Legal
GDPR Compliance
Our commitment to the General Data Protection Regulation.
OpsScaleIQ is entirely committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy and fundamental rights of individuals whose data we process. As a B2B platform, we operate primarily as a Data Processor on behalf of our customers (the Data Controllers).
Our Role as a Data Processor
When utilizing OpsScaleIQ's operational feedback tools, our customers retain full ownership and control over the data ingested (such as reviews or escalated customer details). We only process this data according to written instructions provided within our Data Processing Agreement (DPA).
- We never sell customer or end-user data under any circumstances.
- We provide tools (including the Immutable Audit Log and CCPA recognition toggle) to help customers maintain compliant records.
- All sub-processors (Google Cloud Platform, Clerk, Stripe, Vertex AI, Resend) are vetted and contractually bound to equivalent data protection obligations.
- EU customer data is stored exclusively in EU Cloud SQL regions from the point of account creation.
- Reviewer names embedded in ingested review data can be anonymized on request without deleting the associated operational records.
Data Residency
OpsScaleIQ automatically provisions EU organisations on Google Cloud SQL instances located within the EU (Belgium / Netherlands). No manual configuration is required. If you are uncertain about your data region, contact us and we will confirm your Cloud SQL region in writing.
CCPA Recognition
For organisations operating under the California Consumer Privacy Act, the platform includes a CCPA recognition feature (Essential tier and above) that flags reviews containing opt-out or privacy-related language so that your team can respond appropriately.
Data Subject Rights (DSAR)
We fully support the execution of Data Subject Access Requests. Supported rights include:
- Right of access — obtain a copy of data OpsScaleIQ holds about a data subject
- Right to rectification — correct inaccurate personal data
- Right to erasure — permanent deletion of personal data, including anonymisation of reviewer names in ingested reviews
- Right to data portability — export your organisation's data in a machine-readable format
- Right to restrict processing — pause processing while a dispute is resolved
Request our DPA
All customers who require a signed Data Processing Agreement detailing our GDPR obligations, sub-processor list, and technical and organisational measures can request a copy from our privacy team. Enterprise customers on annual contracts receive a pre-signed DPA upon contract execution.
[email protected]Sub-processor List
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Compute, database, storage, AI | US / EU (region-matched) |
| Clerk | Authentication & identity | US |
| Stripe | Payment processing | US |
| Resend | Transactional email | US |