Legal

Privacy Policy

Last updated: April 29, 2026

Please read this Privacy Policy carefully before using the Oppsure CRM platform operated by Oppsure, Inc.

1 Information We Collect

We collect information you provide directly to us when you create an account, use our Service, or communicate with us. This includes:

  • (a) Identity Data: name, username, password, email address;
  • (b) Account Data: billing information, subscription details, payment history;
  • (c) Technical Data: IP address, browser type and version, device type, operating system, screen resolution, and similar information collected automatically;
  • (d) Usage Data: how you use the Service, pages visited, features used, time spent on pages, click patterns, and interaction patterns;
  • (e) Communication Data: emails you send us, feedback, support requests, and survey responses;
  • (f) Customer Data: any contact or business information you choose to store in the Service, including names, email addresses, phone numbers, and company information;
  • (g) Cookie Data: information collected through cookies and similar technologies as described in our Cookie Policy.

2 How We Collect Information

We collect information through the following methods:

  • (a) Direct interactions: when you create an account, update your profile, download content, subscribe to newsletters, or contact us;
  • (b) Automated technologies: cookies, web beacons, logs, and similar technologies as you navigate through the Service;
  • (c) Third parties: analytics providers, advertising networks, social media platforms, payment processors, and our service providers;
  • (d) Public sources: publicly available information to verify identity or prevent fraud;
  • (e) Customer referrals: information about your contacts that you choose to provide or that our system automatically collects when you use the Service.

3 How We Use Your Information

We use the information we collect to:

  • (a) Provide, maintain, improve, and optimize the Service;
  • (b) Process transactions, send related information (confirmation, invoices, technical notices, updates);
  • (c) Send promotional communications (with your consent where required) about goods, events, updates, and news;
  • (d) Respond to your comments, questions, support requests, and communicate with you;
  • (e) Send you marketing communications based on your preferences (where permitted by law);
  • (f) Monitor and analyze usage, trends, and trends to improve the Service;
  • (g) Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities;
  • (h) Comply with legal obligations and enforce our Terms of Service;
  • (i) Create aggregated statistical data and other aggregated and/or pseudonymized data for analytical and other lawful purposes;
  • (j) Personalize your experience and deliver content and material relevant to your interests;
  • (k) Perform our obligations and exercise any rights arising from any agreement entered between you and us;
  • (l) Improve the Service to make it easier to use, navigate, and interact;
  • (m) Perform network maintenance, security upgrades, and other administrative functions;
  • (n) Limit your use of the Service in certain circumstances, such as when we believe you have violated the Terms of Service.

4 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

  • (a) Contract: processing is necessary to perform our contract with you or take steps at your request before entering a contract;
  • (b) Consent: you have given consent for us to process your personal data for one or more specific purposes;
  • (c) Legitimate Interests: processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests;
  • (d) Legal Obligation: processing is necessary for compliance with a legal obligation;
  • (e) Vital Interests: processing is necessary to protect the vital interests of another individual;
  • (f) Public Task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

5 Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • (a) Affiliates: with our subsidiaries and affiliates, who are bound by this Privacy Policy;
  • (b) Service Providers: with third-party vendors and service providers who perform services on our behalf (payment processing, data analysis, email delivery, hosting, customer service);
  • (c) Business Transfers: in connection with a merger, acquisition, restructuring, or sale of assets, your information may be transferred;
  • (d) Legal Requirements: with consent or when required by law, such as to comply with subpoenas, protect rights and safety, prevent fraud, or cooperate with law enforcement;
  • (e) Professional Advisors: with our lawyers, accountants, auditors, and insurers for professional advice or risk management;
  • (f) Safety: to protect the rights, property, or safety of Oppsure, our users, or the public;
  • (g) Aggregated Data: aggregated or de-identified information that cannot reasonably be used to identify you;
  • (h) With your customers: when you use the Service to store and manage customer information, you are responsible for complying with applicable data protection laws.

6 Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • (a) Encryption: SSL/TLS encryption for data in transit and AES-256 encryption for data at rest;
  • (b) Access Controls: role-based access control, multi-factor authentication, and strict need-to-know principles;
  • (c) Network Security: firewalls, intrusion detection/prevention systems, and network monitoring;
  • (d) Application Security: secure coding practices, regular vulnerability assessments, penetration testing, and code reviews;
  • (e) Physical Security: data centers with physical security controls including biometric access, surveillance, and 24/7 monitoring;
  • (f) Incident Response: a formal incident response plan, regular testing and update, and breach notification procedures;
  • (g) Backup and Recovery: regular backups, geographically redundant storage, and disaster recovery procedures;
  • (h) Employee Training: security awareness training, background checks, and confidentiality agreements for all employees.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. We retain and use your information to comply with legal obligations, resolve disputes, and enforce agreements.

We determine the retention period based on:

  • (a) The amount, nature, and sensitivity of your personal data;
  • (b) The potential risk of harm from unauthorized use or disclosure;
  • (c) The purposes for which we process your data;
  • (d) Applicable legal requirements, obligations, and retention periods; and
  • (e) Our contractual relationships with you.

When your personal information is no longer needed, we will securely delete or anonymize it in a manner that prevents recovery.

8 International Data Transfers

Your information, including personal data, may be transferred to, and processed in, countries other than the country where you reside, including the United States. These countries may have data protection laws that may differ from the laws of your country.

When we transfer your personal data across borders, we rely on one or more of the following:

  • (a) European Commission's Standard Contractual Clauses (SCCs) for transfers from the EEA and UK;
  • (b) Binding Corporate Rules (BCRs) where applicable;
  • (c) Adequacy decisions by the European Commission or relevant data protection authority;
  • (d) Your explicit consent to the proposed transfer;
  • (e) Necessity for the performance of a contract with you; or
  • (f) Necessity for important reasons of public interest, legitimate interests, etc.

If you are located in the EEA or UK, please note that your personal data may be transferred to locations in which data protection laws may not be as comprehensive as in your jurisdiction.

9 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you and verify how we process it.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data when there is no good reason for us to continue processing it.
  • Right to Restrict Processing: Request that we restrict the processing of your personal data.
  • Right to Data Portability: Request transfer of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing of your personal data based on legitimate interests or public task.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Complain: Lodge a complaint with a data protection supervisory authority.
  • California Privacy Rights: California residents have additional rights under the CCPA, including the right to know, right to delete, right to opt-out of sale, and right to non-discrimination.

To exercise any of these rights, please contact us at privacy@oppsure.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10 Children's Privacy

The Service is not intended for individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child without parental consent, we will take immediate steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will use our best efforts to promptly remove such information from our systems.

11 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your usage. Cookies are small data files stored on your device. We use:

  • Essential Cookies: Required for the Service to function properly (authentication, security, preferences);
  • Analytics Cookies: Help us understand how visitors interact with the Service by collecting anonymous information;
  • Functional Cookies: Allow the Service to remember choices you make and provide enhanced, personalized features;
  • Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

You can control cookies through your browser settings and opt-out of certain cookies. For more details, see our Cookie Policy.

12 Third-Party Services

The Service may contain links to, or integrate with, third-party services that are not governed by this Privacy Policy. We encourage you to read their privacy policies. Examples include:

  • (a) Payment processors (e.g., Stripe, PayPal) that handle your financial information;
  • (b) Email service providers that send communications on our behalf;
  • (c) Analytics providers (e.g., Google Analytics) that help us understand user behavior;
  • (d) Social media platforms that may offer integration with the Service;
  • (e) Cloud hosting providers that store and process data on our behalf; and
  • (f) Customer data that you may import from third-party sources (e.g., CSV imports, API integrations).

We are not responsible for the privacy practices of these third-party services. Your interactions with them are governed by their respective privacy policies.

13 California Privacy Notice (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You can request that we disclose what personal information we collect, use, disclose, and sell.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: You can opt out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Limit Use of Sensitive Personal Information: You can request that we limit the use of sensitive personal information.

To exercise these rights, please contact us at privacy@oppsure.com. We will verify your identity and respond to your request within 45 days.

14 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • (a) Posting the updated Privacy Policy on our website with a revised "Last updated" date;
  • (b) Sending you an email notification to the email address associated with your account;
  • (c) Displaying a prominent notice within the Service; or
  • (d) Providing any other notice required by applicable law.

We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. Your continued use of the Service after the effective date of any changes constitutes your acceptance of those changes.

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@oppsure.com
  • Address: Oppsure, Inc., 123 Business Ave, Suite 100, Wilmington, DE 19801, United States
  • Data Protection Officer: dpo@oppsure.com

For EEA and UK residents, you also have the right to lodge a complaint with your local data protection supervisory authority.