Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, phone number, company name, and role when you create an account.
  • Business data: Lead records, job details, financial information, proposals, client and subcontractor information, communications, and documents you input into the Service.
  • Usage data: Pages visited, features used, interaction timestamps, and device/browser information for analytics and performance improvement.
  • Communication data: Call recordings, SMS messages, emails, and meeting notes processed through integrated communication providers.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process transactions and send billing-related communications.
  • To power AI features such as proposal generation, call analysis, lead scoring, and the AI assistant.
  • To send system notifications, product updates, and support communications.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

3. Third-Party Processors

We share data with the following service providers to operate the Service:

  • Supabase -- Database hosting, authentication, and file storage.
  • Vercel -- Application hosting and edge delivery.
  • Anthropic -- AI processing for proposal generation, call analysis, coaching, and the AI assistant. Relevant business context is sent to the Claude API. Anthropic does not use your data for model training under our commercial agreement.
  • Stripe -- Payment processing for subscription billing.
  • Resend -- Transactional and marketing email delivery.
  • RingCentral -- Voice calling and SMS communication services.

We do not sell your personal information to third parties. Data is shared with processors only as necessary to provide the Service.

4. Data Storage and Security

Your data is stored on Supabase infrastructure hosted in the United States. We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and row-level security policies to protect your data. Access to production systems is restricted to authorized personnel.

5. Multi-Tenant Architecture

Oparbase operates a multi-tenant architecture where each organization's data is logically isolated using row-level security policies enforced at the database level. Your data is never accessible to other organizations on the platform. All queries are scoped to your organization's unique identifier.

6. AI Data Processing

When you use AI-powered features, relevant portions of your business data are sent to Anthropic's Claude API for processing. This may include lead details, job information, financial summaries, communication transcripts, and other context necessary for the AI feature. AI responses are generated in real time and are not stored by Anthropic. We retain AI interaction logs for service improvement and debugging purposes.

7. Cookies and Tracking

We use the following types of cookies and local storage:

  • Essential cookies: Authentication session tokens and CSRF protection. Required for the Service to function.
  • Preference storage: Theme preferences, sidebar customization, and dashboard layout stored in localStorage.
  • Analytics: Anonymous usage analytics to improve the Service. No personally identifiable information is collected through analytics.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

8. Data Retention

Business data is retained for as long as your account is active. Upon cancellation, data is retained for 30 days before permanent deletion. Communication logs and AI interaction logs are retained for up to 12 months. Backup copies may persist for up to 90 days after deletion. You may request earlier deletion by contacting support.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Export: Request a machine-readable export of your data.
  • Opt-out: Opt out of non-essential communications at any time.

To exercise these rights, contact us at privacy@oparbase.com.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

12. Contact

For privacy-related inquiries, contact us at privacy@oparbase.com.