Privacy Policy

Opsiton provides browser-native data loss prevention tools, including a public website, a tenant portal, an admin portal, and a Chrome extension. This Privacy Policy explains what information we collect, how we use it, and the choices available to prospects, customers, and website visitors.

This policy applies to information collected through the Opsiton website, product interfaces, support channels, and related operational systems used to run and secure the service.

When you use the website, we may collect information you submit through forms, newsletter signups, early-access requests, support requests, and live chat.

• Name, work email, company details, subject line, and message content you choose to submit.
• Basic website interaction data, browser details, and preferences such as theme selection stored locally in the browser.
• Technical data generated by customer engagement or support tools embedded on the website.

When you use the product, we may process account, organization, and operational data needed to provide security workflows.

• User profile data, organization details, device identifiers, hostnames, browser versions, IP addresses, and heartbeat activity.
• Security events, URLs, website hostnames, file metadata, detection types, timestamps, masked snippets, hashes, audit trails, and incident records.
• Integration settings and operational secrets required for services such as Slack, VirusTotal, Safe Browsing, NVD, and SMTP.

We use information to operate the website and deliver the product. This includes authenticating users and extensions, enforcing policies, processing events, responding to contact requests, providing support, and maintaining the reliability and security of the platform.

We also use information to communicate product updates, manage beta programs, improve performance, monitor abuse, investigate incidents, and satisfy legal or contractual obligations.

Opsiton is designed to minimize unnecessary storage of raw sensitive content. In normal operation, the platform may rely on event context such as metadata, masked snippets, hashes, filenames, destinations, and timestamps needed for detection, auditability, alerting, and incident response.

Customers are responsible for configuring policies and deciding what data categories should be monitored or blocked within their own environments.

We use service providers to host infrastructure, deliver communications, support contact and chat workflows, and operate security-related features. We do not sell personal information.

We retain website inquiries and marketing submissions for as long as necessary to respond, maintain reasonable business records, and comply with legal obligations. Customer data is retained while an account is active and for a limited period afterward unless a different contractual or legal retention commitment applies.

You may unsubscribe from marketing communications at any time. Where applicable law provides those rights, you may also request access, correction, deletion, or export of your information.

For privacy and data protection questions, contact [email protected].