This Privacy Policy describes how opalLMS Inc. ("opalLMS", "we") collects, uses, and shares personal data when you visit our marketing site, create an account, or otherwise interact with our services.
1. Data we collect
We collect (a) data you provide directly — name, email, company, login credentials, payment details processed by our payment processor, and content you upload; (b) data we collect automatically — device type, IP address, browser, pages visited, and interactions with the platform; (c) data from third parties — limited profile data when you sign in with a third-party identity provider.
2. How we use data
We use personal data to operate the platform, authenticate you, provide customer support, process payments, send service and marketing communications (where permitted), detect fraud, and comply with legal obligations.
3. Legal bases (GDPR)
Where GDPR applies, we process personal data based on (a) contract performance — to deliver the service you subscribed to; (b) legitimate interests — fraud prevention, product analytics, service improvement; (c) consent — marketing emails, non-essential cookies; (d) legal obligation — tax, accounting, compliance.
4. Cookies
We use essential cookies to keep you signed in and protect against fraud, and — only with your consent — analytics cookies to understand site usage. See our Cookies Policy for details and how to manage preferences.
5. Sub-processors
We use carefully selected sub-processors to deliver the service (for example, payment processors, email providers, and cloud hosting). A current list is available on request. All sub-processors are contractually required to protect personal data to at least the standard set out in our Data Processing Agreement.
6. Data retention
We retain personal data for as long as your account is active, plus the period required to meet legal, accounting, or reporting obligations. Deleted accounts are purged from active systems within 90 days and from backups within our documented backup retention window.
7. International transfers
Data may be processed in countries outside your region. Where required by law, we use Standard Contractual Clauses or equivalent mechanisms to ensure transfers have an adequate level of protection.
8. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise these rights, email privacy@opallms.com. You may also lodge a complaint with your local data protection authority.
9. Children's privacy
opalLMS is not directed to children under 13 (or the minimum age in your country). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.
10. Security
We maintain administrative, technical, and physical safeguards including encryption in transit, encryption at rest, access controls, and regular security testing. No system is completely secure, and we cannot guarantee absolute security.
11. Changes
We may update this Privacy Policy. Material changes will be announced via email or in-app notice. The "last updated" date at the top of this page reflects the most recent version.
12. Contact
For privacy questions, email privacy@opallms.com.
Questions about this document? Email legal@opallms.com. For general support, see the help centre.