Privacy Policy
Last updated: 24 March 2026
1. Data Controller
Opscale Group
CVR: 44583216
Email: info@getopscale.com
Denmark
We are the data controller for all personal data processed through the Opscale platform ("Service"). We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Danish Data Protection Act (databeskyttelsesloven).
2. What Data We Collect
2.1 Account Data
When you create an account, we collect:
- Full name
- Email address
- Password (stored in hashed form by our authentication provider)
- Language preference
2.2 Organization Data
When you create or join an organization, we collect:
- Organization name
- Time zone
- Your role within the organization (owner, manager, or employee)
- Team member email addresses (when invitations are sent)
2.3 Operational Data
As you use the Service, we process:
- Tasks, sequences, schedules, and SOPs you create
- Task completion records, including who completed each task (when task completion tracking is enabled by your organization)
- Prep list items and completion records
- Issue reports and shopping notes
- Images uploaded to tasks, SOPs, and feedback
- Opening hours and location information
2.4 Billing Data
If you subscribe to a paid plan:
- Billing currency preference
- Subscription status and period dates
Payment card details and billing addresses are processed directly by Polar (our Merchant of Record) and never stored on our servers. Polar's privacy policy applies to that data.
2.5 Technical Data
We collect limited technical data for the functioning of the Service:
- Browser user agent string (when you submit feedback)
- Page URL and path (when you submit feedback)
- Device platform information (when you submit feedback)
We do not use any third-party analytics, tracking pixels, session recording, or behavioral tracking tools.
2.6 Aggregated Metrics
We generate aggregated, non-personally-identifiable metrics such as daily task completion counts per organization for internal operational reporting. Per-user task completion counts are recorded for organization managers to review team performance.
2.7 AI Assistant Data
When you use the AI assistant feature, we process:
- Your conversation messages (text input)
- Files you attach to AI conversations (PDF, PNG, JPEG, WEBP — max 10 MB each)
- Operational context sent alongside your messages, including: your active location name, time zone, language preference, and industry type
- AI-generated responses
- Conversation metadata (creation time, thread identifiers)
Your conversation messages and attached files are sent to third-party AI service providers (see Section 4) to generate responses. These providers process your data solely for the purpose of generating a response and do not use your data to train their AI models.
Important: Do not input sensitive personal data (such as health data, financial account details, or government identification numbers) into the AI assistant. The AI assistant is designed for operational restaurant management queries only.
3. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6(1):
| Purpose | Legal Basis |
|---|---|
| Providing the Service (account, tasks, scheduling) | Performance of contract (Art. 6(1)(b)) |
| Processing payments | Performance of contract (Art. 6(1)(b)) |
| Sending team invitations on behalf of an organization | Legitimate interest (Art. 6(1)(f)) |
| Aggregated operational metrics | Legitimate interest (Art. 6(1)(f)) |
| Per-user task completion tracking | Legitimate interest (Art. 6(1)(f)) -the organization's interest in operational oversight; can be disabled by the organization at any time |
| Technical metadata in feedback submissions | Legitimate interest (Art. 6(1)(f)) -bug diagnosis |
| Cookies strictly necessary for operation | Legitimate interest (Art. 6(1)(f)) |
| AI assistant — generating responses to user queries | Performance of contract (Art. 6(1)(b)) — the AI assistant is a feature of your subscription |
| AI assistant — sending conversation data to third-party AI providers | Performance of contract (Art. 6(1)(b)) — necessary to deliver the AI feature |
4. Data Processors and Third-Party Services
We use the following third-party processors to deliver the Service. Each processor's own terms govern how they handle personal data on our behalf:
| Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Clerk | Authentication and user management | Name, email, password hash, session tokens, organization memberships | USA |
| Convex | Database, backend logic, file storage | All operational data, uploaded images | USA |
| Polar | Payment processing (Merchant of Record) | Payment card details, billing address, email, subscription metadata | EU |
| Vercel | Web hosting and CDN | IP address, request metadata (server logs) | Global CDN |
| OpenRouter | AI model routing and inference (powers the AI assistant) | Conversation messages, attached file contents, operational context (location name, time zone, language) | USA |
International Data Transfers
Some of our processors are based in the United States (Clerk, Convex, OpenRouter). When personal data is transferred from the EU/EEA to the USA, these providers rely on transfer mechanisms recognized under GDPR, such as the EU-U.S. Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs). You can review each provider's data processing and transfer terms via the links above.
For AI processing specifically: conversation data sent to OpenRouter is processed in the United States. OpenRouter routes requests to underlying AI model providers (such as OpenAI) who may also process data in the USA. These transfers are covered by Standard Contractual Clauses. OpenRouter does not use your conversation data to train AI models.
5. Data Retention
- Account data: Retained for as long as your account exists. Upon account deletion, your data is anonymized or deleted within 30 days.
- Organization data: Retained for as long as the organization exists. When an organization is deleted, all associated data (locations, tasks, files, memberships, billing records) is permanently deleted.
- Uploaded images: Unreferenced images are automatically purged after 7 days. All images are deleted when the associated organization is deleted.
- AI conversation data: AI conversation threads are automatically deleted after 90 days. You may also delete individual conversations at any time from the AI assistant interface. Data sent to our AI provider (OpenRouter) is retained by them for up to 30 days for trust and safety purposes, then deleted.
- Feedback submissions: Retained for up to 2 years for product improvement, then deleted.
- Aggregated metrics: Retained for up to 3 years. These do not contain directly identifiable personal data.
- Billing records: Retained for as long as required by applicable Danish accounting and tax law (currently 5 years from the end of the financial year).
6. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access (Art. 15): You can export your personal data at any time from Settings > Data & Privacy in the app, or by contacting us.
- Right to rectification (Art. 16): You can update your name, email, and other profile information at any time via your account settings.
- Right to erasure (Art. 17): You can delete your account at any time from Settings > Data & Privacy. Organization owners can delete entire organizations. You may also contact us to request deletion.
- Right to restriction of processing (Art. 18): Contact us to request restriction of specific processing activities.
- Right to data portability (Art. 20): You can export your data in JSON format from Settings > Data & Privacy.
- Right to object (Art. 21): You may object to processing based on legitimate interest by contacting us. Organization administrators can disable per-user task completion tracking at any time.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, use the self-service tools in the app or contact us at info@getopscale.com. We will respond within 30 days.
6.1 Your Rights Regarding AI Processing
In addition to the general rights above, the following apply specifically to AI features:
- Transparency (EU AI Act, Art. 50): We inform you clearly within the AI assistant interface that you are interacting with an AI system, not a human.
- No solely automated decisions (Art. 22 GDPR): The AI assistant provides suggestions and information only. It does not make automated decisions that produce legal effects or similarly significantly affect you. A human must review and act on any AI suggestions.
- Right to erasure of AI data: You can delete individual AI conversations from the AI assistant interface. Upon account or organization deletion, all AI conversation data is permanently deleted.
- Right to object to AI processing: You may stop using the AI assistant at any time. If you wish to object to AI data processing entirely, contact us at info@getopscale.com.
7. Cookies and Local Storage
We use only strictly necessary cookies and local storage for the functioning of the Service. We do not use any tracking, marketing, or analytics cookies. See our Cookie Policy for full details.
| Name | Purpose | Duration |
|---|---|---|
__clerk_* | Authentication session management | Session |
locale | Language preference | 1 year |
opscenter | OpsCenter mode flag | 30 days |
pin_bypass_ok | One-time PIN bypass flag | One-time use |
8. Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) for all data transmission
- Encrypted authentication tokens via Clerk
- Hashed OpsCenter PINs (SHA-256 with per-PIN salt)
- Per-organization data isolation with role-based access control
- Webhook signature verification for Polar and Clerk integrations
- Automated cleanup of unreferenced files
- Fine-grained permission system with per-user overrides
- AI conversation data sanitization and prompt injection protection
- AI file attachments validated and automatically expired after processing
9. Data Processing in the Employment Context
When an organization uses Opscale to manage employee tasks, the organization acts as the data controller for their employees' operational data (task completions, initials, scheduling). Opscale acts as a data processor on behalf of the organization for this data. The processing is governed by our Terms & Conditions.
Organizations are responsible for:
- Ensuring a lawful basis exists for monitoring employee task completion
- Informing their employees about the use of Opscale and the data processed
- Configuring task completion tracking settings in accordance with their internal policies and applicable employment law
10. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will delete that data.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by email or through a notice in the Service. The "Last updated" date at the top of this policy indicates when it was last revised.
12. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. Our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet) -www.datatilsynet.dk.
13. Contact
For questions about this privacy policy or your personal data:
Opscale Group
Email: info@getopscale.com