Privacy Policy - Opsary

Last updated: November 20, 2025

1. Company Information

Opsary is operated by:

MM Management Agency Sàrl

Chemin de la Musardière 5

1131 Tolochenaz

Vaud, Switzerland

Owner: Matthieu Goumeziane

Website: opsary.com

App: app-opsary.com

No phone support available.

Contact: support@opsary.com

---

2. Data We Collect

We only collect the minimum information required to operate Opsary.

2.1. Account Information

When you create an account on app-opsary.com, we collect:

• Name

• Email address

• Workspace name

• Password (encrypted)

2.2. Project & Client Data

When you use Opsary, you may store:

• Client names

• Project names

• Process steps

• Notes, assignments, actions

This data is fully user-generated.

2.3. Payment Information (handled by Paddle)

We do not process or store payment details.

All billing is handled by Paddle as Merchant of Record.

Paddle collects:

• Billing name

• Billing address

• VAT information

• Payment method details

Paddle’s privacy policy applies.

---

3. How We Use Your Data

We use your data for the following purposes:

• To create and manage your Opsary account

• To operate your processes and projects

• To send required emails (step actions, notifications, authentication)

• For authentication and security

• For legal and accounting obligations (via Paddle)

We never sell, rent, or share your data with third parties for advertising.

---

4. Emails and Notifications

Opsary sends emails only when necessary:

• Login / signup / password reset

• Step completion notifications

• Automated project emails (configured by you)

• Billing and account emails (via Paddle)

You can disable non-essential notifications at any time.

---

5. Cookies

Opsary and opsary.com do not use cookies.

No analytics, no tracking, no advertising cookies.

If we introduce analytics in the future, this policy will be updated.

---

6. Legal Basis for Processing (GDPR)

We process personal data based on:

• Contractual necessity (to provide the service)

• Legitimate interest (security, product improvement)

• Legal obligation (accounting, billing via Paddle)

• User consent (newsletter if enabled)

---

7. Third-Party Services

7.1. Paddle (Billing)

Merchant of Record

Handles all payments and invoices.

7.2. Resend / Email Provider

Used to send system emails and step notifications.

7.3. Hosting

Opsary is built with Emergent and hosted on secure cloud infrastructure.

All third parties comply with GDPR.

---

8. Data Storage and Retention

• Your data is stored in secure encrypted databases.

• We retain data for as long as your account is active.

• Upon deletion, all data is permanently erased within 30 days (excluding legally required billing records from Paddle).

---

9. Your Rights (GDPR)

You have the right to:

• Access your data

• Correct your data

• Delete your data

• Export your data

• Restrict or object to processing

• File a complaint with the Swiss FDPIC or EU authority

To exercise your rights: support@opsary.com

---

10. Account Deletion

You may request full deletion of your account at any time.

Send an email to: support@opsary.com

All data is permanently removed except billing records required by law.

---

11. Security

We use:

• Encrypted data transmission (HTTPS)

• Encrypted passwords

• Secure infrastructure

• Limited access controls

• Best practices on authentication

No system is 100% secure, but we take all reasonable measures.

---

12. International Data Transfers

Data may be processed outside Switzerland or the EU, only with GDPR-compliant providers (Paddle, Resend, hosting partners).

---

13. Changes to This Policy

We may update this Privacy Policy.

The “Last updated” date will always reflect the latest version.