Legal

Privacy Policy

Effective date: March 5, 2026

1. Introduction

OpsConductor (“we,” “us,” or “our”) operates the OpsConductor platform, accessible at opsconductor.kenanwilliam.dev and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service. By using OpsConductor, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

We collect the following categories of data in connection with the Service:

  • Account Information: When you sign up, we collect your name, email address, and password hash. If you sign up via a third-party OAuth provider, we receive your name and email from that provider.
  • Workspace Data: Information you provide when creating and configuring workspaces, including workspace names, member invitations, and role assignments.
  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, agent configurations created, and actions taken within the cockpit.
  • OAuth Tokens: When you connect third-party integrations (e.g., Gmail, Slack, HubSpot, GitHub, Stripe, Linear, Notion), we store encrypted OAuth access tokens and refresh tokens necessary to maintain those integrations on your behalf.
  • Agent Run Logs: We store logs of all agent actions, including timestamps, action types, reasoning traces, input/output data, cost metrics, and approval decisions. These logs enable audit trails and activity feed functionality.
  • Device and Browser Data: We automatically collect IP address, browser type, operating system, device identifiers, and referral URLs when you access the Service. This data is used for security, analytics, and service improvement.

3. How We Use Your Data

We use the data we collect solely to operate, maintain, and improve the Service. Specifically:

  • To create and manage your account and workspaces
  • To execute AI agent actions on your behalf using connected integrations
  • To provide the approval workflow, activity feed, and audit trail features
  • To authenticate your identity and maintain session security
  • To send transactional emails (e.g., approval notifications, password resets)
  • To monitor and improve Service performance, reliability, and security
  • To respond to support requests and communicate with you about the Service

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We do not use your data to train AI models.

4. Third-Party Data Processors

We use the following third-party services to operate the platform. Each processor handles data in accordance with their own privacy policies:

  • Supabase: Database hosting, authentication, and row-level security. Data stored on Supabase infrastructure with AES-256 encryption at rest.
  • Vercel: Application hosting, serverless functions, and edge delivery. Processes request metadata for routing and performance.
  • OAuth Providers: Google (Gmail), Slack, GitHub, HubSpot, Stripe, Linear, and Notion. We use their OAuth 2.0 APIs to authenticate integrations and execute agent actions. We only request the minimum scopes necessary.

5. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide you the Service. Agent run logs are retained according to your plan tier (7 days for Free, 90 days for Pro, 365 days for Enterprise). When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain records. OAuth tokens for disconnected integrations are deleted immediately upon disconnection.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Export: You may export your agent configurations, activity logs, and workspace data at any time from your account settings.
  • Right to Deletion: You may request deletion of your account and all associated personal data. We will process deletion requests within 30 days.
  • Right to Rectification: You may update or correct your personal information through your account settings.
  • Right to Object: You may object to certain processing activities. Contact us at privacy@opsconductor.io to exercise this right.

To exercise any of these rights, contact us at privacy@opsconductor.io.

7. Cookie Usage

OpsConductor uses strictly necessary cookies to maintain your authentication session and store your theme preference. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Session cookies expire when you close your browser or after 7 days of inactivity. The theme preference cookie is stored locally and does not transmit data to our servers.

8. Data Security

We implement industry-standard security measures to protect your data, including TLS 1.3 encryption for all data in transit, AES-256 encryption at rest via Supabase, row-level security (RLS) policies for workspace isolation, JWT-based session authentication, and secure storage of OAuth tokens with database-level encryption. For more details, see our Security page.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the effective date. We encourage you to review this page periodically for the latest information on our privacy practices.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@opsconductor.io