O
Openesia OS
Sign inGet started

Legal

Privacy Policy

Effective date: 1 January 2025

Openesia Ltd ("we," "our," or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information about you when you use Openesia OS (the "Service"). It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We act as the data controller for personal data processed in connection with the Service.

1. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), and profile information you provide when registering.
  • Organisation data: information about your organisation including name, billing address, and branding.
  • Usage data: pages visited, features used, timestamps of activity, and browser/device information.
  • Payment data: billing details (processed by our payment provider — we do not store card numbers).
  • Content data: any data you upload or create within the Service (projects, invoices, documents, etc.).
  • Communications: messages you send to us via email or support channels.

2. How We Use Your Data

We use your personal data to:

  • Provide, operate, and improve the Service.
  • Process transactions and send billing-related communications.
  • Send service notifications (security alerts, product updates).
  • Respond to support requests and enquiries.
  • Analyse how the Service is used to improve features and performance.
  • Comply with legal obligations.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: processing necessary to fulfil our contract with you (providing the Service).
  • Legitimate interests: improving the Service, preventing fraud, and ensuring security.
  • Legal obligation: complying with applicable laws and regulations.
  • Consent: analytics and non-essential cookies (you may withdraw consent at any time).

4. Cookies

We use essential cookies required for the Service to function. With your consent, we also use analytics cookies to understand how users interact with the Service. You can manage cookie preferences via the cookie banner shown on your first visit, or at any time by clearing your browser's local storage.

We do not use advertising or tracking cookies, and we do not sell data to advertisers.

5. Data Sharing

We do not sell your personal data. We share data only with trusted third parties where necessary to operate the Service:

  • Cloud infrastructure: our hosting provider stores data in EU-based data centres.
  • Payment processing: our payment provider processes billing transactions.
  • Email delivery: a transactional email provider sends service notifications.
  • Analytics: aggregated, anonymised usage data may be processed by analytics tools.

All third-party processors are bound by data processing agreements and are required to process data only as instructed by us.

6. International Transfers

All personal data is stored and processed within the European Economic Area (EEA) or the United Kingdom. If we transfer data outside these regions, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it longer by law.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: ask us to restrict processing in certain circumstances.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encryption at rest and in transit, access controls, and regular security reviews.

While we take security seriously, no system is 100% secure. Please notify us immediately at [email protected] if you believe your account has been compromised.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, via email. The effective date at the top of this page will be updated accordingly.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact our Data Protection Officer at [email protected].

Openesia Ltd
England and Wales
[email protected]

This policy applies to Openesia OS only. For more information about your rights under UK data protection law, visit the Information Commissioner's Office website.