optab_data_mark

PRIVACY POLICY

Effective date: 01 January 2026

Optab Limited (Company No. SC777785) ("Optab", "we", "us", "our")

Registered office: 3 Queen Street, Edinburgh, Scotland, EH2 1JE

Contact: hello@optab.com

Website: optab.com

1. Overview

This Privacy Policy explains how Optab collects, uses, shares, and protects personal data when you visit optab.com or use Optab's software-as-a-service platform and related services (the "Service").

Optab is a data controller for personal data we process to operate our business (for example, account administration, billing, support, marketing, and website analytics). Where a business customer uploads or makes available personal data within the Service, the customer is typically the controller and Optab is the processor (see section 11).

2. Personal data we collect

We collect the following categories of personal data:

A) Information you provide

  • Account data: name, work email, organisation name, user role/permissions, and authentication data (password stored as a secure hash where applicable).
  • Billing and commercial data: billing contact details, billing address, VAT number (if applicable), invoices, payment status, and contract administration correspondence.
  • Support and communications data: support tickets, emails, chat messages, call notes, and attachments you provide.
  • Customer content: information submitted or uploaded to the Service. In construction-tech contexts this may include project records, forms, logs, reports, photos, documents, and messages. Customer content may include personal data depending on what your organisation uploads.

B) Information collected automatically

  • Usage data: feature usage, interactions, actions taken, timestamps, and settings.
  • Device and technical data: IP address, device identifiers, browser type, operating system, and language settings.
  • Log and security data: system logs and diagnostics used for security and troubleshooting.

C) Cookies and similar technologies

We use strictly necessary cookies for core functionality and analytics cookies to understand and improve the Service. See section 8.

3. How we use personal data

We use personal data to:

  • Provide, operate, secure, and maintain the Service
  • Create and manage accounts, user access, and authentication
  • Provide customer support and respond to enquiries
  • Manage subscriptions, billing, and contract administration
  • Monitor performance, detect/prevent fraud and misuse, and enforce our terms
  • Improve and develop the Service (including analytics and troubleshooting)
  • Send operational communications (e.g., security or billing notices)
  • Send marketing communications where permitted (section 9)
  • Comply with legal obligations and protect our legal rights

4. Legal bases (UK GDPR)

Where UK GDPR applies, we rely on:

  • Contract (to provide the Service and perform our agreement)
  • Legitimate interests (to secure/improve the Service, prevent misuse, run our business effectively)
  • Consent (where required, e.g., certain cookies and marketing preferences)
  • Legal obligation (tax/accounting and other legal requirements)

5. Sharing of personal data

We may share personal data with:

  • Service providers (processors) supporting our operations (e.g., hosting/infrastructure, analytics, email delivery, customer support systems, payments, error monitoring, CRM). They process personal data only on our instructions and under contractual obligations.
  • Professional advisers (lawyers, accountants, auditors, insurers).
  • Authorities/regulators where required by law or to protect rights/safety.
  • Business transfers (e.g., financing, acquisition, sale of assets), subject to appropriate safeguards.

We do not sell personal data.

6. International transfers

We aim to store and process data primarily in the UK and/or EU. Where personal data is transferred outside the UK (for example, where a service provider is located outside the UK/EU or provides remote support), we put in place appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms.

7. Retention

We retain personal data only as long as necessary:

  • Account data: while the account is active, then typically up to 12 months after closure/termination (unless needed for legal claims/compliance).
  • Billing/contract records: typically up to 6 years for tax/accounting and legal purposes.
  • Logs/diagnostics: typically 30–180 days depending on security and operational needs.
  • Customer content: retained according to the customer's instructions and contract; deleted on request or after termination in line with agreed timelines, subject to backups and legal obligations.

8. Cookies

We use:

  • Strictly necessary cookies to provide core functionality and security.
  • Analytics cookies to understand performance and improve user experience.

Where required by law (including under UK PECR), we will request consent for non-essential cookies via a cookie banner. You can also control cookies through browser settings.

9. Marketing

We send marketing communications only on an opt-in basis (or where otherwise permitted in a B2B context). Every marketing email includes an unsubscribe link. You can also opt out by contacting hello@optab.com.

We may send non-marketing operational emails (e.g., security notices, billing notices).

10. Security

We use appropriate technical and organisational measures designed to protect personal data, including:

  • encryption in transit (TLS) and, where appropriate, encryption at rest,
  • access controls and least-privilege permissions,
  • monitoring and logging for security,
  • secure development and patching practices.

11. Customer data (B2B controller/processor)

Where your organisation uploads or uses personal data within the Service, your organisation is typically the controller and Optab is the processor. Optab processes such personal data only on documented instructions from the customer and in line with the applicable contract and any agreed data processing terms.

12. Your rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to processing, and data portability, and to withdraw consent where processing is based on consent.

To exercise rights, contact hello@optab.com. Where your organisation is the controller, we may refer the request to them.

13. Complaints

UK users may complain to the Information Commissioner's Office (ICO). We encourage you to contact us first at hello@optab.com to resolve any concern.

14. Children

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal data from children under 18.

15. Changes

We may update this Policy from time to time. We will post the updated version on optab.com and update the effective date.

optab_logo_mark_white

Connect with us
hello@optab.com

© 2026 Optab
3 Queen Street, Edinburgh, EH2 1JE, United Kingdom