Privacy Policy

Data Controller

The data controller responsible for processing your personal data is twopeaks digital e.U.. For contact details, please refer to our imprint. For all privacy-related inquiries, you can reach our data protection team at privacy@ops4.com.

Data We Collect

Website Usage

When you visit our websites, we automatically collect:

• IP address (anonymized after processing)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time spent
• Date and time of access

This data is processed based on our legitimate interest in ensuring website security and improving our services (Art. 6(1)(f) GDPR).

Waitlist Registration

When you join our waitlist, we collect your email address. This data is processed based on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent and unsubscribe at any time by contacting us at privacy@ops4.com.

Contact Form

When you contact us, we collect:

• Name
• Email address
• Company (optional)
• Role (optional)
• Your message

This data is processed to respond to your inquiry based on our legitimate interest or pre-contractual measures (Art. 6(1)(b)(f) GDPR).

Platform Usage

When you use the ops4 platform, we collect:

• Account information (name, email, company)
• Authentication data
• Usage data and activity logs
• Infrastructure configurations and deployment metadata
• Billing and payment information

This data is processed for contract fulfillment (Art. 6(1)(b) GDPR).

How We Use Your Data

We use your personal data exclusively for the following purposes:

• Providing and operating the ops4 platform
• Processing your waitlist registration and sending product updates
• Responding to your inquiries and providing support
• Ensuring the security and integrity of our services
• Complying with legal obligations
• Improving our services based on aggregated and anonymized usage data

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

Your Infrastructure Data

ops4 processes infrastructure configurations, deployment metadata and operational data on your behalf. We act as a data processor for this data. We do not access, analyze or use your infrastructure data for any purpose other than providing the ops4 service to you. Your infrastructure data is encrypted in transit and at rest.

Data Sharing and Transfers

We share personal data only with:

• Infrastructure providers necessary to operate the ops4 platform (as sub-processors, bound by data processing agreements)
• Payment processors for billing (if applicable)
• Authorities when required by law

All our sub-processors are based in the European Economic Area (EEA) or are bound by appropriate safeguards (Standard Contractual Clauses) in accordance with Art. 46 GDPR.

Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Website usage data is deleted or anonymized after 90 days
• Waitlist data is retained until you unsubscribe or the waitlist closes
• Contact form data is retained for 12 months after your inquiry is resolved
• Platform account data is retained for the duration of your contract plus any legally required retention period
• Billing data is retained for 7 years as required by Austrian tax law

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments
• Employee training on data protection
• Incident response procedures

Cookies and Tracking

Our websites use only essential cookies required for website functionality (session management, CSRF protection). We do not use tracking cookies, advertising cookies or third-party analytics services. No consent banner is required as we only use technically necessary cookies.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — You can request a copy of the personal data we hold about you (Art. 15 GDPR).
• Right to rectification — You can request correction of inaccurate personal data (Art. 16 GDPR).
• Right to erasure — You can request deletion of your personal data where there is no compelling reason for continued processing (Art. 17 GDPR).
• Right to restriction — You can request restricted processing of your personal data in certain circumstances (Art. 18 GDPR).
• Right to data portability — You can request your personal data in a structured, machine-readable format (Art. 20 GDPR).
• Right to object — You can object to processing based on legitimate interests at any time (Art. 21 GDPR).
• Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR).
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence (Art. 77 GDPR).

Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "last updated" date. We encourage you to review this policy periodically.

Contact

For any privacy-related questions, requests or complaints, please contact our data protection team at privacy@ops4.com. You can also reach us by mail at the address listed in our imprint.