Privacy Policy
Last updated: May 31, 2026
Effective for the OpSystem web app (opsystem.app), the OpSystem Desktop app (Mac and Windows), and the OpSystem Mobile app (iOS and Android).
The short version
We collect what we need to run the service. We never sell your data. We never use your business data to train AI models, ours or anyone else's. You can export everything and delete your account at any time, and we mean it. Mobile apps are free, sign-in only; the subscription is managed on the web at opsystem.app.
The rest of this page is the long version, in plain English, with the legal bits where they actually matter.
1. Who we are
OpSystem is operated by Experienced Results LLC, a Mississippi limited liability company ("we," "us," "our"). Our office is in Hurley, Mississippi 39555, United States. You can reach us at privacy@opsystem.ai.
2. What we collect
Account data
Name, email, the business information you give us during onboarding (business name, phone, website, industry), and the bcrypt-hashed form of your password. We never store your password in plaintext.
Vault contents
Everything you put into your vault: client records, jobs, invoices, photos, files, conversations with the AI, notes, and anything you sync in from a connected integration. This is your data. It stays in your isolated vault directory and is encrypted at rest with a per-vault HKDF-derived key.
Browser tool action audit log
When the OpSystem AI takes an action on a third-party website on your behalf (clicks a button, fills a form, reads a page), we record what happened: the tool name, the URL or domain, a short summary of the action, your approval decision, and the timestamp. The audit log exists so you can see exactly what the AI did and so we can debug failures. Retention is 12 months. You can export or delete the log from Settings.
Voice agent transcripts
If you enable the AI voice receptionist, we record and transcribe inbound and outbound calls handled by the agent. Audio is captured by Telnyx and transcribed by OpenAI Whisper (the transcription happens on our infrastructure; OpenAI is the speech-to-text model provider). Transcripts and the audio file are retained for 90 days, after which the audio is deleted and only the transcript summary persists in your vault as part of the call record. You can shorten this retention or disable recording entirely in Settings.
Push notification tokens
When you install the Mobile app and grant notification permission, your device generates a push token (APNs on iOS, FCM on Android). We store the token, the device platform, the device name you choose, and the timestamp. We use it only to deliver notifications related to your account. The token is rotated by your device automatically; we keep the most recent one. You can revoke notification permission in your device settings, which makes the token inert.
Usage data
Token consumption per AI call, feature usage counts, login timestamps, IP address (for the request, not stored long-term as a profile attribute), and the OpSystem app version. Used for billing, debugging, and security alerts.
Payment data
Stripe handles payment processing. Card numbers and bank account details never touch our servers. We store the Stripe customer id, subscription status, plan, last four digits of the card, and the billing history we need to show you on your account page. Connected vendor payouts (Stripe Connect) follow the same model: we hold the connected account id and the payout records; Stripe holds the underlying bank data.
Webhook event log
When third-party services (Stripe, Telnyx, Mailgun, your connected integrations) send us webhook events, we keep the raw payload for 30 days for debugging and replay. After 30 days the payload is deleted; only the resulting record (e.g. a payment row, a message row) stays.
3. What we do with your data
- Run the service and deliver the features you signed up for
- Send your prompts to Anthropic's API to generate responses, and send audio to OpenAI Whisper to transcribe voice calls
- Sync data with the third-party services you choose to connect (Section 5)
- Process payments and manage your subscription via Stripe
- Send service notifications (account, billing, security alerts) by email and, if you opt in, by push
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
4. What we never do
- We never use your vault contents, your conversations, or your voice transcripts to train AI models. Not ours, not Anthropic's, not OpenAI's, not anyone's. Anthropic's commercial terms prohibit training on API customer data by default. OpenAI's Whisper API likewise does not train on inputs by default. We do not opt either of them in to training.
- We never sell your data. Not to advertisers, not to data brokers, not to anyone.
- We never share data between customer vaults. Your vault is isolated at the filesystem level and encrypted with a key derived just for you.
- We never run ads, never embed tracking pixels, and never use third-party analytics inside the app.
5. Third parties we share data with
These are the processors we use to run OpSystem. We share with each only what they need to do their job.
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI generation | Prompts, vault context the AI needs to answer, tool results |
| OpenAI (Whisper API) | Voice transcription | Call audio segments (transcribed, then returned to us) |
| Stripe | Payment processing + Stripe Connect | Name, email, card / bank handled by Stripe directly; we hold the customer id |
| Telnyx | SMS, voice receptionist (AI), inbound + outbound calls | Phone numbers, message content, call audio, caller metadata |
| Mailgun | Transactional email | Recipient email addresses, message content |
| Expo (push notifications) | Push delivery (relays to APNs + FCM) | Push token, notification payload (title + short body, no vault contents) |
| Apple (APNs) | Push delivery to iOS devices | Device token, notification payload |
| Google (FCM) | Push delivery to Android devices | Device token, notification payload |
| Hetzner Cloud (Helsinki, Finland) | Application servers, database, storage | All stored data (encrypted at rest, AES-256-GCM, per-vault HKDF keys) |
| Cloudflare | DNS, CDN, SSL, marketing site hosting | TLS-terminating traffic metadata; static marketing site assets |
6. Integrations you choose to connect
OpSystem can connect to services you already use (accounting, calendar, email, CRM, payments, scheduling, social, marketing). Connecting an integration is always opt-in: you initiate it from Settings, authorize OpSystem through that service's OAuth flow, and can disconnect at any time. After disconnection, your data already imported into OpSystem stays in your vault; we revoke our access to the third-party service and clear the credential from our storage.
We do not share data between integrations beyond what you configure. The OAuth credentials you grant are stored encrypted with the same per-vault key system as the rest of your sensitive data.
| Service | Category | Data Exchanged |
|---|---|---|
| QuickBooks Online | Accounting | Customers, invoices, payments, expenses, vendors, items |
| Xero | Accounting | Contacts, invoices, payments, bank transactions |
| Google Workspace | Calendar, email, files, contacts | Calendar events, Gmail, Drive metadata, Contacts |
| Microsoft 365 | Calendar, email, files, contacts | Calendar, Outlook mail, OneDrive metadata, Contacts |
| Google Business Profile | Reviews / presence | Reviews, posts, Q&A, location info |
| Meta Business Suite | Social / messaging | Messenger + Instagram DMs, page posts, Facebook reviews |
| HubSpot | CRM | Contacts, companies, deals, tickets |
| GoHighLevel | CRM / marketing | Contacts, opportunities, conversations, calendar, campaigns |
| Salesforce | CRM | Contacts, opportunities (read-only at present) |
| HoneyBook | CRM (creative services) | Clients, projects, invoices, contracts |
| Stripe Connect (your own Stripe) | Payments | Customers, payments, refunds, disputes |
| Square | POS / payments | Customers, orders, payments, catalog |
| Calendly / Cal.com | Scheduling | Bookings, event types |
| Mailchimp | Email marketing | Audiences, contacts, campaign metrics |
7. Storage and security
Your data is stored on Hetzner Cloud servers in Helsinki, Finland. Each customer's vault lives in its own isolated filesystem directory and is never colocated with another customer's data in a shared database row.
- TLS 1.3 on every connection, HSTS preload, HTTPS enforced.
- Sensitive fields (SSNs, bank accounts, tax IDs, compensation) and all OAuth credentials encrypted at rest with AES-256-GCM. Each vault has its own encryption key derived via HKDF-SHA256 from a master key (kept in environment configuration, separated from the database).
- Passwords hashed with bcrypt (cost factor 12).
- Auth via JWT in httpOnly + Secure + SameSite=strict cookies on web; secure platform keychain (Keychain on iOS, EncryptedSharedPreferences on Android, OS credential vault on desktop) for the Mobile and Desktop apps. Sessions are revocable server-side.
- Role-based access control on every API route. Vault path scoping derived server-side from the authenticated session, sanitized against directory traversal.
- Webhook deliveries verified by signature (HMAC, Ed25519, or vendor-specific equivalent) before any state change.
- File uploads validated by magic-byte detection, not Content-Type header.
- Automated security checks on every deployment: lint rules that ban known-bad patterns, TypeScript type checks, the full test suite, and `npm audit`. Build fails before deploy if any of these regress.
8. How long we keep your data
- Vault contents: Kept until you delete the account. After you delete the account, your vault and all data tied to it are deleted from our servers and from backups within 30 days.
- Browser tool audit log: 12 months from action date.
- Voice agent transcripts: 90 days, then deleted from our servers. The structured call record (caller, duration, summary) persists in your vault as a markdown file so you retain a permanent business record of the conversation.
- Voice agent audio recordings: Handled by our voice carrier (Telnyx) per their terms of service. OpSystem does not retain raw audio on its own servers. If you need to request deletion of audio held by the carrier, contact us and we will forward the request.
- Webhook event log: 30 days.
- Push notification tokens: Kept while the device is registered. Tokens marked invalid by APNs / FCM are deleted within 7 days.
- Billing records: Up to 7 years as required by US tax and accounting regulations.
9. Your rights
You have the right to:
- Access your data at any time through the Service.
- Export your complete vault as a ZIP archive (Settings → Export).
- Correct any inaccurate personal information.
- Delete your account and all associated data (Settings → Delete account, or email privacy@opsystem.ai).
- Restrict processing of your data (by downgrading, disconnecting integrations, or turning off features).
- Object to processing for marketing purposes.
- Lodge a complaint with a supervisory authority (for EU residents) or with your state attorney general (for US residents).
We respond to verified requests within 30 days. There is no charge for the first request in any 12-month period.
10. Children's privacy (COPPA)
OpSystem is built for business use and is not directed at children. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided personal information to us, email privacy@opsystem.ai and we will delete the data promptly.
11. California residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, the categories of sources, the business purposes, and the categories of third parties with whom we share it. All of that is in Sections 2, 3, 5, 6, and 8 above. You also have the right to delete your personal information (Section 9), to correct inaccurate information, and to limit our use of sensitive personal information.
We do not sell personal information and do not share personal information for cross-context behavioral advertising. We will not discriminate against you for exercising any CCPA / CPRA right.
12. EU / UK residents (GDPR / UK GDPR)
We do not actively market the Service inside the European Economic Area or the United Kingdom. If you choose to use OpSystem from there, you have all the rights described in Section 9, plus the right to data portability and the right to withdraw consent at any time.
Our legal basis for processing is the performance of the contract you enter when you sign up, plus our legitimate interest in operating a secure service. For marketing emails, the legal basis is your consent.
Data is stored on Hetzner Cloud servers in Helsinki, Finland, which sits inside the EEA. When data is transferred outside the EEA (for example, to Anthropic in the US for AI processing), the transfer is covered by Standard Contractual Clauses.
13. Mobile app specifics
The OpSystem Mobile app (iOS and Android) is a companion to the web subscription. It is free to download and requires sign-in to an existing OpSystem account. There is no in-app purchase, no in-app subscription, and no advertising inside the app.
Push notifications are opt-in. If you decline the notification permission prompt, the app continues to work fully; you will not receive notifications until you opt in later from Settings.
The app uses your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android) for the session token. It never writes credentials to disk in plaintext and never to third-party storage.
14. Desktop app specifics
The OpSystem Desktop app (Mac and Windows) runs locally on your machine and talks to opsystem.app the same way the web app does. It can drive an embedded browser to take actions on third-party sites on your behalf; every write action requires your explicit approval the first time it touches a new domain (you can choose "always allow this domain" per domain), and every action is logged to the browser tool audit log described in Section 2.
The Desktop app auto-updates from a feed served on opsystem.ai. Updates are downloaded over HTTPS and verified before install. The update channel is rolled out gradually to catch regressions before they reach everyone.
15. Cookies and tracking
The OpSystem app uses a single httpOnly Secure session cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics inside the app. The marketing site (opsystem.ai) uses minimal first-party analytics for performance and uptime, with separate disclosure on the cookie consent banner.
16. Changes to this policy
We may update this Privacy Policy. Material changes will be highlighted at the top of this page and emailed to the address on file at least 30 days before they take effect. Non-material changes (formatting, clarity, fixing typos) may be made without notice; you can always see the "Last updated" date at the top.
17. Contact
Privacy questions, requests, or complaints? Email privacy@opsystem.ai.
Experienced Results LLC
Hurley, Mississippi 39555
United States