OpsPilot
ModulesResourcesHow it worksPricingTrustAbout
Draft — pending legal review. This document is not yet binding. It is a working draft prepared for review by a qualified legal practitioner and may change before publication.

Privacy Policy

Effective: [DATE] · Last updated: [DATE]

1. About this policy

This Privacy Policy explains how [REGISTERED LEGAL ENTITY NAME] (ABN [ABN]) (“OpsPilot”, “we”, “us”) collects, uses, discloses and protects your personal information when you use the OpsPilot website and application (the “Service”). We are based in Melbourne, Victoria, Australia, and we handle personal information in accordance with the Privacy Act and the APPs.

By using the Service you consent to the handling of your information as described here.

2. The information we collect

Information you give us:

  • Account details — your name, email address, and password (passwords are stored only as secure hashes by our authentication provider).
  • Billing details — your plan, transaction history, and the partial card details and billing identifiers held by our payment provider. We do not store full card numbers; these are handled by Stripe.
  • User Content — the messages, prompts, files, data and documents you submit to modules, and the draft deliverables (“Outputs”) generated for you.
  • Support and other communications — what you send us by email or forms.

Information we collect automatically:

  • Usage and device data — basic technical information such as log data, approximate location derived from IP, browser/device type, and how you interact with the Service, used to operate, secure and improve it.
  • Cookies / similar technologies — used for sign-in/session management and [privacy-friendly analytics, if enabled — e.g. Plausible/PostHog — CONFIRM]. See section 9.

We collect personal information directly from you wherever practicable.

3. How and why we use your information

We use personal information to:

  • create and manage your account and authenticate you;
  • provide the Service — including sending your User Content to our AI provider to generate Outputs;
  • process payments, manage subscriptions, credits and renewals;
  • send you transactional messages (e.g. receipts, confirmations, security and account notices);
  • provide support and respond to your requests;
  • maintain security, prevent fraud and misuse, and meet legal obligations;
  • improve and develop the Service (using aggregated or de-identified data wherever possible);
  • send you product or marketing communications only where permitted, and always with an easy way to opt out.

4. AI processing and model training — our commitment

  • Your conversations and Outputs are stored in your account.

  • We do not use your User Content or Outputs to train AI models.

  • Our AI model provider, Anthropic, does not train its models on customer API traffic submitted through the Service.

  • We send your User Content to Anthropic only to generate the Output you requested. We do not sell your personal information.

5. When we disclose your information

We disclose personal information to trusted service providers (“sub-processors”) who help us run the Service, and otherwise only as set out below. We require providers to protect your information and use it only for the purposes we engage them for.

Current sub-processors

Provider Purpose Location of processing
Anthropic AI model that generates Outputs United States
Supabase Database, authentication, storage of account data and User Content Sydney, Australia [CONFIRM region]
Vercel Application hosting and content delivery United States [and global edge]
Stripe Payment processing and billing Australia / United States
Resend Transactional and account emails United States
[Analytics — Plausible/PostHog, if used] Privacy-friendly usage analytics [CONFIRM]

We may also disclose information where required by law, to enforce our Terms, to protect rights and safety, or in connection with a sale or reorganisation of our business (subject to this policy).

We keep an up-to-date sub-processor list on our Trust page; enterprise customers can request notice of changes.

6. Overseas disclosure

Some of our providers process data overseas (notably the United States, as shown above). Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with the APPs. By using the Service you acknowledge this overseas processing. [Your lawyer should confirm the appropriate APP 8 disclosure and any contractual safeguards.]

7. Data storage, security and retention

  • In transit: encrypted using TLS 1.3.

  • At rest: encrypted using AES-256.

  • Access controls: role-based access, least-privilege service credentials, and protected administrative functions.

  • Certifications: we are working towards SOC 2 and ISO 27001 but are not yet certified. We will update our Trust page as this progresses. (We will not claim a certification we do not hold.)

No method of transmission or storage is completely secure, but we take reasonable steps to protect your information from misuse, loss, and unauthorised access.

Retention: we keep personal information for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, tax and accounting obligations, after which we delete or de-identify it. You can request deletion (see section 8).

8. Your rights — access, correction and deletion

You can:

  • access the personal information we hold about you;
  • ask us to correct information that is inaccurate or out of date;
  • request deletion of your account and associated personal information (subject to records we must retain by law, e.g. tax/transaction records);
  • opt out of marketing at any time;
  • export your Outputs (you can download them directly at any time).

To exercise any of these, email [privacy@opsinnovatech.com]. We will verify your identity and respond within a reasonable time (and within any period required by law).

9. Cookies and analytics

We use cookies and similar technologies that are necessary for sign-in and core functionality, and [privacy-friendly analytics that do not build advertising profiles — CONFIRM]. You can control cookies through your browser, though disabling essential cookies may stop you signing in. We do not display third-party advertising and do not sell your data to advertisers.

10. Children

The Service is intended for professional users aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Complaints

If you have a privacy concern, contact our Privacy Officer at [privacy@opsinnovatech.com] first — we take complaints seriously and will work to resolve them. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date shows the current version, and we will notify you of material changes. Continuing to use the Service after changes take effect means you accept the updated policy.

13. Contact us

Privacy Officer [REGISTERED LEGAL ENTITY NAME] [REGISTERED ADDRESS, Melbourne VIC, Australia] Email: [privacy@opsinnovatech.com]

End of draft — for legal review.

OpsPilot

a product by OpsTech Solution

Built so you can finish on Friday, not Sunday night.

Product
ModulesHow it worksPricingSample reports
Trust
SecurityStandards
Company
AboutSuggest a modulePublic roadmapFor teams & enterprise
Legal
Terms of ServicePrivacy PolicyEngineering DisclaimerFAQ & Refund
© 2026 OpsTech SolutionWCAG 2.1 AA · English only · v1