OpSol Logo

Privacy Policy

Last updated: January 1, 2026

1. Introduction

OpSol (Operational Solutions), an Estonian company ("we," "our," or "us"), respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and safeguard your information when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

2. Data Controller & Data Processor

For the purposes of data protection law:

  • When you use our website: OpSol acts as the Data Controller for any personal data collected directly from you (e.g., contact forms, account registration).
  • When businesses use our platform: Our customers (the businesses using our services) act as Data Controllers, and OpSol acts as a Data Processor, processing data only on their behalf and according to their instructions.

For B2B customers, our data processing relationship is governed by our Data Processing Agreement (DPA).

3. Information We Collect

3.1 Personal Data

We may collect the following personal data:

  • Identity Data: Name, username, job title
  • Contact Data: Email address, phone number, company name, business address
  • Account Data: Login credentials, account preferences
  • Technical Data: IP address, browser type and version, time zone, operating system, device information
  • Usage Data: Information about how you use our website and services

3.2 Business Data (Processed on Behalf of Customers)

When businesses use our platform (such as BlueOps), we process:

  • Customer and client records
  • Job details, schedules, and estimates
  • Invoices and payment information
  • Internal notes and communications
  • Media files (photos and videos uploaded for job documentation)

3.3 Media Data

Our services allow users to upload photos and videos for job documentation. This media may contain:

  • Images of work sites (residential or commercial)
  • Images that may incidentally include individuals
  • Location metadata

Important: All media uploaded by customers remains the property of the customer.OpSol does not use customer media for marketing, training, or any purpose other than providing the contracted services.

4. Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests: Processing necessary for our legitimate interests (e.g., improving our services, security, fraud prevention) where your rights do not override those interests.
  • Consent: Where you have given explicit consent for specific processing (e.g., marketing communications). You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with legal requirements.

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our services
  • Process and fulfill your requests and orders
  • Communicate with you about your account, support requests, and service updates
  • Send marketing communications (with your consent)
  • Improve, personalize, and expand our services
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
  • Business Data: Retained according to customer instructions and deleted upon account termination, subject to backup retention cycles (typically 30-90 days).
  • Media Files: Retained while the customer account is active and deleted upon account termination or at the customer's request.
  • Marketing Data: Retained until you unsubscribe or withdraw consent.

7. Data Sharing & Third-Party Services

We may share your data with:

  • Service Providers (Sub-processors): Cloud hosting providers, email services, analytics tools, and payment processors that help us deliver our services.
  • Integration Partners: Third-party services you choose to connect (e.g., QuickBooks, Stripe) through OAuth-based authorization with scoped permissions.
  • Legal Requirements: When required by law, court order, or governmental authority.

We do not sell your personal data to third parties.

8. International Data Transfers

OpSol is based in Estonia (EU). When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with adequate data protection
  • Binding Corporate Rules where applicable

9. Your Rights

9.1 GDPR Rights (EU/EEA Residents)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("Right to be Forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

9.2 CCPA/CPRA Rights (California Residents)

California residents have the right to:

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale or sharing of personal information (Note: OpSol does not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising privacy rights
  • Correct: Request correction of inaccurate personal information

9.3 Exercising Your Rights

To exercise any of these rights, please contact us at info@opsol.software. We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

If you are a user of a business that uses our platform, please contact that business directly to exercise your rights, as they are the Data Controller for your information.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data transmission
  • Encrypted storage for sensitive data
  • Role-based access controls
  • Regular security assessments
  • Audit logs for administrative actions
  • Secure authentication mechanisms

11. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

14. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your authority at edpb.europa.eu.

15. Governing Law

This privacy policy is governed by the laws of the Republic of Estonia and applicable European Union law.