1. Introduction

OpteraOS ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, platform, and services.

2. Information We Collect

2.1 Information You Provide

• Account details (name, email, password)
• Firm information (company name, size, billing details)
• Uploaded files (BOEs, spreadsheets, documents)
• Messages, comments, or support requests

2.2 Automatically Collected Information

• Device and browser information
• IP address
• Usage analytics and event logs
• Cookies and tracking technologies

2.3 Third‑Party Integrations

If you connect external services (Google, Microsoft, etc.), we may access:

• Calendar and contact data
• File metadata
• Authentication tokens

3. How We Use Your Information

• Provide and maintain the OpteraOS platform
• Improve product features and user experience
• Secure accounts and prevent fraud
• Deliver customer support
• Process payments (when applicable)
• Analyze aggregated system usage

4. How We Store and Protect Data

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (Supabase/Postgres)
• Access controls and audit logging
• Regular security reviews

5. Sharing of Information

We do not sell user data.

We may share data with:

• Trusted service providers (hosting, analytics, email)
• Payment processors
• Legal authorities, if required

6. Data Retention

We retain data as long as your account remains active.
Backups are stored securely for disaster‑recovery purposes.

7. Your Rights

Depending on your region, you may request:

• Access to your data
• Correction or deletion
• Export of your data
• Opt‑out of certain processing

8. Children's Privacy

OpteraOS is not intended for users under 16.

9. Changes to Policy

We may update this Privacy Policy. Updates are posted on our website.

10. Contact

1. Introduction

OpteraOS uses cookies and similar technologies to provide, improve, and secure the platform.

2. Types of Cookies

Necessary Cookies

• Authentication
• Security
• Session management

Analytics Cookies

• Usage tracking
• Performance metrics

Functional Cookies

• Preferences
• UI state

3. Third-Party Cookies

We use:

• Vercel Analytics
• Supabase Auth
• Resend
• OpenAI (no cookies; API calls only)

4. Managing Cookies

You can disable cookies in browser settings, but some features may not work.

5. Contact

1. Acceptance of Terms

By using OpteraOS, you ("User") agree to this EULA.

2. License Grant

User receives a limited, non-exclusive license to access and use OpteraOS for their organization's internal business operations.

3. User Responsibilities

Users must:

• Keep account credentials secure
• Use the platform responsibly
• Follow all applicable laws

Users may NOT:

• Share logins
• Upload harmful, illegal, or sensitive content
• Reverse-engineer or disrupt the platform

4. Data & Content

User retains ownership of uploaded content.
OpteraOS processes data solely per the Privacy Policy and DPA.

5. AI Features

• AI outputs must be reviewed by User
• Sensitive personal data must not be input
• Data is not used to train public models

6. Termination

Access may be revoked for violations of this EULA or workspace policy.

7. Disclaimer

OpteraOS is provided "as-is" without warranties.

8. Contact

1. Overview

This Service Level Agreement ("SLA") defines uptime, support responsiveness, and service commitments provided by OpteraOS ("Provider") to customers ("Customer").

2. Service Availability

OpteraOS targets 99.5% uptime monthly, excluding:

• Scheduled maintenance
• Issues caused by Customer systems or misuse
• Internet, ISP, or external network failures
• Third‑party provider outages (Vercel, Supabase, OpenAI, Resend)

3. Scheduled Maintenance

We may perform maintenance with advanced notice. Emergency maintenance may occur as needed to preserve stability and security.

4. Support Response Times

Support Hours: Mon–Fri, 9am–5pm PT

5. Backups & Disaster Recovery

• Daily automated backups
• Retention: 7–30 days
• Disaster recovery objective: 24–48 hours

6. Data Security Measures

• TLS encryption in transit
• Encrypted PostgreSQL storage
• Access control and audit logging
• Continuous monitoring

7. Exclusions

This SLA does not apply to:

• Beta features
• Free-plan accounts
• Customer misconfigurations
• Force majeure events

8. Remedies

If uptime drops below SLA levels, Customers may request service credits equal to the percentage of downtime.

9. Contact

1. Purpose

This AUP ensures safe, compliant use of OpteraOS.

2. Prohibited Activities

Users may NOT:

• Upload malware, harmful, or illegal content
• Violate data privacy laws
• Attempt unauthorized access
• Perform security testing without permission
• Abuse free-tier AI resources
• Harass or harm other users

3. AI Usage Rules

• Do not input sensitive personal data
• Review all AI-generated outputs
• Do not automate spam or harmful workflows

4. Resource Limits

We may throttle excessive usage that impacts service health.

5. Enforcement

Violations may result in suspension or termination.

6. Contact

1. Introduction

This Data Processing Addendum ("DPA") forms part of the Terms & Conditions between Customer ("Controller") and OpteraOS ("Processor").

2. Subject Matter

Processor will process Customer Personal Data solely for purposes of delivering the OpteraOS platform.

3. Roles

• Customer = Data Controller
• OpteraOS = Data Processor

4. Processing Activities

• Storage and retrieval of customer data
• Structured data processing for CRM/Projects/Finance
• AI-assisted operations (non-training)
• Customer support operations

5. Data Categories

• User account data
• Firm and project data
• Uploaded files (BOEs, spreadsheets, docs)
• Usage metadata

6. Subprocessors

OpteraOS uses trusted providers:

• Vercel (hosting)
• Supabase (database, auth, storage)
• Resend (email)
• OpenAI (AI inference only — no training)

7. Security Measures

• TLS encryption
• Encryption at rest
• Role-based access control
• Audit logging
• Regular security reviews

8. Data Subject Rights

Processor assists Controller with:

• Access
• Deletion
• Correction
• Export

9. International Transfers

Transfers follow GDPR Standard Contractual Clauses.

10. Breach Notification

Processor notifies Controller without undue delay after discovering a breach.

11. Data Deletion

All Customer Data is deleted upon request or 30 days after account termination.

12. Contact

1. Commitment

OpteraOS complies with GDPR and processes personal data lawfully, fairly, and transparently.

2. Lawful Basis

We process data under:

• Performance of contract
• Legitimate interest
• User consent

3. Data Subject Rights

Under GDPR, users may:

• Access data
• Request deletion
• Request correction
• Export data
• Object to processing

4. Data Processing

All data is encrypted and stored in compliant infrastructure.

5. International Transfers

We use SCCs for EU→US transfers.

6. Data Protection Officer

1. Applicability

This Addendum applies to California residents under the CCPA/CPRA.

2. Consumer Rights

California users may:

• Request access to personal information
• Request deletion
• Request correction
• Opt out of sale or sharing (we do NOT sell data)

3. Categories of Data Collected

• Identifiers (name, email)
• Commercial information (subscription details)
• Usage data
• Uploaded BOEs/files

4. Sensitive Data

We do not collect or process sensitive personal data.

5. Non-Discrimination

Users exercising their rights are not penalized.

6. Contact

1. General Refund Policy

OpteraOS subscriptions are billed monthly or annually.
All payments are non-refundable, except in the cases listed below.

2. Refund Exceptions

We provide refunds for:

• Duplicate charges
• Accidental upgrades (if reported within 7 days)
• System-wide outages exceeding SLA guarantees
• Billing errors

3. Non‑Refundable Items

We do not offer refunds for:

• Partial months of service
• Unused time on paid plans
• Changes in firm size or inactivity
• Downgrades mid-cycle

4. Cancellation

Users may cancel at any time.
Service remains active until the end of the billing period.

5. Annual Plans

Annual payments are discounted and non-refundable.

6. Trials & Guarantees

If a free trial is offered, the user will not be charged until after the trial ends.

7. Contact

Carbon Design System

OpteraOS uses components from the Carbon Design System, which is licensed under the Apache License 2.0.

Copyright IBM Corp. 2016, 2025

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source code available at: https://github.com/carbon-design-system/carbon