Privacy Policy

1. Introduction

This Privacy Policy explains how Operum ("we," "us," or "our") collects, uses, discloses, and protects your information when you use our website at operum.io (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account or use our Service, we may collect:

• Account Information: Email address, name, and password (encrypted)
• Profile Information: Company name, contact details (if provided)
• Payment Information: Billing details processed through Stripe (we do not store credit card information directly)

2.2 Document Information

• Uploaded Documents: Construction tender documents, estimates, bills of quantities (BOQs), specifications, drawings, and related project documents in various formats (PDF, Excel, CSV, etc.)
• Project Data: Project names, descriptions, and metadata you provide
• Analysis Results: AI-generated analyses, reports, and validation results based on your uploaded documents

2.3 Usage Data

We automatically collect:

• Technical Information: IP address, browser type, device information, operating system
• Analytics Data: Page views, feature usage, session duration, and interactions with the Service (collected via PostHog)
• Cookies: Session cookies for authentication and functionality

3. How We Use Your Information

We use the collected information for:

• Service Delivery: Processing and analyzing your construction documents using AI technology
• Account Management: Creating and maintaining your account, authentication, and access control
• Payment Processing: Managing subscriptions and billing through Stripe
• Service Improvement: Analyzing usage patterns to improve features and user experience
• Communication: Sending service-related notifications, updates, and responses to inquiries
• Security: Protecting against unauthorized access, fraud, and security threats
• Legal Compliance: Meeting legal obligations and enforcing our terms of service

4. Third-Party Services

We use the following third-party services that may collect and process your data:

4.1 Infrastructure & Storage

• Vercel: Hosting and content delivery
• Supabase: Database, authentication, and file storage

4.2 AI & Document Processing

• Google Gemini AI: AI-powered document analysis and content generation
• Anthropic Claude: AI-powered analysis and content processing
• LlamaCloud: Document parsing and text extraction

4.3 Payment Processing

• Stripe: Payment processing and subscription management

4.4 Analytics & Communications

• PostHog: Product analytics and usage tracking
• Loops: Email communications

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies:

• Vercel: https://vercel.com/legal/privacy-policy
• Supabase: https://supabase.com/privacy
• Google: https://policies.google.com/privacy
• Anthropic: https://www.anthropic.com/legal/privacy
• Stripe: https://stripe.com/privacy
• PostHog: https://posthog.com/privacy

5. Data Storage and Security

5.1 Storage Location

Your data is stored on secure servers provided by our infrastructure partners (Supabase and Vercel).

5.2 Security Measures

We implement industry-standard security measures including:

• Encrypted connections (HTTPS/TLS)
• Secure password storage (hashing)
• Access controls and authentication
• Regular security monitoring

5.3 Data Retention

• Account Data: Retained until you delete your account
• Uploaded Documents: Retained as long as your account is active or as needed to provide services
• Analysis Results: Retained with your project data
• Usage Logs: Retained for up to 90 days for security and analytics purposes

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Data Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to certain processing activities

To exercise these rights, please contact us at tim@operum.io.

7. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: To understand how you use the Service (PostHog)

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

8. Data Sharing and Disclosure

We do not sell your personal information. We may share your information:

• With Service Providers: Third-party services that help us operate the Service
• For Legal Reasons: When required by law, court order, or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

• Company: Operum
• Email: tim@operum.io
• Website: operum.io

13. Data Protection Officer

For data protection inquiries, you may contact: tim@operum.io