Privacy Policy

Last updated: 29. juli 2025

1. Introduction

Optimate I/S ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI workflow automation platform.

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, company name, job title
• Payment Information: Billing address, payment method details (processed securely by Stripe)
• Contact Information: When you contact support or subscribe to updates
• Profile Data: Preferences, settings, and customizations

2.2 Usage Information

• Platform Activity: Workflows created, AI agents used, dashboard interactions
• Technical Data: IP address, browser type, device information, session data
• Performance Metrics: Service usage statistics, error logs, response times
• Communication Data: Messages and files processed through our AI agents

2.3 Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze platform usage (Google Analytics)
• Provide customer support

3. How We Use Your Information

3.1 Service Provision

• Provide and maintain the Optimate platform
• Process your AI workflows and automations
• Manage your account and subscriptions
• Provide customer support

3.2 Service Improvement

• Analyze usage patterns to improve our AI models
• Develop new features and capabilities
• Monitor platform performance and security
• Conduct research and development

3.3 Communication

• Send service updates and announcements
• Provide technical support
• Share relevant product updates (with your consent)
• Process billing and payment notifications

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Contract Performance: To provide our services as agreed
• Legitimate Interest: To improve our services and ensure security
• Consent: For marketing communications (where required)
• Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties who assist in providing our services:

• Supabase: Database and authentication services
• Stripe: Payment processing (PCI DSS compliant)
• Vercel: Hosting and content delivery
• OpenAI/Anthropic: AI model processing (where applicable)
• Google Analytics: Usage analytics (anonymized)

5.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

6. Data Security

We implement industry-standard security measures:

• Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Monitoring: Continuous security monitoring and threat detection
• Auditing: Regular security audits and penetration testing
• Backup: Secure, encrypted backups with geographic redundancy

7. Data Retention

• Account Data: Retained while your account is active
• Workflow Data: Retained as long as needed for service provision
• Analytics Data: Aggregated data retained for 26 months
• Support Data: Retained for 3 years for quality assurance
• Deleted Account Data: Securely deleted within 30 days of account closure

8. Your Rights (GDPR)

As an EU resident, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at support@optimate.one

9. International Data Transfers

Your data may be processed in countries outside the EU/EEA. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) with service providers
• Adequacy decisions by the European Commission
• Appropriate technical and organizational safeguards

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

12. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification at least 30 days before they take effect.

13. Contact Information

For privacy-related questions or requests, contact us at:

14. Supervisory Authority

If you have concerns about our data processing practices, you can contact the Danish Data Protection Agency: