GDPR Compliance

Ops Atlas is committed to protecting the privacy of individuals in the European Union and European Economic Area in accordance with the General Data Protection Regulation (GDPR).

Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, you can:

• Email us at privacy@opsatlas.io
• Use our contact form
• Request via your account settings (for account holders)

We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, but we will inform you of any extension within the initial 30-day period.

Legal Basis for Processing

We process your personal data under the following legal bases:

Processing Activity	Legal Basis
Providing the Service	Contract performance
Account management	Contract performance
Customer support	Legitimate interest
Marketing emails	Consent
Analytics	Consent (via cookie banner)
Security & fraud prevention	Legitimate interest
Legal compliance	Legal obligation

Data Transfers

Some of our service providers are located outside the EU/EEA (primarily in the United States). When we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Data Processing Agreements with all processors

Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all our sub-processors that handle personal data on our behalf. These agreements ensure:

• Data is processed only according to our instructions
• Appropriate security measures are implemented
• Sub-processors meet GDPR requirements
• Data subjects' rights are protected

Data Retention

We retain personal data only for as long as necessary:

• Account data: Until account deletion + 30 days backup period
• Transaction records: 7 years (legal requirement)
• Support tickets: 2 years after resolution
• Analytics data: 14 months
• Marketing consent records: Until consent withdrawal + 3 years

Security Measures

We implement technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures
• Regular backups with encryption

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it. If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Children's Data

Ops Atlas is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Find your local supervisory authority →

Data Controller

The data controller responsible for processing your personal data is:

As a small operation, we have not appointed a Data Protection Officer (DPO). All data protection inquiries should be directed to the email above.

Sub-Processors

We use the following third-party services that may process your data:

Service	Purpose	Location
Vercel Inc.	Website hosting	USA (SCCs)
Google LLC	Analytics	USA (SCCs)
Kit (ConvertKit)	Email newsletter	USA (SCCs)
Formspree Inc.	Contact forms	USA (SCCs)
GitHub Inc.	Code hosting	USA (SCCs)

SCCs = Standard Contractual Clauses approved by the European Commission for data transfers outside EU/EEA.

Contact Our Data Protection Team

For any GDPR-related inquiries: