Security & Privacy

Your Data is Safe with Us

We take security seriously. OpsPilot is built with enterprise-grade security practices, and we're transparent about how we handle your data.

Security Infrastructure

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3.

Encryption at Rest

Your data is encrypted on our servers using AES-256 encryption.

Secure Authentication

Powered by Clerk, an enterprise-grade authentication provider with MFA support.

Secure Infrastructure

Hosted on Vercel with automatic security patches and DDoS protection.

AI & Data Processing

AI Provider

We use OpenAI (via OpenRouter) for AI analysis. Your email content is sent to their API for processing.

  • OpenAI does not use API data to train their models
  • Data is retained by OpenAI for up to 30 days for abuse monitoring, then deleted
  • OpenAI is SOC 2 Type II compliant

What We Don't Do

  • We don't train AI models on your data
  • We don't share your data with third parties (except for processing)
  • We don't sell or monetize your data

Data Handling FAQ

What data do you store?

We store the maintenance emails you forward to us, the AI-generated triage results, and your organization settings (vendors, FAQs, etc.). We do not store passwords or payment info (handled by our secure providers).

How long do you keep data?

Maintenance data is retained for as long as your account is active. You can delete individual records or export your data at any time. When you cancel, data is deleted within 30 days.

Who can access my data?

Only authenticated members of your organization can access your data. Our team does not access customer data except when explicitly requested for support purposes.

Do you sell data?

No. We never sell, rent, or share your data with third parties for marketing purposes. Your data is yours.

Compliance

GDPR

We comply with GDPR requirements for EU users, including data access requests, deletion requests, and data portability.

CCPA

California residents have the right to know what data we collect, request deletion, and opt out of data sales (we don't sell data).

SOC 2 Roadmap

We're working toward SOC 2 Type II certification. Our infrastructure providers (Vercel, Clerk, OpenAI) are already SOC 2 certified.

Questions About Security?

We're happy to answer any security or privacy questions. Reach out and we'll get back to you promptly.