HomeBlogInternshipsLinkedInLinkedIn

Privacy Policy

Last Updated June 3, 2025

TL;DR — We collect only what's necessary to deliver exceptional digital products, protect your data with industry-leading security, never sell your information, and give you full control over your data.

This policy explains how we collect, use, and protect information when building and delivering custom digital solutions for sports organizations. We're committed to transparency and data protection.

Data Protection by Design

OPTO builds custom digital products for sports brands with security and privacy at the core. We implement robust data protection measures in every solution we deliver.

User Data Protection
Secure Infrastructure
GDPR Compliant

OPTO ("we", "our", or "us") designs and develops custom digital products for sports organizations, clubs, and academies. This Privacy Policy describes how we collect, use, and protect information when you work with us or use digital products we've built.

Who This Policy Applies To

This privacy policy covers multiple groups of people:

  • Clients: Sports organizations, clubs, and academies who engage OPTO to build custom digital products (websites, mobile apps, SaaS platforms).
  • End Users: Athletes, members, fans, and other individuals who use digital products we've built for our clients.
  • Website Visitors: Anyone visiting our company website at www.OPTO.cc.

Note: We are committed to protecting the privacy of everyone we work with, from our direct clients to the end users of the products we build.

Our Data Protection Principles

OPTO is built on strong data protection principles that guide everything we do:

  • Data Minimization: We only collect information necessary to deliver exceptional digital products and services.
  • Purpose Limitation: Data is used only for the specific purposes disclosed and agreed upon.
  • Security by Design: We implement robust security measures in every product we build from day one.
  • Transparency: We're clear about what data we collect and how it's used.
  • User Control: You maintain control over your data and can request access, correction, or deletion at any time.
  • No Data Sales: We never sell client or user data to third parties.
  • Compliance First: We ensure all products comply with GDPR, CCPA, and other relevant data protection regulations.

Information We Collect

From Our Clients

When you engage OPTO for development services, we collect:

  • Contact information: Name, email address, phone number, and organization details
  • Project requirements: Specifications, goals, and technical requirements for your digital product
  • Business information: Company details, branding assets, and content you provide
  • Payment information: Billing details and payment history for services rendered
  • Communications: Emails, messages, and feedback during project collaboration

From End Users of Products We Build

The data collected from end users depends entirely on the specific product we build for our clients. This may include:

  • Account information: User profiles, authentication credentials, and preferences
  • Activity data: Usage patterns, interactions, and engagement metrics within the platform
  • Technical information: Device type, browser, operating system, and IP addresses
  • Performance data: App or website performance metrics to ensure optimal user experience
  • Sports-specific data: Training records, membership details, booking information (as applicable)

Important: For products we build, our clients act as data controllers and determine what data is collected. We ensure all products include appropriate privacy controls and comply with data protection regulations.

  • User interaction data: Scroll depth, interaction counts, and exit intent detection (anonymized)
  • Error information: JavaScript errors and technical issues to help website owners improve their sites

Important: We immediately anonymize IP addresses using a one-way hash function. We never store IP addresses in their original form, and it's impossible for us to identify individual users from the data we collect.

Data Retention

We retain data only as long as necessary:

  • Client Data: Retained during our business relationship and for legal/tax purposes thereafter
  • Project Data: Transferred to clients upon completion; we may retain copies for portfolio purposes with consent
  • End User Data: Retention policies are defined by our clients for products we build

How We Use Information

Client Data Usage

We use client information to:

  • Design, develop, and deliver custom digital products
  • Communicate about project progress, updates, and deliverables
  • Process payments and manage contracts
  • Provide ongoing support and maintenance
  • Improve our services based on feedback and usage patterns
  • Comply with legal and contractual obligations

End User Data Usage

For products we build, data usage is determined by our clients as data controllers. Typically, data is used to:

  • Provide core functionality of the platform or app
  • Personalize user experience and preferences
  • Process transactions and manage memberships
  • Send relevant notifications and communications
  • Improve product performance and user experience
  • Ensure security and prevent fraud

Note: We build privacy controls and user consent mechanisms into every product, ensuring end users understand and control how their data is used.

  • Provide customer support and respond to inquiries
  • Improve our service based on usage patterns
  • Ensure compliance with legal obligations

End User Data Usage

We use anonymized end user data solely to:

  • Generate aggregated analytics reports for website owners
  • Provide insights about website performance and user experience
  • Help website owners understand their audience demographics (country/region level only)
  • Monitor our service performance and detect technical issues
  • Help website owners identify and fix technical problems through error tracking
  • Provide performance optimization insights through Core Web Vitals and loading metrics

Note: End user data is never used for advertising, marketing, or any purpose other than providing analytics insights to website owners.

GDPR and Privacy Rights

Legal Basis for Processing

Under GDPR, our legal basis for processing data is:

  • Customer Data: Contractual necessity (to provide our service) and legitimate interests (service improvement)
  • End User Data: Legitimate interests of website owners to understand their site performance, balanced against user privacy rights

Your Rights (Customers)

As a customer, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests

End User Rights

As an end user (website visitor), you have the right to:

  • Information: Know what data is collected (detailed in this policy)
  • Objection: Object to analytics tracking (use browser Do Not Track or ad blockers)
  • Erasure: Since we don't identify individuals, we can't delete specific user data, but all data is automatically deleted according to our retention policies

Note: Because we don't identify individual end users, many traditional rights don't apply, but this actually provides stronger privacy protection.

Data Security

We implement comprehensive security measures:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict employee access controls with multi-factor authentication
  • Infrastructure: Hosted on secure, SOC 2 certified cloud infrastructure
  • Monitoring: 24/7 security monitoring and automated threat detection
  • Data Minimization: We collect and store only what's necessary
  • Anonymization: IP addresses are immediately anonymized using cryptographic hashes

Note: Our privacy-first approach means that even in the unlikely event of a data breach, individual users cannot be identified from the analytics data we store.

Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled, please contact us:

privacy@OPTO.cc

We typically respond to privacy inquiries within 24 hours, and will fulfill data subject requests within 30 days as required by GDPR.