Privacy Policy - OperisPM

Effective Date: May 4, 2026
Last Updated: May 4, 2026
Version: 1-free

This Privacy Policy describes how OperisPM ("OperisPM," "we," "us," or "our") collects, uses, and protects personal information when you use the OperisPM platform (the "Service"). By using the Service, you acknowledge the practices described here. OperisPM is currently provided free of charge; we collect no payment information at this time. If this changes in the future, we will update this Policy and provide at least 30 days' advance notice.

1. Information We Collect

Account information: Email address, display name, organization name, password (stored as a one-way hash), preferred language, and timezone.

Customer Data: Project data, tasks, files, comments, and other content you submit to the Service.

Technical information: IP address, browser type, device information, and access timestamps, captured in standard server logs and used for security, abuse prevention, and operational diagnostics.

Usage information: Aggregate, account-level activity counters (e.g., last login timestamp, monthly active user counts) used to operate and improve the Service. We do not maintain detailed individual behavioral profiles.

AI feature submissions: Content you choose to submit to AI-assisted features (such as meeting notes for task extraction) is sent to our third-party AI providers solely to generate the requested output. We do not use submissions to train AI models.

What we do not collect: No payment information, no billing addresses, no credit card data, no marketing tracking pixels, no advertising IDs, no third-party analytics with individual user identifiers.

2. How We Use Information

We use the information we collect to:

Operate, maintain, and secure the Service.
Authenticate users and enforce access controls.
Provide AI features you choose to use.
Communicate with you about your account, security incidents, or material changes to the Service or these terms.
Investigate suspected abuse, fraud, or violations of our Terms.
Comply with legal obligations.
Aggregate operational metrics (counts, totals, percentages) to inform product decisions. Aggregate metrics do not identify individual users.

3. Legal Basis (GDPR/UK GDPR)

Where GDPR or UK GDPR applies, we process personal information on the following bases:

Contract: To provide the Service you have requested.
Legitimate interests: To secure, monitor, and improve the Service.
Consent: Where you have given consent (e.g., for non-essential cookies, where applicable).
Legal obligation: Where required to comply with law.

4. Sharing

We do not sell personal information. We share personal information only with:

Service providers who host or operate parts of the Service on our behalf, including our cloud infrastructure provider (Hetzner Online GmbH), our email delivery provider, and our AI providers (currently OpenAI and Anthropic). These providers are bound by confidentiality and processing obligations.
Legal authorities where required by valid legal process or to protect rights, property, or safety.
Successors in the event of a merger, acquisition, or asset sale, subject to confidentiality.

5. International Transfers

The Service is hosted in the European Union (Hetzner data centers in Germany or Finland). If you access the Service from outside the EU, your information will be transferred to and processed in the EU. Where applicable, we rely on standard contractual clauses or other lawful transfer mechanisms for international transfers to our service providers.

6. Retention

We retain Customer Data for as long as your account is active. If you delete your account, we will delete or anonymize Customer Data on a reasonable schedule consistent with our backup and retention practices, typically within 90 days, except where retention is required by law.

Server logs are typically retained for up to 90 days for security and diagnostic purposes.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. You can exercise most of these rights directly within the Service:

Access and update your account information from the Preferences page.
Export your Customer Data using the in-app export feature.
Delete your account using the in-app account deletion feature.

For other requests, contact [email protected]. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We implement reasonable administrative, technical, and physical measures designed to protect personal information, including encrypted connections (TLS), password hashing, server-side input validation, rate limiting, and access controls. No method of transmission or storage is 100% secure; you should choose strong passwords and protect your credentials.

9. Children

The Service is not directed to children under 16. If you believe a child has provided us with personal information, contact [email protected] and we will take appropriate steps.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes (including changes related to the introduction of paid plans), we will give at least 30 days' notice via in-app notice or email.

11. Contact

For privacy questions, contact [email protected].

OperisPM
Operating jurisdiction: Texas, USA