OperatorHQ policy draft · 15 July 2026

Privacy Policy

How the MVP minimises, protects, retains, and deletes account and project information.

Launch notice: This is an MVP policy draft, not legal advice. Professional legal review and jurisdiction-specific adaptation are required before commercial launch.

Information collected

The MVP collects necessary account, workspace, project, uploaded-file, run, approval, billing-status, security, audit, and first-party product-event data. It avoids advertising profiles and unnecessary personal data.

Purposes

Data is used to authenticate users, provide workflows, enforce permissions and budgets, store private work, process payments, prevent abuse, support requests, and meet retention or deletion instructions.

AI providers

When an operator selects a paid AI provider, task inputs and approved attachments needed for that task may be transmitted server-side under the provider's terms. Demo and manual modes do not require a paid AI call. Customer inputs or outputs are not used for training or marketing by OperatorHQ without separate explicit consent.

Storage and sharing

Uploads are private. Production downloads use short-lived signed links. Data may be shared with configured infrastructure, email, AI, storage, and payment processors only as needed to provide the service or comply with law.

Retention and rights

Workspace retention is configurable. The product models data export and deletion for projects, accounts, and workspaces. Backups, processor deletion, identity verification, and jurisdiction-specific rights procedures must be validated before launch.

No automatic compliance claim

OperatorHQ does not claim automatic compliance with GDPR, CCPA, PDPO, or any other privacy law. A data map, privacy impact assessment, processor agreements, transfer analysis, and legal review remain required.