Privacy Policy

Last updated April 15,2026

1. Who We Are and How to Contact Us

Opine ("we," "our," or "us") is a deal intelligence platform that helps revenue teams capture, analyze, and act on sales conversations and pipeline data. We are incorporated in Delaware, USA and our registered address is108 Lakeland Avenue, Dover, Delaware 19901, USA.

For any privacy-related questions, requests, or complaints:

Contact Details

General Privacy

privacy@tryopine.com

Postal Address

Opine, Attn: Privacy Team, Opine, 108 Lakeland Avenue, Dover, Delaware 19901, USA

Phone

+1 919 656 6350

Data Protection Officer

Adam Brogden, GDPRLocal Ltd — 1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB — dpo.support@gdprlocal.com — +44 1772 217 800

EU Representative (Art. 27 GDPR)

Instant EU GDPR Representative Ltd. — Contact: Adam Brogden — contact@gdprlocal.com — +353 1 554 9700 — Office 2, 12A Lower Main Street, Lucan Co. Dublin, K78 X5P8, Ireland

UK Representative

GDPR Local Ltd. — Contact: Adam Brogden — contact@gdprlocal.com — +44 1772 217800 — 1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website at tryopine.com ("Site")
  • Registered users of the Opine platform and any mobile applications ("Services")
  • Individuals whose personal data appears in sales conversations, emails, or CRM records processed through our Services
  • Prospective customers and business contacts

This policy does not govern data that our Customers process through our platform on their own behalf. When Customers use our Services, they act as data controllers for their end-user and conversation data; Opine acts as a data processor under their instruction, governed by a separate Data Processing Agreement (DPA) available upon request.

Controller vs. Processor: For data we collect about our own website visitors and registered users, Opine acts as a data controller. For Customer-uploaded conversation data, CRM records, and call recordings, Opine acts as a data processor on behalf of our Customers and processes such data only per their instructions.

3. Data We Collect

3.1 Data You Provide Directly

  • Account registration: name, work email address, job title, company name, phone number
  • Billing and subscription details (payment card processing is handled via ACH and Stripe — we do not store full payment card numbers)
  • Support requests, communications, and feedback submitted to our team
  • Survey and product research participation responses

3.2 Data We Collect Automatically

  • Usage and interaction data: pages visited, features used, session duration, click events, and navigation paths
  • Device and technical data: IP address, browser type and version, operating system, device identifiers
  • Log data: server access logs, error reports, and timestamps
  • Cookie and tracking data — see Section 11 for full details

3.3 Data Processed on Behalf of Our Customers (Processor Role)

When Customers use our Services, we process the following data types solely under their instruction:

  • Audio and video call recordings via integrations (e.g., Zoom, Microsoft Teams, Google Meet, Webex)
  • AI-generated transcriptions and summaries of recorded conversations
  • Emails and calendar metadata imported via CRM or email integrations
  • CRM data including opportunity records, account details, and contact information (e.g., Salesforce, HubSpot)
  • Names, email addresses, job titles, and phone numbers of third parties appearing in recorded conversations

3.4 Data From Third-Party Sources

  • SSO providers: name, email, and profile metadata from identity providers (e.g., Okta, Google Workspace, Microsoft Azure AD)
  • Lead and contact enrichment data from permitted third-party partners, where lawfully obtained
  • Publicly available professional profile data used for B2B outreach where permitted by applicable law

Special Categories of Data: We do not intentionally collect special categories of personal data (such as health, racial or ethnic origin, political opinions, religious beliefs, biometric, or genetic data) and instruct our Customers not to route such data through our platform. If such data is inadvertently captured, please contact privacy@tryopine.com immediately.

4. Lawful Basis for Processing (GDPR)

For individuals in the EEA, United Kingdom, or Switzerland, we identify a lawful basis for each processing activity under Article 6 GDPR:

sing activity under Article 6 GDPR:

Lawful Basis

When We Rely on It

Example Activities

Contract Performance (Art. 6(1)(b))

Necessary to deliver our Services to registered users

Account creation, billing, platform access, support

Legitimate Interests (Art. 6(1)(f))

Our interests, balanced against your rights (LIA conducted)

Product analytics, fraud prevention, security monitoring, B2B marketing to existing contacts

Consent (Art. 6(1)(a))

Where we specifically request and record your consent

Email marketing to new contacts, non-essential cookies, optional features

Legal Obligation (Art. 6(1)(c))

Compliance with applicable laws or legal process

Tax records, responding to court orders, regulatory inquiries

Processor Instructions

Processing Customer data on behalf of Customers under a DPA

Call recording storage, transcript generation, CRM sync

Legitimate Interests (Art. 6(1)(f)) — We rely on legitimate interests where our business interests are proportionate and do not override your rights, including: (i) improving our product — we have a legitimate interest in understanding how our platform is used to develop and enhance our Services; (ii) security and fraud prevention — we have a legitimate interest in protecting our platform and users from unauthorized access, abuse, or malicious activity; (iii) B2B marketing to existing contacts — we have a legitimate interest in promoting our Services to individuals at organizations who have an existing relationship with us, where this can reasonably be expected. You may request a summary of our LIAs by contacting privacy@tryopine.com.

5. How We Use Your Data

a) Service Delivery — Lawful Basis: Contract Performance

  • Creating and managing user accounts, licenses, and access permissions
  • Authenticating users via SSO or direct login
  • Processing, storing, and displaying call recordings, transcripts, and AI-generated insights
  • Syncing data with your connected CRM and communication tools
  • Providing technical support and responding to inquiries

b) Product Improvement — Lawful Basis: Legitimate Interests

  • Analyzing aggregated and de-identified usage patterns to improve platform performance and features
  • Diagnosing technical issues and monitoring platform uptime
  • Conducting A/B testing and user experience research

We do not use the content of Customer call recordings or conversation data to train our AI/ML models without explicit written consent from the Customer.

c) Communications — Lawful Basis: Contract Performance / Consent

  • Sending account notifications, security alerts, and service updates (transactional — opt-out not available)
  • Sending product newsletters and promotional content (opt-out available at any time)
  • Invitations to webinars, product demos, and events

d) Legal and Compliance — Lawful Basis: Legal Obligation / Legitimate Interests

  • Complying with applicable laws, regulations, and legal process (e.g., subpoenas, court orders)
  • Investigating and preventing fraud, abuse, or security incidents
  • Enforcing our Terms of Service and other contractual agreements

e) Marketing — Lawful Basis: Legitimate Interests / Consent

Where permitted by law, we may use your business contact details to market our Services on the basis of legitimate interests. We will always offer a clear, easy opt-out. Where required by applicable law (e.g., for new contacts in the EU/UK), we will seek prior consent.

f) Data Retention

We retain personal data only as long as necessary for the purposes above or as required by law. See Section 9 for our full retention schedule.

6. Call Recording, Transcription & AI Processing

Our core platform functionality involves recording, transcribing, and analyzing sales conversations.

6.1 How Recording Works

Opine joins sales calls as a bot participant through integrations with video conferencing platforms. All recordings are made and stored on behalf of our Customers, who retain data controller status for this data and are responsible for ensuring appropriate consent has been obtained from all participants before recording begins.

6.2 Recording Notices and Consent

Our platform supports automatic in-call disclosure announcements (e.g., "This call is being recorded"). Customers are responsible for:

  • Ensuring all call participants are informed that the call is being recorded
  • Obtaining any legally required consent (e.g., two-party consent states in the US; ePrivacy/GDPR requirements in the EU/UK)
  • Configuring our platform's disclosure settings appropriately for their jurisdiction and use case

6.3 AI Analysis and Transcription

Call recordings are processed by our AI/ML systems to generate transcripts, summaries, keyword highlights, sentiment analysis, and deal intelligence insights. These outputs are associated with the relevant CRM opportunity or account record within the platform.

Our AI systems assist human decision-making. They do not make automated decisions with legal or similarly significant effects on individuals without human review. See Section 13 for our full automated decision-making disclosure.

6.4 Third-Party Participant Data

Sales conversations may include personal data relating to third parties (e.g., prospects or other call participants) who are not Opine users. Opine processes this data solely as a processor on behalf of the Customer. Individuals wishing to exercise rights (e.g., erasure or access) should contact the relevant Opine Customer directly. If you cannot reach the Customer, contact us at privacy@tryopine.com and we will assist in routing your request.

7. How We Share Your Data

We do not sell your personal data. We share personal data only in the following circumstances:

7.1 Service Providers (Sub-Processors)

We engage carefully selected third-party service providers to help deliver and improve our Services. These providers are contractually bound to process data only for specified purposes and to maintain appropriate security standards.

Category

Purpose

Cloud Infrastructure

Hosting, storage, and compute (e.g., AWS, GCP, Azure)

AI / ML Providers

Speech-to-text transcription, NLP, and conversation analytics

CRM Integrations

Data sync with Salesforce, HubSpot, and other CRM platforms

Communications

In-app messaging, email delivery, and support ticketing

Analytics

Product usage analytics (aggregated / de-identified)

Payment Processing

Billing and subscription management (e.g., Stripe)

Identity / SSO

Authentication via Okta, Google, Microsoft

Marketing & Sales Tools

CRM, email campaigns, and sales outreach tooling

App Development & QA

Engineering tooling and quality assurance

An up-to-date list of our sub-processors is available by requesting access through https://trust.tryopine.com. We will notify customers in advance of any material changes.

7.2 Customer Access

Personal data processed on behalf of our Customers is accessible to that Customer and their authorized users within the Opine platform.

7.3 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or part of our business, personal data may be transferred to the acquiring entity. We will provide advance notice of any such transfer and, where required by law, seek your consent.

7.4 Legal Requirements

We may disclose personal data if required by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Opine, our users, or the public.

7.5 With Your Consent

We may share personal data for other purposes where we have obtained your prior, explicit consent.

8. International Data Transfers

Opine is headquartered in the United States. Personal data collected from individuals in the EEA, UK, or Switzerland may be transferred to, stored in, and processed in, the United States or other countries that may not provide the same level of data protection as your home country.

8.1 Safeguards for International Transfers

Transfer Mechanism

Details

EU-U.S. Data Privacy Framework (DPF)

Opine is certified under the EU-U.S. DPF and UK Extension to the EU-U.S. DPF

Standard Contractual Clauses (EU SCCs)

We use the EC's 2021 SCCs (Module 2: Controller-to-Processor) for transfers to third countries lacking an adequacy decision

UK Addendum to the SCCs

Applied for transfers from the United Kingdom

Adequacy Decisions

No additional safeguards required for transfers to countries covered by EU or UK adequacy decisions

Sub-Processor Agreements

All sub-processors engaging in international transfers are bound by appropriate transfer mechanisms and our DPA

You may request a copy of the applicable transfer documentation by contacting privacy@tryopine.com.

8.2 Data Storage Locations

Personal data we control is stored on servers located in the United States. We maintain equivalent security standards across all storage locations.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law.

Data Type

Retention Period

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

Account and profile data: Retained indefinitely while the account is active. Upon contract termination, customer account data is deleted within 60 days.


Customer integration data: Treated as customer data and retained indefinitely while required for service delivery. Deleted within 90 days of an explicit customer deletion request or within 60 days of contract termination, subject to contractual terms.


Usage logs and analytics: Retained for 30 days.


Marketing contact data: Retained indefinitely unless deleted or removed from systems or upon specific request.


Support communications: Retained indefinitely as part of customer communication records.


Billing and financial records: Retained as required to meet legal, tax, and accounting obligations.


Cookie and tracking data: Retention not explicitly defined in the security policies.


General deletion and disposal: Data is retained only as long as necessary for business, legal, or contractual purposes. PII is deleted or de-identified once no longer needed. Upon contract termination, customer data is deleted within 60 days.

At the end of the applicable retention period, personal data is securely deleted or anonymized. Customers may request earlier deletion subject to the terms of our DPA.

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA, UK, Switzerland)

Right

What It Means

Right of Access (Art. 15)

Request a copy of the personal data we hold about you

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations

Right to Restriction of Processing (Art. 18)

Request that we limit how we process your data in certain circumstances

Right to Data Portability (Art. 20)

Receive your personal data in a structured, machine-readable format and have it transmitted to another controller where technically feasible

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting prior processing

Rights Re: Automated Decisions (Art. 22)

Not be subject to solely automated decisions with legal or similarly significant effects — see Section 13

10.2 How to Exercise Your Rights

Submit requests by email to privacy@tryopine.com or by post to the address in Section 1. We will respond within 30 days (extendable to 3 months for complex requests, with prior notice). Identity verification may be required. There is no charge for valid requests, unless they are manifestly unfounded or excessive.

10.3 Right to Complain to a Supervisory Authority

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concern directly.

  • EU/EEA: Your national supervisory authority — full list at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
  • United Kingdom: Information Commissioner's Office (ICO) — https://ico.org.uk/make-a-complaint/
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — https://www.edoeb.admin.ch/en/home
  • United States: Federal Trade Commission (FTC) and applicable state authorities

11. Cookies and Tracking Technologies

We use cookies and similar technologies (including pixels, web beacons, and local storage) on our Site and Services. Our full Cookie Policy is available at www.tryopine.com/cookies

11.1 Cookie Categories

Cookie Type

Purpose

Strictly Necessary

Essential for core Site functionality (e.g., authentication, session security). Cannot be disabled.

Functional

Remembers your preferences (e.g., language, display settings).

Analytics / Performance

Understand how visitors use our Site to improve UX (e.g., Google Analytics). Set only with your consent.

Marketing / Targeting

Deliver relevant advertising and measure campaign performance. Set only with your consent.

11.2 Your Choices

When you first visit our Site, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can update your preferences at any time via the "Cookie Settings" link in our footer.

12. Security

We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

12.1 Technical Measures

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256 or equivalent
  • Role-based access controls (RBAC) limiting data access to authorized personnel only
  • Multi-factor authentication (MFA) required for all administrative access
  • Regular vulnerability scanning, penetration testing, and security audits
  • Automated monitoring and alerting for suspicious activity

12.2 Organizational Measures

  • Mandatory privacy and security training for all employees with access to personal data
  • Data access limited to employees with a documented legitimate business need
  • Formal vendor security assessments and contractual data protection obligations for all sub-processors
  • Documented incident response procedures covering detection, containment, investigation, and notification
  • SOC 2 Type II  

12.3 Data Breach Notification

In the event of a personal data breach posing a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33. Where a breach is likely to result in high risk to affected individuals, we will also notify those individuals without undue delay, in accordance with Article 34.

13. Automated Decision-Making and Profiling

Our platform uses artificial intelligence and machine learning to analyze sales conversations and generate insights such as deal scores, risk indicators, and revenue forecasts. These tools are designed to assist — not replace — human judgment.

Specifically:

  • Deal intelligence outputs (e.g., risk scores, win/loss predictions) are presented to your sales team as inputs to inform human decisions, not as final determinations.
  • No decisions with legal or similarly significant effects on individuals are made by our platform on a solely automated basis without human review.
  • Aggregated and de-identified analytics are used to improve our platform and do not identify or profile individual end users.

If you believe an automated process has produced an output that significantly affects you and you wish to request human review, please contact privacy@tryopine.com.

14. Children's Privacy

Our Services are designed exclusively for professional business use and are not directed at children. We do not knowingly collect personal data from:

  • Children under 16 years old in the EU/EEA (EU GDPR Article 8)
  • Children under 13 years old in the United Kingdom (UK GDPR)
  • Children under 13 years old in the United States (COPPA)

If we become aware that we have collected personal data from a child below the applicable age threshold without verifiable parental consent, we will promptly delete that data. If you believe a child has provided us with personal data, please contact privacy@tryopine.com.

15. Third-Party Links

Our Site and Services may contain links to third-party websites, integrations, or services. These links are provided for convenience and do not signify our endorsement. We have no control over and accept no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party services before sharing your personal data with them.

16. California Residents (CCPA/CPRA)

This section applies to California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA").

16.1 Your Rights Under CCPA/CPRA

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you, the sources, business purposes, and third parties with whom it is shared
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information we maintain about you
  • Right to Opt Out of Sale or Sharing: We do not sell or "share" personal information for cross-context behavioral advertising. If this changes, we will update this Policy and provide an opt-out mechanism
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to deliver our Services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

16.2 How to Submit a CCPA Request

California residents may submit requests by email to privacy@tryopine.com or by calling +1 919 656 6350. We will verify your identity before processing any request. You may designate an authorized agent by providing written authorization or a notarized power of attorney.

16.3 Categories of Personal Information Collected (Preceding 12 Months)

Consistent with Section 3, we have collected the following CCPA-defined categories: Identifiers (name, email, IP address); Commercial Information (billing details); Internet or Electronic Network Activity (usage data); Professional or Employment Information (job title, company); Geolocation Data (IP-derived location); Audio, Visual, or Electronic Information (call recordings); Inferences (deal intelligence insights).

17. Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our data practices, Services, or applicable law. The "Effective Date" at the top indicates when it was last revised.

For material changes — meaning changes that meaningfully affect how we process your personal data or your rights — we will:

  • Post a prominent notice on our website and/or within the platform
  • Send an email notification to registered users at the email address on file, where required by applicable law

We encourage you to review this Policy periodically. Your continued use of our Services after the effective date of a material update constitutes acceptance of the revised Policy to the extent permitted by law.

18. Data Protection Officer

Opine has appointed an external Data Protection Officer (DPO) to oversee our compliance with applicable data protection laws and serve as a point of contact for data subjects and supervisory authorities.

DPO Contact Details

Name

Adam Brogden

Organization

GDPRLocal Ltd

Email

dpo.support@gdprlocal.com

Phone

+44 1772 217 800

Address

1st Floor Front Suite, 27-29 North Street, Brighton, England BN1 1EB


© 2026 Opine. All rights reserved. — tryopine.com — privacy@tryopine.com