Last updated: 2026-06-30 · GDPR (Regulation (EU) 2016/679)
OÜ OPSKAP SYSTEMS, registry code 17084604, [Registered address — Tallinn, Estonia — fill from the business registry], Estonia, is the controller. Privacy contact: [[email protected] — your real contact email].
We collect data directly from you, and we process data you upload about your own clients and team. For such third-party data we act as your processor (see DPA); the individuals should refer to your privacy notice (Art. 14 GDPR).
We use providers acting on our behalf under data processing agreements:
Transfers outside the EEA are safeguarded by an EU adequacy decision, the EU Standard Contractual Clauses, or the UK IDTA, as applicable. A copy of safeguards is available on request.
We use only strictly necessary cookies for authentication and security — no advertising or tracking cookies. See the Cookie Policy.
We keep data while your account is active. After deletion we delete or anonymise personal data within 30 days, except:
We do not make decisions producing legal or similarly significant effects based solely on automated processing. KYC/KYB checks, where used, involve human review before any adverse decision.
You have the right to access, rectify, erase, restrict and object to processing, to data portability, and to withdraw consent at any time. You can export your data and delete your account in Settings → Privacy & data, or contact [[email protected] — your real contact email]. We respond within one month. You may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, www.aki.ee.
We apply appropriate technical and organisational measures: row-level security, encryption in transit, access controls, private file storage. We notify you and the authority of a breach where legally required.
The Service is for business use by adults and not directed at children. We do not knowingly process data of children under 16 (under 13 in Estonia for information-society services).
We have not appointed a statutory DPO as we are not required to. For privacy matters, contact [[email protected] — your real contact email].
We may update this policy; the latest version is always on our website with an updated date.
This document is provided for convenience and is not legal advice.