OptyStack Privacy Policy

Last Updated: July 18, 2025

OptyStack (“we”, “us”, “our”) is dedicated to protecting your privacy and complying with all applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), India’s Digital Personal Data Protection Act (DPDPA), and other jurisdictional requirements. This Privacy Policy describes how we collect, use, share, protect, and enable your control of your data.

1. Scope

This Policy applies to everyone who uses or accesses OptyStack, whether from India, the United States, or any other region. Definitions of "personal information," "processing," and other key concepts are aligned with applicable privacy laws.

2. Information We Collect

a. Information You Provide

  • Company name, address, and registration details
  • Administrator and user profiles (name, email, role)
  • Credentials and passwords (securely encrypted)
  • Customer support communications and survey responses

b. Information from Third-Party Integrations

When you connect OptyStack to applications such as Google, Microsoft, and Slack, we collect:

  • User IDs, usernames, email addresses
  • Last login details and activity history
  • Device and location metadata (where available)
  • Configuration and permissions data

c. Usage & Technical Data

  • Access logs and login attempts
  • User activity and feature usage metrics
  • API calls and system diagnostics
  • Device information, browser type, IP address

3. How We Use Your Information

  • To provide and operate the OptyStack SaaS service
  • To authenticate users and manage access rights
  • To allow administrators to manage third-party app users (including enable/disable actions)
  • To deliver insights, analytics, and recommendations for SaaS cost optimization
  • For customer support, troubleshooting, and feature development
  • To comply with legal obligations, resolve disputes, and enforce agreements

4. Legal Basis for Processing

OptyStack processes data only when:

  • You provide clear consent (e.g., authorizing app integrations)
  • Processing is necessary for our contract with you (to deliver the service)
  • We have a legitimate interest (e.g., improving product security)
  • We are obligated by law or regulation

5. How We Share & Disclose Information

  • Service Providers: We use trusted vendors (such as AWS for hosting) who process data on our behalf, governed by strict contracts.
  • Third-Party Integrations: Data transfers to connected services are only performed as configured by your admin.
  • Legal, Regulatory, and Safety: We may disclose information if required by law, valid legal process, or to protect OptyStack, our users, or the public.

We never sell customer data to third parties.

6. Data Security

  • Encryption: All data, including passwords and sensitive user information, is encrypted using industry-standard protocols in transit (TLS/HTTPS) and at rest.
  • Access Controls: Access to data is tightly restricted by role, principle of least privilege, and audit trail.
  • Security Auditing: Regular internal and third-party security assessments are conducted.
  • Incident Response: In case of breach or incident, timely notification and remediation in line with applicable law are ensured.

7. International Data Transfers & Compliance

OptyStack data is hosted on AWS in regions selected for compliance with applicable local and international laws.

Transfers outside your home jurisdiction follow recognized legal safeguards, such as Standard Contractual Clauses (SCCs), International Data Transfer Agreements (IDTAs), and other government-approved frameworks.

Data processing agreements are available for enterprise and regulated customers.

8. Data Retention

We retain information for as long as necessary to provide services, fulfill business or legal obligations, or as required by contract.

When information is no longer required, it is securely deleted or anonymized.

9. Your Rights

Depending on your location and governing law, you can:

  • Access, correct, update, or delete your personal information
  • Receive your data in a portable format
  • Restrict or object to processing
  • Withdraw consent at any time (where processing is based on consent)
  • File a complaint with your local data protection authority

To exercise these rights, email: privacy@optystack.com

10. Children’s Privacy

OptyStack’s services are not intended for individuals under 18. We do not knowingly collect information from minors. Any such data discovered will be promptly removed.

11. Changes to this Policy

This Policy may be updated from time to time. Material changes will be communicated to users via email and product notifications. The latest version will always be available within OptyStack’s platform and website.

12. Notification & Cooperation with Authorities

OptyStack will promptly notify customers and relevant regulatory authorities in the event of a notifiable data breach, consistent with governing law.

We fully cooperate with law enforcement and regulatory authorities as required.

13. Contact Information

For any privacy questions, requests, or concerns:

OptyStack Data Protection Officer privacy@optystack.com

By using OptyStack, you consent to the practices described in this Privacy Policy and acknowledge compliance with all applicable laws and our mutual rights and protections.