Privacy Policy

Last updated: March 25, 2026

1. Who We Are

Opsonaut ("we," "us," "our") operates opsonaut.com and ZapRaft.opsonaut.com. We are based in Beirut, Lebanon. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

2. Data We Collect

2.1 Account Data

When you create an account, we collect: name, email address, and password (hashed). This data is stored in our database hosted by Supabase (AWS infrastructure).

2.2 Payment Data

Payment information (credit card, billing address) is collected and processed by Paddle (paddle.com), our Merchant of Record. We do not store your payment details on our servers. Paddle processes payments in compliance with PCI-DSS standards.

2.3 Usage Data

We collect anonymized usage data including: pages visited, features used, and session duration. This data is collected via Plausible Analytics, which does not use cookies and is GDPR-compliant by default.

2.4 Email Data

If you subscribe to our newsletter, we store your email address for the purpose of sending weekly automation tips and product updates. You can unsubscribe at any time.

2.5 Support Data

When you contact support, we store your messages and any attachments to resolve your issue. Support conversations may be processed by AI to provide faster responses.

3. How We Use Your Data

• Account management: To provide access to purchased products and services
• Payment processing: To process transactions via Paddle
• Product delivery: To deliver digital products you purchase
• Communication: To send transactional emails (receipts, updates) and marketing emails (newsletter, with consent)
• Support: To respond to your questions and resolve issues
• Analytics: To understand how our services are used and improve them

4. Cookies

We use minimal cookies. Our primary analytics tool (Plausible) does not use cookies. Supabase authentication uses essential cookies to maintain your session. Paddle may set cookies during checkout. We do not use advertising or tracking cookies.

5. Third-Party Services

• Supabase: Database and authentication (AWS, EU/US regions)
• Paddle: Payment processing (PCI-DSS compliant, UK)
• Vercel: Website hosting (global CDN)
• Resend: Transactional email delivery
• Anthropic: AI processing for support and content (data is not used for training)
• Plausible: Privacy-friendly analytics (EU-hosted, no cookies)

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance (e.g., transaction records for tax purposes — retained for 7 years).

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your data for marketing purposes
• Restriction: Request restricted processing of your data

To exercise any of these rights, contact us at privacy@opsonaut.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures: encrypted data in transit (TLS), encrypted data at rest, row-level security on our database, and secure authentication via Supabase. Payment data is handled exclusively by Paddle under PCI-DSS compliance.

9. International Data Transfers

Your data may be processed in the EU, US, and other regions where our service providers operate. We ensure all transfers comply with GDPR through Standard Contractual Clauses and adequate data protection measures.

10. Children

Our services are not directed to children under 16. We do not knowingly collect data from children.

11. Changes

We may update this Privacy Policy. We will notify you of significant changes via email. The latest version is always available at opsonaut.com/privacy.

12. Contact

Data Controller: Opsonaut
Location: Beirut, Lebanon
Email: privacy@opsonaut.com