Privacy Policy
Version 2.1 — Effective: 2 April 2026
1. Introduction
Opagio Ltd ("Opagio", "we", "us", or "our") is committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website opag.io, use our Opagio Growth Platform, or interact with us.
Data Controller: Opagio Ltd, registered in England & Wales (company number 13050381). Our contact email for privacy matters is privacy@opag.io.
2. Information We Collect
We collect the following categories of personal data:
Contact Information: Name, email address, telephone number, company name, and job title — provided when you contact us, subscribe to our newsletter, request a demo, or register for the platform.
Account Data: Login credentials and authentication information when you create a platform account.
Usage Data: Information about how you interact with our website and platform, including pages viewed, features used, session duration, and referring URLs.
Technical Data: IP address, browser type and version, device information, and operating system.
Platform Data: Financial, operational, and workforce data that you upload to the Opagio Growth Platform for analysis. Where you are a business client, we process this data as a data processor on your behalf — see our Data Processing Agreement for details.
3. Lawful Bases for Processing
Under Article 6 of the UK GDPR, we rely on the following lawful bases:
| Processing Activity | Lawful Basis |
|---|---|
| Responding to enquiries and demo requests | Legitimate interests (responding to prospective clients) |
| Providing the Opagio Growth Platform | Contract performance |
| Sending marketing emails and newsletters | Consent (withdrawable at any time) |
| Website analytics and improvement | Legitimate interests (improving our services) |
| Processing payments and billing | Contract performance |
| Fraud prevention and security | Legitimate interests (protecting our business and users) |
| Tax and regulatory compliance | Legal obligation |
| Generating anonymised benchmarks and industry analytics (using Aggregated Data only, as defined in our Terms of Service) | Legitimate interests (improving services and generating market insights) |
| Training and improving machine learning models (using Aggregated Data only) | Legitimate interests (improving service accuracy and analytical capabilities) |
Where we rely on legitimate interests as a lawful basis, we have conducted a Legitimate Interest Assessment (LIA) balancing our interests against your rights and freedoms. You may request a copy of any LIA by contacting privacy@opag.io.
4. How We Use Your Information
We use the information we collect to:
- Respond to your enquiries and provide customer support
- Deliver, maintain, and improve the Opagio Growth Platform
- Send marketing communications (only with your consent)
- Process payments and manage your subscription
- Analyse website usage to improve our services
- Comply with legal and regulatory obligations
5. Data Sharing and Sub-Processors
We do not sell your personal data. We share your information only with trusted third-party service providers who process data on our behalf under appropriate contractual and security obligations:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform (Firebase) | Cloud hosting, database, authentication | Europe (eur3: London, Belgium, Netherlands) |
| Supabase | User authentication and identity | United States |
| Stripe | Payment processing and billing | United States |
| Resend | Transactional and marketing email | United States |
A complete sub-processor list is also available in our Data Processing Agreement.
6. International Data Transfers
Our primary database and core platform infrastructure are hosted on Google Cloud Platform in the eur3 multi-region (Europe), spanning data centres in London (United Kingdom), Belgium, and the Netherlands. All customer data at rest is stored within the European Economic Area (EEA) and the United Kingdom. No international transfers outside the EEA are required for core platform operations.
Certain sub-processors (Supabase, Stripe, and Resend) process limited categories of data in the United States for authentication, payment processing, and email delivery respectively.
Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place under Chapter V of the UK GDPR, including UK adequacy decisions, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses.
7. Data Retention
We retain your personal data only for as long as necessary. Our specific retention periods are:
| Data Category | Retention Period |
|---|---|
| Contact form submissions and demo requests | 2 years from submission |
| Newsletter subscriber data | Until unsubscribe, plus 6 months |
| Platform account and usage data | Duration of subscription, plus 30 days |
| Payment and billing records | 7 years (UK tax obligations) |
| Website analytics data | 26 months from collection |
| Database backups (daily automated + point-in-time recovery) | 7 days rolling retention |
8. What We Do Not Do
- We never sell your personal data to third parties.
- We never share your data for advertising or marketing purposes with third parties.
- We never use your data for profiling or targeted advertising.
- We never display third-party advertisements on the Platform.
- We never track your location without explicit consent.
9. Automated Decision-Making and AI
The Opagio Growth Platform uses algorithms and models for productivity analysis, intangible asset valuations, and growth forecasting. These produce automated outputs, but no decisions with legal or similarly significant effects on individuals are made solely by automated means. All outputs are analytical tools to support your decision-making.
You may request human review of any automated analysis by contacting privacy@opag.io. Platform outputs should not be treated as professional valuations or financial advice — see our Terms of Service for important limitations.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to improve your experience. For details, see our Cookie Policy.
11. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights:
- Right of access — request a copy of your personal data.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request deletion in certain circumstances.
- Right to restriction — restrict processing of your data.
- Right to data portability — receive data in a machine-readable format.
- Right to object — object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — withdraw consent at any time.
To exercise any of these rights, email privacy@opag.io. We will respond within one month, extendable by up to two further months for complex cases.
12. Right to Complain
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
13. Children's Privacy
Our services are directed at businesses and professionals and are not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@opag.io.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For material changes, we will notify you by email or through a notice on our website.
15. Contact Us
Privacy matters: privacy@opag.io
General enquiries: hello@opag.io
Opagio Ltd, registered in England & Wales, company number 13050381.