Privacy Policy

Information We Collect

Account Information

When you register, we collect your email address, name, and authentication credentials. If you sign in with Google, we receive your name and email from Google's OAuth service.

Make.com Integration Data

To provide our service, we store your Make.com API keys (encrypted with AES-256-GCM), Organization IDs, and zone information. We periodically sync scenario metadata (names, statuses, execution logs) from the Make.com API on your behalf.

Usage Data

We automatically collect information about how you interact with OpsDeck, including pages visited, features used, and timestamps. This data helps us improve the product.

Log & Technical Data

We automatically collect technical information when you access OpsDeck, including your IP address, browser type and version, device type, operating system, referring URLs, and access timestamps. This data is used for security, diagnostics, and service improvement.

Payment Information

Payments are processed by Paddle. We do not store your credit card details. We retain your Paddle customer ID and subscription status to manage your plan.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the OpsDeck service
• Sync and display your Make.com scenario data
• privacy.useItem3
• Send you important notifications about your account or scenarios
• Process payments and manage your subscription
• Respond to support requests

Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with Row Level Security ensuring tenant isolation. API keys are encrypted at rest using AES-256-GCM with a master key stored securely in environment variables. Our application is hosted on Vercel. All data is transmitted over HTTPS.

We implement reasonable security measures to protect your data, including encryption at rest, encrypted connections, and logical tenant isolation. However, no system can be guaranteed 100% secure, and we cannot guarantee the absolute security of your information. You acknowledge that you provide your data at your own risk.

Third-Party Services

We use the following third-party services to operate OpsDeck:

• Supabase — Database, authentication, and real-time infrastructure
• Vercel — Application hosting and serverless functions
• Paddle — Payment processing and subscription management
• Google OAuth — Authentication provider
• Make.com API — Scenario data synchronization (using your API keys)

OpsDeck integrates with third-party services such as Make.com, Paddle, and Google. We are not responsible for the availability, security, privacy practices, or functionality of these third-party services. Your use of these services is subject to their respective terms and privacy policies.

Cookies

We use essential cookies to maintain your authentication session and locale preferences. We do not use advertising or third-party tracking cookies.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

• Contractual necessity — to provide and operate the OpsDeck service you signed up for
• Legitimate interests — to improve the service, ensure platform security, prevent fraud, and provide customer support
• Legal obligations — to comply with applicable laws, regulations, and legal processes
• Consent — where you have explicitly given consent for specific processing activities, which you may withdraw at any time

International Data Transfers

Your data may be processed and stored outside your country of residence, including in the United States. Our infrastructure providers (Supabase, Vercel) operate globally. Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or the provider's compliance frameworks to ensure your data is protected in accordance with applicable data protection laws.

Children's Privacy

OpsDeck is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete that information.

Legal Disclosure

We may disclose your personal information if required to do so by law, legal process, or a valid government request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to respond to a legal request.

Your Rights

You have the right to:

• Access, update, or delete your personal information from your account settings
• Revoke Make.com API keys at any time through your Make.com account
• Delete your account, which will permanently remove all your data from our systems

Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data (including encrypted API keys, scenario metadata, save points, and documentation) is permanently deleted within 30 days. Backup systems may retain residual copies for a limited period thereafter, after which they are automatically purged.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice in the application. Your continued use of OpsDeck after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at daniel@ma-tic.me.