Trinity markOpsBrain

Privacy Policy

Last updated: April 11, 2026

1. Who we are

OpsBrain is operated by Argen Pojani (sole proprietor), based in Albania. When this policy says “we”, “us”, or “OpsBrain”, it refers to the data controller responsible for your information. Contact: argen@opsbrain.com

2. Data we collect

  • Account data — name, email address, hashed password, company name, timezone, and currency preference.
  • Uploaded documents — PDFs you upload for extraction. These are encrypted at rest with a per-tenant key and never shared between workspaces.
  • Extracted content — text, obligations, and metadata derived from your documents by the extraction pipeline.
  • Usage data — IP address, browser type, pages visited, and API request timestamps (collected for rate limiting and security).
  • Payment data — handled entirely by Stripe. We store only your Stripe customer ID and subscription ID — never card numbers.

3. How we use your data

  • To provide and operate the OpsBrain service.
  • To authenticate your sessions and enforce access controls.
  • To send transactional emails (verification, password reset, team invites).
  • To detect and prevent abuse (rate limiting, brute-force lockout).
  • To improve the service through aggregated, anonymized usage patterns.

We do not sell your data. We do not use your documents to train AI models.

4. Data storage and encryption

Your uploaded documents are encrypted using AES-256 (Fernet) with a per-tenant key derived via PBKDF2-HMAC-SHA256 with 480,000 iterations and a unique random salt. Data is stored in the region you deploy to. We do not transfer data across jurisdictions unless you configure a cross-region storage backend.

5. Third-party processors

  • Stripe — payment processing.
  • Groq / your custom LLM provider — document text extraction (only the text you upload; never your credentials or account data). You can bring your own API key to route through your own provider.
  • SMTP provider — transactional email delivery (configurable by the operator).

6. Data retention

We retain your data for as long as your account is active. If you delete your account or cancel your subscription, we delete your uploaded documents and extracted data within 30 days. Audit logs are retained for 1 year for security purposes.

7. Your rights

You have the right to access, correct, export, or delete your personal data at any time. Contact argen@opsbrain.com to exercise these rights. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use httpOnly session cookies for authentication. We do not use advertising or tracking cookies. See our Cookie Policy for details.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of OpsBrain after changes constitutes acceptance of the updated policy.