Professional at work

Privacy Policy

Your data, always protected
Zero data sales
Full encryption
GDPR compliant
You control your data

We do not sell your personal data. We do not share your workspace data with third parties for advertising. Learn how we collect, use, and protect your information.

Read Policy

Effective date: 18 February 2026

Odokai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services. By using our Services, you consent to the practices described in this policy.

We do not sell your personal data. We do not share your workspace data or content with third parties for advertising or marketing. We retain only what is necessary to provide the Services you use.

1. Information We Collect

1.1 Information You Provide

  • Account and profile information: Name, email address, and password when you create an account. If you sign in via OAuth (e.g., Google, GitHub), we receive only the profile information you authorize (such as email and name) from the authentication provider.
  • Workspace content: The data you choose to store in your workspace, including agent configurations, workflows, knowledge bases, prompts, and any content you upload or create while using our Services.
  • Communications: Messages you send to us and any information you include in those communications.
  • Payment information: Billing details are collected and processed by our payment provider; we do not store full payment card numbers.

1.2 Information Collected Automatically

  • Usage and technical data: Log data (IP address, browser type, device information), how you interact with our Services, and performance metrics.
  • Cookies and similar technologies: Used for authentication, preferences, and analytics. See section 6 below.

1.3 Information from Third-Party Integrations

When you connect third-party services (e.g., OAuth providers, APIs, external tools), we receive only the data you authorize through those integrations. We do not access data beyond the scopes you explicitly grant.

2. How We Use Your Information

We use your information to:

  • Provide the Services: Operate the platform, process your workspace data, run your agents and workflows.
  • Maintain and improve the Services: Debug issues, analyze usage patterns, and develop new functionality.
  • Communicate with you: Respond to support requests, send service-related notices, and, with your consent, send product updates or marketing.
  • Secure the Services: Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations: Meet applicable laws, regulations, and lawful requests.

We do not use your workspace content or personal data for advertising. We do not train AI models on your workspace data for purposes unrelated to providing the Services to you.

3. How We Share Your Information

We do not sell your personal data or workspace content.

We share information only in these limited circumstances:

  • Service Providers: Third parties (hosting, infrastructure, payment processing) who process data on our behalf and are bound by contractual obligations to protect your data.
  • At Your Direction: When you configure integrations or OAuth connections, data may be sent to those services according to the permissions you grant.
  • Legal Requirements: When required by law, court order, subpoena, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets. We will notify you of any material change.
  • Aggregated or De-identified Data: We may create aggregated or de-identified data that cannot identify you, for analytics and improvement of our Services.

4. Data Retention and Deletion

  • Workspace data: Retained for as long as your account is active. You can delete content at any time.
  • Account data: When you close your account, we delete or anonymize your personal data, except where we must retain it for legal or regulatory purposes.
  • Logs and technical data: Retained for a limited period as needed for security, debugging, and compliance.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

Security & Compliance Readiness

Opus is built with security controls aligned to SOC 2 and ISO/IEC 27001 principles, with a strong focus on protecting customer data and system integrity.

Current controls include:

  • Access control with authenticated sessions, API token lifecycle controls, and role-based permissions.
  • Secure application defaults including CSRF protection, strict CORS validation, rate limiting, and security headers.
  • Sensitive-data-aware logging and audit trails for security-relevant actions.
  • Production guardrails to prevent unsafe runtime configurations.
  • Monitoring and traceability to support incident detection and investigation.

We are continuously maturing our governance, evidence, and operational processes to support formal compliance programs.

6. Cookies and Tracking

We use cookies for essential operations (authentication, session management), preferences, and analytics. You can manage cookie preferences through your browser settings.

We do not run social media platforms. Our Services do not include social features such as public profiles, feeds, or follower networks.

7. Your Rights and Choices

You may access, correct, delete, or export your personal data through your account settings or by contacting us. You may opt out of marketing communications at any time.

California Residents

Under the CCPA, you may have rights to know, access, delete, and opt out of the sale of personal information. We do not sell personal information. Contact us to exercise these rights.

Nevada Residents

We do not sell personal information as defined under Nevada law. To submit a request, contact us with "Nevada Do Not Sell Request" in the subject line.

European Economic Area, UK, and Switzerland

If you are in the EEA, UK, or Switzerland, you have rights under the GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. We process your data on the bases of contractual necessity, legitimate interests, consent, and legal obligation.

8. International Data Transfers

Our Services may process data in the United States and other countries. We ensure appropriate safeguards where required by applicable law for such transfers.

9. Children

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children under 16.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the effective date. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy, your personal data, or to exercise your rights:

Odokai
Website: odok.ai