Privacy Policy

Operant Technologies is a business-to-business platform. When an organization (the “Customer”) signs up for the Service, that Customer controls the data uploaded to its account. Operant processes that data on the Customer’s behalf — we are a data processor, not the controller. For questions about data handled inside a specific Customer’s account, please contact that Customer directly.

For information we collect directly from you — when you create an account, contact us, or browse the marketing site — Operant is the data controller and this Policy applies in full.

Account Information

When you sign up, we collect your name, work email address, organization name, and the password you choose (stored only as a salted hash). If you enable two-factor authentication, we store a TOTP secret and a small set of one-time backup codes.

Customer Data

Through the Service you may upload or generate dashboard content, data-source connections, deployed-screen metadata, quoting documents, email-follow-up content (Agent), and other operational records. We process this content solely to provide the Service.

Usage & Diagnostic Information

We collect log data about how the Service is used — requests made, features accessed, error events, IP address, user-agent string, approximate location derived from IP, and event timestamps. We use this for security, debugging, and aggregate analytics.

Device Telemetry (Relay)

Screens paired through Relay periodically report heartbeats containing the screen’s viewport size, browser version, last-rendered dashboard version, and any client-side errors. This is used to surface offline screens and aid troubleshooting.

Cookies

We use a small number of cookies that are strictly necessary for the Service to function, including the ot-session cookie that authenticates you across our subdomains and a ot-theme cookie that remembers your dark/light mode choice. The marketing site uses Plausible Analytics, which is cookieless and does not track you across sites.

We use the information we collect to:

• provide, maintain, and secure the Service;
• authenticate users, prevent fraud, and respond to abuse;
• bill Customers and manage subscriptions, including through our payment processor;
• communicate with you about the Service — including product updates, security notices, and responses to support requests;
• troubleshoot problems and improve product quality, in aggregate;
• comply with legal obligations and enforce our Terms of Service.

We do not sell personal information. We do not use Customer Data to train generalized AI models intended for use by third parties.

We share information only as described below:

• With service providers who help us run the Service. These subprocessors are bound by contractual confidentiality and security obligations.
• Within Customer’s account — content uploaded by Customer’s users is available to other authorized users of that Customer’s account.
• For legal reasons — to comply with valid legal process or to protect the rights, property, or safety of Operant, our customers, or others.
• In a corporate transaction — if Operant is involved in a merger, acquisition, or sale of assets, with appropriate safeguards.

Current subprocessors:

We retain account information and Customer Data for as long as the Customer’s account is active. After termination, Customer Data is deleted within a reasonable period unless retention is required by law. Audit logs, billing records, and security-relevant logs may be retained longer to satisfy legal and operational requirements.

We implement technical and organizational measures designed to protect information from loss, misuse, and unauthorized access. These include encryption in transit (TLS), encryption at rest for the database, scoped row-level security to isolate Customer accounts, audit logging of administrative actions, and least-privilege access for our team.

No system is perfectly secure. If you believe you have discovered a vulnerability, please report it to security@operanttechnologies.com.

You can update your account information from the Panel. You may also request access to, correction of, or deletion of personal information we hold about you by emailing privacy@operanttechnologies.com. We will respond within a reasonable time, subject to applicable legal requirements.

If your information is held inside a Customer’s account (for example, you are an end user of a paying organization), please direct your request to that Customer; we will assist them in responding.

You may opt out of non-essential email communications at any time using the unsubscribe link in those messages. Transactional and security messages are required to operate the Service and cannot be opted out of while your account is active.

Operant is based in the United States. If you access the Service from another country, your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction. Where required, we rely on appropriate transfer mechanisms.

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal information from anyone under that age. If you believe a child has provided us with personal information, contact privacy@operanttechnologies.com so we can delete it.

We may update this Policy as the Service evolves. When we make material changes, we will notify Customers through the Panel or by email at least thirty (30) days before they take effect, and we will update the effective date at the top of this page.

Privacy questions, requests, and complaints can be sent to privacy@operanttechnologies.com. For security reports, use security@operanttechnologies.com.