 30 days, except where we are required to retain it for legal or compliance reasons. Aggregated, anonymized usage data that cannot be linked back to you may be retained indefinitely to improve the platform.

Children's Privacy

Opusite is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us with their data, please contact us at privacy@opusite.com.

Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through a notice on the platform. Your continued use of Opusite after changes take effect constitutes acceptance of the updated policy. We encourage you to review this page periodically.

Contact Us

If you have questions about this privacy policy or how we handle your data, contact us at privacy@opusite.com.