Request demo
Agents How it works Why OPAL Contact
OPAL Legal Privacy Policy

Privacy Policy

Effective: 1 September 2024
Last revised: 14 September 2024
Version: 1.2
Summary

OPAL, OOO ("OPAL", "we", "us") is committed to protecting the personal and corporate data of those who interact with our platform and website. This policy explains what data we collect, how we use it, the legal bases we rely on, and the rights available to you. If you have questions, contact us at egovs@opall.online.

Section 01

Who We Are

OPAL, OOO is a limited liability company registered under the laws of the Russian Federation, operating as a developer and licensor of AI-powered financial agent software. Our registered address and contact details are available upon request.

For the purposes of applicable data protection legislation, OPAL, OOO acts as the data controller in respect of personal data collected through our website at opall.online. In respect of data processed on behalf of our enterprise clients through the OPAL platform, we act as a data processor under the terms of our service agreements.

Section 02

Data We Collect

We collect data in the following categories depending on how you interact with us:

Category Examples How collected
Identity data Full name, job title, employer Contact forms, demo requests
Contact data Email address, phone number Contact forms, contracts
Technical data IP address, browser type, pages visited, session duration Automatically via server logs
Usage data Platform feature usage, API call logs (non-content) Platform telemetry (enterprise clients only)
Communications data Emails and messages you send to us Direct correspondence

We do not collect sensitive personal data (health, biometric, political opinions) and we do not process financial transaction data as a controller — transaction data processed within the OPAL platform is processed solely as a processor on behalf of our enterprise clients.

Section 03

Legal Bases for Processing

We process personal data only where we have a valid legal basis under applicable law. We rely on the following:

  • Contractual necessity — processing required to fulfil a contract with you or take pre-contractual steps at your request (e.g., responding to a demo inquiry or onboarding an enterprise client).
  • Legitimate interests — processing necessary for our legitimate interests in operating and improving the OPAL platform, provided those interests are not overridden by your rights. This includes security monitoring and aggregate analytics.
  • Consent — where required by law or where we have requested your explicit consent (e.g., for marketing communications). You may withdraw consent at any time.
  • Legal obligation — processing necessary to comply with applicable legal requirements, including Russian Federal Law No. 152-FZ "On Personal Data".
Section 04

How We Use Your Data

Data collected through the website and contact channels is used for the following purposes:

  • Responding to inquiries and providing requested information about the OPAL platform
  • Processing and managing enterprise client relationships, contracts, and onboarding
  • Sending service-related communications (account notifications, security alerts, product updates for existing clients)
  • Improving the reliability, security, and functionality of our website and platform
  • Conducting internal analytics to understand usage patterns (on an aggregated, anonymised basis)
  • Complying with applicable legal and regulatory obligations

We do not sell personal data to third parties, use it for behavioural advertising, or share it with data brokers.

Section 05

Data Sharing and Transfers

We may share your data with the following categories of recipients, strictly on a need-to-know basis:

  • Infrastructure providers — hosting and cloud services used to operate opall.online, under data processing agreements
  • Professional advisors — lawyers, accountants, and auditors bound by confidentiality obligations
  • Regulatory authorities — where required by law or court order

Where data is transferred outside the Russian Federation, we ensure appropriate safeguards are in place as required by Federal Law No. 152-FZ, including confirmation of adequate protection in the receiving country or execution of standard contractual clauses.

Section 06

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law:

  • Inquiry and contact form data: up to 12 months from last contact, unless a contract is entered into
  • Client contract data: for the duration of the contract plus 5 years, in accordance with applicable accounting and commercial law requirements
  • Website server logs: up to 90 days for security and diagnostic purposes
  • Platform usage telemetry: up to 24 months in aggregated form

After the applicable retention period, data is securely deleted or anonymised such that it can no longer be attributed to an individual.

Section 07

Your Rights

Depending on your jurisdiction, you may have the following rights in respect of your personal data:

  • Access — the right to receive a copy of the personal data we hold about you
  • Rectification — the right to have inaccurate data corrected
  • Erasure — the right to request deletion of your data, subject to legal retention requirements
  • Restriction — the right to request that we limit processing of your data in certain circumstances
  • Portability — the right to receive your data in a machine-readable format where processing is based on consent or contract
  • Objection — the right to object to processing based on legitimate interests
  • Withdrawal of consent — the right to withdraw previously given consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at egovs@opall.online. We will respond within 30 days. You also have the right to lodge a complaint with the relevant supervisory authority (Roskomnadzor in the Russian Federation).

Section 08

Security

We implement technical and organisational security measures appropriate to the risk, including:

  • TLS encryption for all data in transit to and from opall.online
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Regular security assessments of our infrastructure
  • Incident response procedures for the detection and notification of data breaches

While we take reasonable precautions, no security system is impenetrable. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

Section 09

Cookies and Tracking

The opall.online website uses a minimal set of cookies and similar technologies. We do not use third-party advertising or tracking cookies. The cookies we use include:

  • Session cookies — necessary for the website to function correctly; deleted when you close your browser
  • Preference cookies — used to remember your settings across sessions, if applicable
  • Analytics cookies — first-party analytics only, used to understand aggregate traffic patterns; no personal identifiers are shared with third parties

You can configure your browser to reject cookies. Note that some website functionality may be affected if you do so.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to existing clients via email at least 14 days before they take effect. The most current version will always be available at this URL. Continued use of the website or platform after the effective date constitutes acceptance of the revised policy.

Section 11

Contact Us

For all privacy-related matters, requests, or complaints:

  • Email: egovs@opall.online
  • Phone: +7 999 998 153
  • Response time: Within 4 business hours for general inquiries; 30 days maximum for formal data subject requests