Opsionic.
Get Started
GDPR / EU DATA PROTOCOL

PRIVACY
POLICY.

Last updated: April 19, 2026

Opsionic is an automation service. This policy explains what we collect, why, how we secure it, and your rights under EU GDPR.

01 / Controller

Who Controls Your Data

Data Controller: Edgar Yepremyan (independent operator, not registered as a company).
Contact (privacy & security): security@opsionic.com

If you contact us, we will verify identity before fulfilling sensitive requests (to prevent unauthorized access).

02 / Scope

What This Covers

This policy covers the Opsionic website and interactions where you request automation services, submit forms, communicate by email, or receive messages from us (including transactional emails). It also covers analytics used to improve site usability.

03 / Data We Collect

Data Categories

  • Contact data: name, email, company (if provided), message content.
  • Technical data: IP address, device/browser info, timestamps, server logs, basic security telemetry.
  • Analytics signals: interaction events (page views, clicks, scroll depth) used to improve UX.
  • Service data (only if you become a client): integration details you provide (e.g., system endpoints, tokens, API keys), workflow configuration, and troubleshooting logs.

We do not intentionally collect sensitive categories of personal data (GDPR “special categories”). Please do not submit it via forms or email.

04 / Why We Process

Purposes

  • Respond to inquiries and deliver requested automation services.
  • Secure our infrastructure and prevent abuse, fraud, and unauthorized access.
  • Operate site analytics to improve performance and usability.
  • Send transactional communication (e.g., confirmations, operational messages).
  • Send marketing messages only where allowed (consent or lawful basis, and always with opt-out).
05 / Legal Bases

GDPR Lawful Bases (Article 6)

  • Contract — to provide automation services you request, deliver deliverables, and support implementations.
  • Legitimate interests — to secure systems, prevent abuse, and improve the site/service reliability.
  • Consent — for optional analytics or marketing communications where required by law.
  • Legal obligation — if we must comply with an applicable legal request.

If we rely on legitimate interest, you can object. If we rely on consent, you can withdraw it anytime.

06 / Hosting & Security

Infrastructure

Hosting is operated on a private, secured server located in Finland (EU). We apply layered security controls to protect confidentiality, integrity, and availability.

  • TLS/SSL encryption for data in transit.
  • Access control (least privilege) and restricted administrative access.
  • Monitoring and security logging for incident detection.
  • Backups and recovery procedures to preserve availability.

No security system is perfect. If a breach happens that creates risk to individuals, we will act promptly, including notifications where legally required.

07 / Service Providers

Subprocessors (Third Parties)

We use a limited set of trusted providers to operate communication and analytics:

  • Brevo — email delivery (transactional and, where applicable, marketing).
  • Microsoft Clarity — website analytics to understand usability and improve UX.

Providers process data only to the extent necessary for their function and under contractual confidentiality obligations.

08 / Microsoft Clarity

Analytics (Usability Signals)

We use Microsoft Clarity to understand how visitors interact with the site (e.g., clicks, scroll, navigation patterns) so we can improve usability and performance. Clarity may collect technical data such as device information and interaction events.

If you use a cookie consent mechanism, Clarity should be placed behind consent where required by your jurisdiction.

09 / Brevo

Email Communications

We use Brevo to send emails:

  • Transactional: confirmations, replies, service-related communication.
  • Marketing: only if you opted in or where permitted by law. Every marketing email includes an unsubscribe link.

You can opt out of marketing anytime. Transactional emails may still be sent when necessary to provide or support a service.

10 / Cookies

Cookies & Similar Tech

The site may use:

  • Essential cookies for security and basic functionality.
  • Analytics cookies (e.g., Clarity) to improve UX and performance.

Where required, analytics cookies are enabled only after consent. You can also disable cookies in your browser settings.

11 / Retention

How Long We Keep Data

  • Inquiries: typically up to 24 months after last contact (for continuity and anti-abuse), unless you request deletion sooner.
  • Client service records: retained for the duration of the service and up to 36 months after completion (support, continuity, dispute handling), unless a longer period is required by law.
  • Security logs: typically 30–180 days depending on the incident risk profile.
  • Email lists: until you unsubscribe or request deletion.

We may retain minimal records where necessary to establish, exercise, or defend legal claims.

12 / Data Sharing

When We Share Data

We do not sell personal data. We share data only:

  • With subprocessors (Brevo, Microsoft Clarity) as described above.
  • If legally required (lawful request by competent authority).
  • To protect rights, security, and prevent abuse or fraud.
13 / International Transfers

EEA Transfers & Safeguards

Your data is hosted in the EU (Finland). Some service providers may process data outside the EEA depending on their infrastructure and configuration. Where cross-border transfers occur, we rely on appropriate safeguards (such as Standard Contractual Clauses) or equivalent lawful mechanisms.

If you want the exact subprocessor location details for your case, email security@opsionic.com and we’ll provide them.

14 / Client Data

Automation Projects (B2B)

When you hire Opsionic to build automations, you may provide system credentials (tokens/API keys) and configuration data. We handle this data strictly for delivery and maintenance of your workflows.

  • Access is restricted to what is necessary to build and troubleshoot.
  • Credentials are never published or intentionally shared.
  • Upon request, we will disconnect systems and delete stored credentials and configuration exports within a reasonable timeframe, unless retention is required by law.

A Data Processing Agreement (DPA) can be provided upon request if required for your compliance program.

15 / Your Rights

Rights Under GDPR

  • Right to access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to withdraw consent (where processing is based on consent)

You also have the right to lodge a complaint with the supervisory authority in Poland (UODO) or your local EU authority.

16 / Changes

Policy Updates

We may update this policy to reflect operational, legal, or security changes. The “Last updated” date above indicates the current version in force.

Questions?

For privacy or security requests, contact:
security@opsionic.com

Tip: Put “Privacy Request” in the email subject so it gets priority routing.