OPSIQOBack

Draft for privacy and legal review

Privacy Policy

This draft is intended as a starting point for Opsiqo (Pty) Ltd and should be reviewed against the final production supplier list, hosting regions, AI providers, payment flow, RMM telemetry model, POPIA/GDPR obligations, and legal advice before publication.

Draft effective date
02 June 2026
Controller / responsible party
Opsiqo (Pty) Ltd

Product Family

  • Opsiqo ServiceDesk(TM) AIO
  • Opsiqo ServiceDesk(TM) Enterprise
  • Opsiqo GRC(TM)
  • Opsiqo Sales(TM)
  • Opsiqo Projects(TM)
  • Opsiqo Insure(TM)
  • Opsiqo RMM(TM)

1. Status of This Draft

This Privacy Policy is a working draft for Opsiqo (Pty) Ltd and must be reviewed by a qualified legal practitioner, privacy specialist, and security owner before publication.

This draft is intended to align with South Africa's Protection of Personal Information Act, 2013 (POPIA), the General Data Protection Regulation (GDPR) where applicable, and other privacy laws that may apply based on the location of customers, users, data subjects, or processing activity.

This draft should be checked against Opsiqo's final legal name, registration details, information officer details, hosting regions, subprocessors, payment providers, AI providers, security controls, and retention schedule before it is used externally.

2. Who We Are

Opsiqo (Pty) Ltd provides software, workflow, service desk, managed service, sales, project, governance, insurance, remote management, and operational service capabilities through the Opsiqo product family.

For personal information collected through Opsiqo websites, demo requests, contact forms, sales activity, billing, account administration, security operations, support, analytics, and direct business communications, Opsiqo generally acts as the responsible party or controller.

For personal information, customer content, tickets, assets, endpoint telemetry, workflow records, messages, documents, configuration, and integrations stored by customers inside hosted Opsiqo services, the customer generally acts as the responsible party or controller, and Opsiqo acts as operator or processor on the customer's documented instructions.

Until a dedicated privacy contact is published, privacy and data protection requests may be sent to support@opsiqo.net.

3. Scope

This Privacy Policy applies when you visit Opsiqo websites, submit a form, request a demo, communicate with Opsiqo, use hosted services, receive support, interact with marketing, or use any subscribed Opsiqo product or related service.

This Privacy Policy covers Opsiqo ServiceDesk(TM) AIO, Opsiqo ServiceDesk(TM) Enterprise, Opsiqo GRC(TM), Opsiqo Sales(TM), Opsiqo Projects(TM), Opsiqo Insure(TM), Opsiqo RMM(TM), and related modules, integrations, automations, managed services, and support services.

Where a customer deploys a self-managed or customer-controlled environment, customer-controlled data handling may also be governed by that customer's own privacy notices, employment notices, security policies, and internal controls.

4. Personal Information We Collect

Identity and contact data, including name, role, company, email address, phone number, country, and communication preferences.

Account and access data, including usernames, authentication identifiers, tenant membership, roles, permissions, session metadata, and audit records.

Commercial and billing data, including selected products, package, quote, order, invoice, tax, payment status, subscription, renewal, and support entitlement information.

Support and service data, including tickets, comments, attachments, chats, emails, call notes, remote assistance requests, incidents, changes, knowledgebase activity, and service history.

Hosted customer content, including customer records, tickets, assets, IPAM data, sales leads, projects, GRC records, policies, reports, documents, workflows, integrations, and configuration data.

Endpoint and RMM data where enabled, including hostname, operating system, agent version, asset attributes, installed software, services, network interfaces, IP addresses, command results, deployment status, telemetry, and remote session events.

Website and usage data, including IP address, browser and device information, pages viewed, timestamps, form submissions, analytics events, cookie data, error logs, and security logs.

5. How We Use Personal Information

To provide, operate, secure, maintain, troubleshoot, and improve Opsiqo products and services.

To create accounts, authenticate users, manage tenants, enforce permissions, process support requests, deliver managed services, and perform customer-requested actions.

To respond to enquiries, manage demo requests, process website leads, schedule meetings, create sales records, provide quotations, manage subscriptions, and administer billing.

To monitor security, prevent abuse, investigate incidents, maintain audit trails, troubleshoot errors, enforce agreements, and protect Opsiqo, customers, users, and data subjects.

To send product, service, operational, security, renewal, billing, and marketing communications where permitted by law, consent, contract, or legitimate interest.

To comply with legal, tax, accounting, regulatory, contractual, audit, dispute-resolution, and law-enforcement obligations.

6. Legal Bases and Processing Grounds

Where POPIA applies, processing may be based on consent, performance of a contract, compliance with law, protection of legitimate interests, or another lawful processing ground available under POPIA.

Where GDPR or UK GDPR applies, processing may be based on contract, consent, legitimate interests, legal obligation, vital interests, public task where applicable, or another lawful basis appropriate to the activity.

Where Opsiqo acts as an operator or processor for hosted customer content, Opsiqo processes personal information on the customer's documented instructions, subject to contract, platform configuration, security requirements, and legal obligations.

The customer is responsible for ensuring that personal information submitted to Opsiqo is collected and processed lawfully, accurately, transparently, and only for appropriate business purposes.

7. Hosted Platform Data

Customers control the data they submit, upload, connect, configure, or process through hosted Opsiqo services.

Opsiqo personnel may access hosted customer data only where reasonably necessary for support, maintenance, troubleshooting, security, legal compliance, customer-authorised service delivery, or platform operation.

Customer administrators are responsible for user access, role assignment, tenant configuration, connector setup, endpoint deployment, remote management authority, and internal approvals.

Where required, Opsiqo and the customer should enter into a Data Processing Agreement covering processing instructions, confidentiality, subprocessors, security measures, breach notification, data subject rights, retention, deletion, and cross-border transfers.

8. RMM, Remote Access, and Endpoint Telemetry

Opsiqo RMM(TM) may process endpoint, asset, software, network, service, telemetry, policy, package, command, and remote session data where a customer enables and deploys the agent or related capability.

Customers must ensure that they have the authority, employee notices, client permissions, and legal basis required to deploy remote management, endpoint telemetry, automation, package deployment, policy management, and remote assistance functionality.

Opsiqo may record RMM actions, command execution, package deployment, script activity, remote session events, audit records, agent status, approval events, and security-relevant activity for operational, compliance, and evidentiary purposes.

Opsiqo tooling must not be used for covert surveillance, unauthorised access, credential harvesting, unlawful interception, or processing that breaches privacy, employment, cybersecurity, or client obligations.

9. Optional AI Features

Opsiqo may offer optional AI-assisted functionality, including summarisation, triage, recommendations, knowledge discovery, drafting, classification, and operational assistance.

AI features may process prompts, ticket content, summaries, knowledgebase content, customer-provided context, and operational metadata needed to produce the requested output.

Where third-party AI providers are used, those providers should be assessed and governed as subprocessors or service providers where required. The applicable customer agreement, package, configuration, or feature setting should determine whether AI functionality is enabled.

Customers should not submit sensitive, regulated, or confidential information to AI features unless they have assessed the feature, enabled it deliberately, and have the legal authority to do so.

10. Integrations and Third-Party Data

Customers may connect Opsiqo to identity providers, email platforms, communication tools, payment providers, cloud services, directory services, endpoint tools, storage providers, and other third-party systems.

Where integrations are enabled, Opsiqo processes integration data according to customer configuration, granted permissions, platform settings, and the applicable agreement.

Humans at Opsiqo should access integration content only where required for support, maintenance, security, legal compliance, or customer-authorised service delivery.

Customers are responsible for third-party licences, consent, connector permissions, API access, tenant configuration, and compliance with third-party terms unless expressly included in an Opsiqo managed service.

11. Cookies and Similar Technologies

Opsiqo may use essential cookies and similar technologies for authentication, session management, security, fraud prevention, routing, platform functionality, and load balancing.

Opsiqo may use analytics or marketing cookies on public websites where enabled and where permitted by law, consent, or legitimate interest.

Hosted tenant applications may use authentication tokens, session cookies, anti-forgery measures, and related security controls to protect user sessions and platform requests.

Users may manage cookies through browser settings or a cookie preference tool where one is made available. Blocking essential cookies may prevent parts of the website or hosted platform from working correctly.

12. Sharing and Subprocessors

Opsiqo does not sell personal information in the ordinary sense of exchanging it for money.

Opsiqo may share personal information with service providers, subprocessors, contractors, payment providers, hosting providers, database providers, email providers, analytics providers, communications tools, security tools, support systems, AI providers where enabled, and professional advisers where necessary to operate the business and provide services.

Opsiqo may share lead or contact details with authorised partners only where requested by the customer, required for fulfilment, or permitted by the applicable agreement and law.

Opsiqo may disclose information where required by law, court order, regulator request, security incident response, rights enforcement, corporate transaction, or to protect users, customers, Opsiqo, or third parties.

A current subprocessor list should be published or made available on request once the production supplier set is finalised.

13. International Transfers

Opsiqo may process or store personal information in South Africa and in other countries where Opsiqo or its suppliers operate.

Where personal information is transferred across borders, Opsiqo will use appropriate safeguards required by applicable law, which may include contractual safeguards, data processing agreements, standard contractual clauses, transfer risk assessments, or equivalent measures.

Customers should confirm any required data residency, cross-border transfer, or sector-specific restrictions before connecting regulated data or deploying endpoint management into a production environment.

14. Security

Opsiqo uses administrative, technical, and organisational safeguards designed to protect personal information and platform data.

These safeguards may include encryption in transit, access controls, role-based permissions, audit logs, monitoring, secure credential handling, vulnerability management, environment separation, backup controls, and staff confidentiality obligations.

No system can be guaranteed completely secure. Customers must also maintain appropriate endpoint, network, identity, user, administrator, and integration security controls.

Opsiqo should only claim external certifications, attestations, or audit frameworks in this Privacy Policy once those certifications are current and verified.

15. Security Incidents and Breach Notices

If Opsiqo becomes aware of a security incident involving personal information, Opsiqo will assess the incident and notify affected customers, regulators, or data subjects where required by law, contract, or platform obligations.

Where Opsiqo acts as operator or processor, Opsiqo will assist the relevant customer in meeting applicable breach notification obligations according to the Data Processing Agreement or service terms.

Customers must promptly notify Opsiqo of suspected misuse, unauthorised access, compromised credentials, endpoint compromise, connector abuse, or security events that may affect the platform or hosted data.

16. Retention

Opsiqo retains personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law, contract, tax, accounting, security, dispute, or operational requirements.

Customer content in hosted services will be retained, exported, deleted, or anonymised according to the applicable agreement, customer configuration, legal obligations, and operational constraints.

Sales leads, support records, audit logs, billing records, endpoint telemetry, security records, and platform logs may be retained for different periods based on the nature of the record and applicable legal or business requirements.

A production retention schedule should be finalised before publication and should identify default retention periods for leads, support tickets, billing records, audit logs, RMM telemetry, backups, and terminated tenant data.

17. Your Rights

Depending on where you are located and which law applies, you may have rights to access, correct, delete, object to, restrict, port, or withdraw consent for certain processing of your personal information.

Under POPIA, data subjects may request access to personal information, correction or deletion of personal information, and may object to certain processing where applicable. Data subjects may also lodge complaints with South Africa's Information Regulator.

Under GDPR or UK GDPR, data subjects may have rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.

Under California privacy law, eligible consumers may have rights to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising rights.

Under PIPEDA, eligible individuals may request access to personal information and correction of inaccurate or incomplete personal information.

Under LGPD, eligible individuals may have rights including confirmation of processing, access, correction, anonymisation, blocking, deletion, portability, information about sharing, and review of certain automated decisions.

Under Australian privacy law, eligible individuals may have rights to access and correct personal information under the Australian Privacy Principles.

18. Exercising Rights

To exercise privacy rights relating to data Opsiqo controls directly, contact Opsiqo through the published privacy or support contact channel.

For personal information stored in a customer's hosted tenant environment, contact the relevant customer organisation first because that customer is usually the responsible party or controller. Opsiqo will assist the customer where required by contract or law.

Opsiqo may need to verify your identity or authority before responding to a rights request.

Opsiqo may decline, limit, or defer a request where permitted by law, including where the request conflicts with legal obligations, security requirements, another person's rights, or the customer's role as responsible party or controller.

19. Marketing Preferences

You may opt out of marketing communications by using the unsubscribe link in applicable messages or by contacting Opsiqo.

Operational, security, billing, legal, and service-related communications may still be sent where necessary for the provision or administration of services.

Where direct marketing consent is required, Opsiqo should record and honour opt-in, opt-out, and preference-management choices in accordance with applicable law.

20. Children and Sensitive Information

Opsiqo products are intended for business use and are not directed at children.

Customers should not submit children's personal information, special personal information, sensitive personal information, health information, financial account data, or other regulated data unless the customer has the necessary authority, safeguards, and agreement in place.

Where regulated or sensitive data is processed, additional controls, contractual terms, and legal assessments may be required.

21. Changes to This Policy

Opsiqo may update this Privacy Policy from time to time. The latest version will be published on the website.

Where changes are material, Opsiqo may provide additional notice by email, in-app notice, website notice, or another appropriate method.

Continued use of the services after an updated policy takes effect may be treated as acceptance where permitted by law and the applicable agreement.

22. Contact

Privacy, support, and customer requests may be sent to support@opsiqo.net until a dedicated privacy contact address is published.

Customers should include sufficient information for Opsiqo to identify the relevant account, tenant, request, product, integration, endpoint, or processing activity.

Information officer, registered address, privacy email, and escalation contacts should be inserted before this Privacy Policy is published externally.