Privacy Policy
This privacy policy explains in detail how Opally ApS ("Opally", "we", "us", "our") collects, processes, stores, and protects personal data in connection with the delivery of our AI-powered guest communication platform, including Email Assistant, Chatbot, Voice Assistant, and Agent Actions. The policy is designed in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR).
1. Data Controller
Opally ApS
CVR: 45976904
Tyrolsgade 19, 4th
2300 Copenhagen S, Denmark
Contact: info@opally.com
1.1. Our Roles under GDPR
This privacy policy describes how we process personal data where Opally is the data controller. This applies to information about visitors to our website and users who create an account with us (e.g., staff members).
When our customers use Opally to process data about their guests, Opally acts as a data processor on behalf of the customer, who is the data controller. Our obligations as a data processor are governed by a separate Data Processing Agreement (DPA), which is entered into with each customer.
2. Purpose and Use
Opally offers an AI-powered guest communication platform that integrates with email clients (e.g., Outlook, Gmail), chat widgets, phone systems, booking systems (PMS), and other relevant systems. The platform includes Email Assistant, Chatbot, Voice Assistant, and Agent Actions. The purpose is to automate and streamline guest communications across multiple channels, improve the guest experience, and reduce administrative burdens for staff.
3. What Personal Data Do We Process?
We process the following categories of personal data where we are the data controller:
- Customer information: Name, email address, phone number, and position of employees at our customers.
- Payment information: Information related to billing and subscriptions, e.g., company name, registration number, and payment history. The actual card information is processed securely by our payment provider and is not stored by us.
- Communication data: Content of emails, messages, and feedback you send to us in connection with support and general communication.
- Technical data: IP address, browser type, device information, log files, and usage patterns on our platform and website.
- Integration data: API keys and access tokens to the customer's systems (stored securely and encrypted).
4. How Is Information Collected?
- Directly from you when you create an account, fill out a contact form, or contact our support.
- Automatically when you use our platform and website (e.g., via log files).
- Via integrations you authorize, e.g., to connect your account to third-party systems.
5. Purpose and Legal Basis for Processing
We process your personal data for the following specific purposes and with the following legal bases:
- Delivery of our service: To create and manage your user account, deliver the Opally platform's features, integrate with your systems, and manage your subscription.
Legal basis: Performance of the contract we have entered into with you (GDPR Art. 6.1.b). - Support and communication: To respond to your inquiries, provide technical support, and send important service notifications.
Legal basis: Our legitimate interest in providing good customer service and fulfilling our contract with you (GDPR Art. 6.1.b and f). - Billing and accounting: To issue invoices and comply with applicable accounting legislation.
Legal basis: Our legal obligation (GDPR Art. 6.1.c). - Security and abuse prevention: To monitor our platform for security threats, prevent abuse, and ensure the integrity of our systems.
Legal basis: Our legitimate interest in protecting our service, property, and users (GDPR Art. 6.1.f). - Product development and analysis: To understand how our platform is used, collect statistics, and improve our service. Where possible, we use anonymized or aggregated data for this purpose.
Legal basis: Our legitimate interest in developing and improving our product and business (GDPR Art. 6.1.f). - Marketing: To send you information about new features, tips, or offers related to our service.
Legal basis: Your consent (GDPR Art. 6.1.a), which you can withdraw at any time.
6. Sharing of Personal Data
We never sell your personal data. We only share your data with trusted third-party providers (sub-processors) to the extent necessary to deliver and improve our service. All sub-processors are bound by agreements that ensure GDPR compliance.
We may also disclose information if required by law, court order, or in connection with a business transaction (e.g., a merger).
7. Data Storage and Security
Storage and Transfers: We primarily process and store data within the EU/EEA (e.g., Frankfurt). However, we use trusted third-party service providers (e.g., for payments or customer support) that may process data in the USA. We ensure these transfers are legal by using valid transfer mechanisms, such as the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
Security measures: We use industry-standard security measures, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Regular security audits and penetration testing.
- Access controls and role-based permissions.
- Backup and disaster recovery plans.
Retention period: We store your personal data only as long as necessary for the purposes stated in this policy or as required by law. Specifically:
- Account information is stored as long as your account is active.
- Billing information is stored for 5 years in accordance with accounting legislation.
- Support correspondence is stored for up to 3 years.
- Technical logs are stored for up to 12 months.
8. Your Rights
Under GDPR, you have the following rights:
- Right of access: You can request a copy of the personal data we have about you.
- Right to rectification: You can request that we correct inaccurate or incomplete data.
- Right to erasure: You can request that we delete your data under certain circumstances.
- Right to restriction: You can request that we restrict the processing of your data.
- Right to data portability: You can request to receive your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interest.
- Right to withdraw consent: If processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at info@opally.com.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to improve your experience on our website. You can manage your cookie preferences in your browser.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes via email or through a notice on our platform.
11. Contact Us
If you have questions about this privacy policy or how we process your personal data, contact us at:
Email: info@opally.com
Address: Tyrolsgade 19, 4th, 2300 Copenhagen S, Denmark
You also have the right to lodge a complaint with your local data protection authority if you believe we have processed your personal data unlawfully.
Last updated: January 2026
