Privacy Policy

Last updated: November 21, 2025

1. Introduction

Welcome to OppEdge ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our competitive intelligence platform.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password
  • Business Information: Business name, location, industry
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Scan Data: Competitor names, locations, and analysis preferences
  • Communications: Messages, feedback, and support requests

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: IP address, browser type, operating system
  • Cookies: See our Cookie Policy below
  • Analytics Data: Performance metrics, error logs

2.3 Third-Party Data

  • Public Business Data: Reviews, ratings, business information from Google Places, Yelp
  • Market Data: Industry trends, competitive intelligence from public sources

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Provide competitive intelligence analysis and insights
  • Account Management: Create and manage your account
  • Payment Processing: Process subscription payments
  • Communication: Send service updates, notifications, and support responses
  • Improvement: Analyze usage to improve our services
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: Processing necessary to provide our services
  • Consent: You have given explicit consent (e.g., marketing emails)
  • Legitimate Interests: Improving our services, security, fraud prevention
  • Legal Obligation: Compliance with laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Supabase (database), Stripe (payments), OpenAI (AI analysis), Sentry (error tracking), PostHog (analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

6. Cookies and Tracking

We use the following types of cookies:

  • Necessary Cookies: Essential for website functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our service (PostHog)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Deliver personalized content (if you consent)

You can manage your cookie preferences through our cookie consent banner.

7. Your Rights (GDPR)

You have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, visit your account settings or contact us at privacy@oppedge.com

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account Data: Until you delete your account
  • Scan Data: According to your subscription tier limits
  • Audit Logs: 1 year for security and compliance
  • Backups: 30 days

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Access controls and authentication
  • Regular security audits and monitoring
  • Employee training on data protection

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

  • Email: privacy@oppedge.com
  • Data Protection Officer: dpo@oppedge.com
  • Address: OppEdge LLC, 1234 Innovation Drive, Suite 100, San Francisco, CA 94102, United States

14. Supervisory Authority

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.