Introduction
This Privacy Policy describes how Nodiumtech, LLC ("Company," "we," "us," or "our"), the operator of the OppEngine platform, collects, uses, and shares information about you when you use our website and services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the Service.
Data Controller
For purposes of applicable data protection laws (including GDPR), the data controller is:
Nodiumtech, LLC
Address: 6818 Indian Falls Dr, Missouri City, TX 77489-7748, USA
Email: privacy@oppengine.io
Entity type: Texas Domestic LLC · File No. 0806118150
What We Collect
Information You Provide
| Category | Data Elements | Purpose |
|---|---|---|
| Account Data | Full name, email address, password (hashed) | Account creation and authentication |
| Profile Data | Professional role, company name, preferences | Personalized opportunity recommendations |
| Payment Data | Billing name, last 4 digits of card, billing address, Stripe customer ID | Subscription billing (processed by Stripe) |
| Communications | Support tickets, emails sent to us | Customer support |
Automatically Collected Data
| Category | Data Elements |
|---|---|
| Usage Data | Pages visited, features used, click events, session duration, search queries within the Service |
| Device & Log Data | IP address, browser type, operating system, device identifiers, referrer URL |
| Cookies & Trackers | Session tokens, analytics identifiers, preference cookies — see our Cookie Policy |
How We Use Your Data
- Provide the Service: Create and manage your account, process payments, deliver opportunity reports and alerts
- Personalization: Tailor opportunity recommendations based on your stated role, industry, and preferences
- Service Improvement: Analyze usage patterns to improve features, fix bugs, and develop new capabilities
- Communications: Send transactional emails (account confirmations, password resets, billing receipts), product updates, and — only with your consent — marketing emails
- Security: Detect and prevent fraud, abuse, and security incidents
- Legal compliance: Meet obligations under applicable laws, respond to lawful requests from public authorities
We do not use your personal data to train third-party AI models or sell it to data brokers.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing account and subscription services | Contract performance (Art. 6(1)(b) GDPR) |
| Processing payments | Contract performance (Art. 6(1)(b) GDPR) |
| Service improvement & analytics | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing emails | Consent (Art. 6(1)(a) GDPR) — opt-in only |
| Fraud prevention & security | Legitimate interests (Art. 6(1)(f) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
Data Sharing & Third Parties
We do not sell your personal data. We share data only with the following categories of third parties, under binding data processing agreements:
| Third Party | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA (PCI-DSS compliant) |
| Google LLC (Analytics) | Website usage analytics | USA (SCCs in place) |
| Hosting provider | Infrastructure and data storage | USA |
| Email provider | Transactional and marketing emails | USA |
We may also disclose your information if required to do so by law, court order, or governmental authority; to protect the rights, property, or safety of Nodiumtech, LLC, our users, or the public; or in connection with a merger, acquisition, or sale of assets (with notice to you).
Cookies
We use cookies and similar tracking technologies. For full details, see our Cookie Policy. You can manage cookie preferences through our consent banner or your browser settings.
Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 90 days after deletion request |
| Payment records | 7 years (financial/tax compliance) |
| Usage/analytics logs | 26 months (rolling) |
| Support communications | 3 years from last interaction |
| Marketing consent records | 5 years from consent or withdrawal |
When we no longer have a legal basis to retain data, we securely delete or anonymize it.
Security
We implement industry-standard technical and organizational measures to protect your data, including:
- TLS/HTTPS encryption for all data in transit
- Encrypted storage of passwords (bcrypt) — we never store plain-text passwords
- Access controls limiting data access to authorized personnel only
- Regular security assessments and monitoring
- Stripe-managed PCI-DSS compliant payment processing
Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@oppengine.io.
In the event of a data breach that affects your rights, we will notify you and applicable supervisory authorities within the timeframe required by law (72 hours under GDPR where applicable).
Your GDPR Rights (EEA/UK Users)
If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Access | Request a copy of personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Ask us to limit processing while disputing accuracy or objecting |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw consent | Withdraw consent for marketing at any time |
| Lodge a complaint | Complain to your local supervisory authority |
To exercise any of these rights, email privacy@oppengine.io. We will respond within 30 days.
California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt Out: Opt out of the "sale" or "sharing" of personal information — we do not sell personal information
- Right to Limit: Limit use of sensitive personal information
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To submit a California privacy request, email privacy@oppengine.io with the subject "California Privacy Request."
Global Privacy Rights
OppEngine serves users worldwide. In addition to GDPR and CCPA rights, we recognize and respect privacy rights under the following jurisdictions. To exercise any of these rights, contact privacy@oppengine.io.
| Jurisdiction | Law | Key Rights Recognized |
|---|---|---|
| 🇹🇷 Turkey | KVKK (Kişisel Verilerin Korunması Kanunu) | Access, correction, deletion, objection, data portability. Explicit consent required for processing sensitive data. |
| 🇧🇷 Brazil | LGPD (Lei Geral de Proteção de Dados) | Access, correction, anonymization, portability, deletion, opt-out of sharing, right to information on third parties. |
| 🇨🇦 Canada | PIPEDA / Quebec Law 25 | Access, correction, withdrawal of consent, right to know what personal data is held and purpose of collection. |
| 🇦🇺 Australia | Privacy Act 1988 (APPs) | Access and correction of personal information. We comply with the Australian Privacy Principles. |
| 🇸🇬 / 🇹🇭 Singapore / Thailand | PDPA | Access, correction, withdrawal of consent, data portability (Singapore PDPA 2021 amendments). |
| 🇯🇵 Japan | APPI (Act on Protection of Personal Information) | Disclosure, correction, deletion, and cessation of use of personal information. |
| 🇰🇷 South Korea | PIPA (Personal Information Protection Act) | Access, correction, deletion, suspension of processing, and data portability rights. |
Children's Privacy
The Service is not directed to, and we do not knowingly collect personal information from, children under the age of 18. If we learn that we have inadvertently collected personal information from a child under 18, we will promptly delete it. If you believe we have collected such information, please contact us at privacy@oppengine.io.
International Data Transfers
Nodiumtech, LLC is based in the United States. If you access the Service from outside the US, your personal data will be transferred to and processed in the United States, which may have different data protection laws than your country.
We implement the following safeguards for cross-border data transfers:
- EEA/UK/Switzerland: EU Standard Contractual Clauses (SCCs) per EC Decision 2021/914 with our third-party processors
- Turkey (KVKK): Adequate safeguards or explicit consent for international transfers as required by KVKK Article 9
- Brazil (LGPD): Transfers rely on contractual clauses, user consent, or adequacy decisions as applicable
- Canada (PIPEDA): Contractual protections ensuring comparable protection to Canadian standards
- All other countries: We use contractual clauses, your consent, or other legally recognized transfer mechanisms
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Effective date" above at least 14 days before changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.
Contact & Data Protection Inquiries
Nodiumtech, LLC — Privacy Team
Email: privacy@oppengine.io
General contact: hi@oppengine.io
Mailing address: 6818 Indian Falls Dr, Missouri City, TX 77489-7748, USA
Response time: We aim to acknowledge all privacy requests within 5 business days and respond fully within 30 days.