🚀 New: Real-time alerting & custom thresholds now available — See what's new

GDPR Compliance

Our commitment to data protection

1. Our Commitment

Opslytica has been committed to full compliance with the General Data Protection Regulation (GDPR) since its enforcement in May 2018. We believe strong data protection is fundamental to the trust our customers place in us.

We have appointed a dedicated Data Protection Officer (DPO) who oversees our compliance program, conducts regular data protection impact assessments, and serves as the primary point of contact for all data protection matters.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined in Article 6 of the GDPR:

  • Contract performance (Art. 6(1)(b)) — Processing necessary to deliver the Opslytica platform and fulfill our contractual obligations to you.
  • Legitimate interest (Art. 6(1)(f)) — Processing necessary for our legitimate business interests, such as improving our services, ensuring platform security, and preventing fraud. We always balance our interests against your rights.
  • Consent (Art. 6(1)(a)) — Where required, we obtain your explicit consent before processing. This includes marketing communications and optional analytics cookies. You may withdraw consent at any time.

3. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to access (Art. 15) — Obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18) — Request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to object (Art. 21) — Object to processing based on legitimate interest or for direct marketing purposes.

How to Exercise Your Rights

To exercise any of these rights, email our Data Protection Officer at dpo@opslytica.com. We will acknowledge your request within 48 hours and provide a substantive response within 30 days. If we need more time due to the complexity of the request, we will notify you of the extension within the initial 30-day period.

4. Data Processing Agreement

We offer a standard Data Processing Agreement (DPA) to all customers, available upon request. Our DPA:

  • Covers all requirements under Article 28 of the GDPR, including the obligations of the data processor.
  • Defines the nature and purpose of processing, data categories, and data subject categories.
  • Includes technical and organizational security measures.
  • Provides a complete list of authorized sub-processors with notification obligations.
  • Establishes data return and deletion procedures upon termination.

To request a copy of our DPA, contact dpo@opslytica.com.

5. Sub-Processors

We use the following sub-processors to deliver and support the Opslytica platform:

  • Microsoft Azure — Cloud hosting and infrastructure (US and EU regions).
  • Stripe — Payment processing and subscription billing.
  • SendGrid — Transactional and marketing email delivery.
  • Cloudflare — Content delivery network (CDN) and security services.

All sub-processors are bound by data processing agreements that meet GDPR requirements. We will notify customers of any changes to our sub-processor list at least 30 days in advance, providing you the opportunity to object before the new sub-processor begins processing your data.

6. International Transfers

We take the following measures to ensure lawful international data transfers:

  • EU-US Data Privacy Framework — Opslytica is certified under the EU-US Data Privacy Framework, providing an adequate level of data protection recognized by the European Commission.
  • Standard Contractual Clauses — We execute Standard Contractual Clauses (SCCs) as approved by the European Commission for transfers to jurisdictions without an adequacy decision.
  • EU data residency — Customers who require data to remain within the European Union may request EU-region hosting. Data will be processed and stored exclusively in EU-based Microsoft Azure data centers.

7. Data Breach Notification

In the event of a personal data breach, we follow strict notification procedures in compliance with Articles 33 and 34 of the GDPR:

  • Supervisory authority — We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals.
  • Affected data subjects — We will promptly notify affected individuals when a breach is likely to result in a high risk to their rights and freedoms, providing clear information about the nature of the breach and recommended protective measures.
  • Incident response team — Our dedicated security incident response team is available 24/7 to investigate, contain, and remediate any data security incidents.

8. Data Protection Officer

Our Data Protection Officer is available to address any questions or concerns regarding our data protection practices:

Email: dpo@opslytica.com
Address: Opslytica Inc., 350 Mission Street Suite 800, San Francisco, CA 94105

You may contact the DPO to exercise your data subject rights, request our Data Processing Agreement, inquire about our privacy practices, or raise any data protection concerns.

We use cookies to improve your experience and analyze site traffic. By continuing, you agree to our Privacy Policy.

Hi there! 👋

How can we help you today?

Our team typically responds within a few hours during business hours.

Send us a message