Privacy Policy

Last updated: May 2026 · Version 2026-05

By registering or using OperaGrid, you acknowledge this Privacy Policy. We record the date, document version, and IP address when you accept during signup or first-time setup.

This Policy explains how OperaGrid (“we”) collects, uses, and stores personal information when you use our KPI reporting platform.

1. Who we are

OperaGrid provides B2B software to organizations. The organization that registers a workspace is the data controller for its users’ business data. We act as a service provider / processor for that data.

2. Information we collect

• Account data: username, display name, email (if provided), role, password hash, workspace slug.
• Operational data: KPI card definitions, form submissions, attachments, assignments, messages between users in the same workspace, audit logs.
• Technical data: IP address, browser type, timestamps, error logs.
• Billing: handled by Stripe; we receive subscription status and customer IDs, not full card numbers.

3. Where data is stored

Application data is hosted on Amazon Web Services (AWS). Database and file storage reside in AWS regions selected for production (e.g. ca-central-1 for Canada). Stripe processes payments on its own infrastructure.

4. How we use data

We use data to operate, secure, and improve the Service; authenticate users; enforce seat limits; provide support when you contact us; and comply with legal obligations.

5. Sharing

We share data only with subprocessors needed to run the Service (e.g. AWS, Stripe), when required by law, or with your instruction. We do not sell personal information.

6. Retention and backups

We retain data while your subscription is active and for a limited period afterward. Automated backups protect against infrastructure failure; you should export critical records if your internal policies require it.

7. Security

We use HTTPS, tenant isolation in the database, role-based access, and hashed passwords. No method of transmission or storage is 100% secure.

8. Your rights

Depending on your jurisdiction (e.g. PIPEDA in Canada), you may request access, correction, or deletion of personal information. Workspace administrators can manage users within the app; contact us for workspace-level requests.

9. International transfers

If data is processed outside your country, we rely on appropriate safeguards where required by law.

10. Changes

We may update this Policy. The “Last updated” date will change accordingly.

11. Contact

Privacy requests: privacy@operagrid.com

See also our Security & Data summary.

Starter template — not legal advice. Consult a lawyer for GDPR/PIPEDA-specific obligations.