Legal

Privacy Policy

Last updated: May 5, 2026

At OperonSuite, we take your privacy seriously. This Privacy Policy explains what information we collect when you visit our website, use our services, or interact with messages we send on behalf of our clients — how we use that information, who we share it with, and how we protect it. This policy applies to data we control as a business; for data we process on behalf of our clients (their customers' information), our clients are the data controller and their privacy policies apply. By using our website or services, you agree to the practices described in this policy.

1. Information We Collect

Information you provide directly to us:

Contact information — your name, email address, business name, and phone number when you submit a contact, support, or inquiry form.
Business information — details about your business and the services you're interested in, provided voluntarily through our forms.
Communications — any messages, emails, or SMS exchanges between you and us.
Payment information — handled by our third-party payment processor. We do not store full payment card numbers on our systems.
Account credentials — login information for any accounts created with our services.

Information collected automatically when you visit our website:

Usage data — pages visited, time on page, referring URLs, and browsing behavior, collected through Vercel Analytics and Speed Insights.
Device information — browser type, operating system, IP address, and device type.
Cookies and similar technologies — see §10 (Cookies) for details.

Information collected through our services on behalf of clients:

If you interact with a website, form, booking system, SMS message, or other digital property we operate or manage on behalf of one of our business clients, we may collect your name, email, phone number, message content, appointment details, and similar information so that we can deliver the requested service. In those interactions, our client is the controller of your information and their privacy policy governs how it is used.

Information from third parties:

We may receive information about you from third-party services we use to operate our business, including Google services, payment processors, and review platforms.

Sensitive information. We do not knowingly request or collect sensitive personal data such as Social Security numbers, government identification numbers, financial account numbers (beyond payment processor tokens), precise geolocation, biometric data, or health information. Please do not submit such information through our forms or communications.

2. How We Use Your Information

We use the information we collect to:

Respond to your inquiries and provide the services you request.
Operate, maintain, and improve our website and services.
Communicate with you about your project, account, billing, or service updates.
Send marketing emails or SMS messages, where you have given separate, express consent. You can opt out at any time.
Detect, prevent, and respond to fraud, security incidents, or abuse.
Comply with our legal obligations, defend legal claims, and enforce our agreements.
Generate aggregated, de-identified analytics about usage of our services. Aggregated data does not identify you and is not subject to this policy.

We do not sell or rent your personal information to third parties for monetary or other valuable consideration, and we do not share your personal information with third parties for their own direct marketing purposes.

3. Text Messaging (SMS)

OperonSuite and the businesses we serve use SMS messaging to deliver services, including:

Missed-call text-back replies sent on behalf of our clients to their customers.
Appointment confirmations, reminders, and follow-ups.
Review request messages sent to a client's customers after a completed job.
Service-related notifications and account communications between us and our clients.

Express consent. When you provide your phone number through a form on a website we operate or manage, you must affirmatively check a consent box (or equivalent affirmative opt-in) confirming that you agree to receive automated SMS messages. By doing so, you provide express written consent under the Telephone Consumer Protection Act (TCPA) for the purposes described at the time of opt-in. We do not send marketing or promotional SMS messages without separate, additional opt-in.

Opt-out. You may opt out of receiving SMS messages at any time by replying STOP to any message. After you opt out, you will no longer receive automated SMS through our platform unless you re-subscribe. Some transactional or service-related messages may continue where required (for example, to confirm your opt-out).

Help. Reply HELP to any message for support, or contact us at the details in §13.

Message frequency and rates. Message frequency varies based on the service and your interactions with it. Standard message and data rates from your wireless carrier may apply. We do not charge separately for SMS messages.

SMS data we process. When you send or receive an SMS through our platform, we may collect and process your phone number, the content of your messages, message timestamps, and delivery status. SMS data is processed through our SMS infrastructure provider and is retained only as long as reasonably necessary to provide the service or comply with applicable law.

No sharing of mobile data. Mobile phone numbers and SMS opt-in consent collected through our platform are not shared with third parties or affiliates for marketing or promotional purposes. We use this information solely to deliver the services you've requested.

4. AI and Automated Tools

We use artificial intelligence (AI) and automated tools to deliver and improve our services, including for content drafting, search optimization, customer interaction routing, and analytics. We use third-party AI service providers to deliver these capabilities.

No training on your data. We do not permit our AI service providers to train, fine-tune, or otherwise improve their models using your personal information or our clients' confidential business information. We rely on contractual commitments and zero-retention or no-training settings, where available, with our AI providers.

Human review. Outputs from AI tools used in our services are subject to human review where appropriate. AI-generated content may be inaccurate or incomplete and should not be relied upon as a substitute for professional advice.

Automated decision-making. We do not make decisions that produce legal or similarly significant effects about you using solely automated processing without human involvement.

5. How We Share Your Information

We share your information only in the following circumstances:

Service providers (sub-processors). We use trusted third parties to operate our business and deliver our services. Each is bound by contractual confidentiality and data-protection obligations and is permitted to use your information only as necessary to provide services to us. We share information with service providers in the following categories:

Website hosting and infrastructure
Payment processing
SMS message delivery
Form submission and inquiry handling
AI processing and automation
Analytics and performance monitoring
Email delivery and marketing tools
Advertising and marketing platforms (where we run paid campaigns)
Productivity and collaboration tools (such as workspace, email, and document services)
Customer relationship management (CRM) and support tools

A list of our current named sub-processors is available on request — please contact us using the information in §13.

Legal and safety. We may disclose information when required by law, in response to valid legal process, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of OperonSuite, our clients, or others, or to enforce our Terms of Service.

Business transfers. If OperonSuite is involved in a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any material change to this policy that results.

With your consent. We may share your information for any other purpose with your separate consent.

No sale of personal information. We do not sell, rent, or trade your personal information for monetary or other valuable consideration. We do not share your personal information with third parties for their own direct marketing purposes.

6. State Privacy Rights

Several U.S. state privacy laws grant residents specific rights regarding their personal information, including the California Consumer Privacy Act (CCPA/CPRA), the Texas Data Privacy and Security Act (TDPSA), and similar laws in Virginia, Colorado, Connecticut, Utah, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Rhode Island, Indiana, Kentucky, Tennessee, Nebraska, and other states.

Where these laws apply to you, you have the following rights:

Right to know / access. Request information about the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share it.
Right to correct. Request correction of inaccurate personal information we hold about you.
Right to delete. Request deletion of personal information we have collected, subject to exceptions (such as records we are required to retain by law).
Right to portability. Request a copy of your personal information in a portable, readily usable format.
Right to opt out of certain processing. Opt out of (i) targeted advertising, (ii) the sale of your personal information, and (iii) profiling that produces legal or similarly significant effects. We do not sell your personal information, and we do not engage in such profiling.
Right to non-discrimination. We will not discriminate against you for exercising these rights.
Right to appeal. If we decline to act on your request, you may appeal that decision by contacting us using the information in §13.

California Shine the Light. California Civil Code §1798.83 permits California residents to request a notice describing what personal information we share with third parties for their direct marketing purposes. As described in §5, we do not share personal information with third parties for their own direct marketing purposes.

How to exercise your rights. Contact us using the information in §13. We will verify your request as required by applicable law and respond within the statutory timeframe (typically 45 days, with one 45-day extension available where reasonably necessary). We may need to verify your identity before processing. You may use an authorized agent to submit a request on your behalf, subject to identity verification and proof of authorization.

7. International Privacy Rights (EU, UK, and Other Jurisdictions)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data-protection laws, additional rights and protections may apply.

Legal basis for processing (GDPR / UK GDPR). We process personal data on the following legal bases:

Contract — to provide services you have requested or to take steps prior to entering a contract.
Legitimate interests — to operate, improve, and secure our services; to communicate with you; and to defend our legal rights.
Consent — for marketing communications, certain cookies, and SMS communications.
Legal obligation — where required to comply with law.

Your GDPR / UK GDPR rights. Where these laws apply, you have rights to access, correct, delete, restrict, and object to the processing of your personal data; the right to data portability; and the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with a supervisory authority in your country of residence.

International data transfers. OperonSuite is based in the United States, and the personal information we collect may be processed in the United States or other countries that may not have the same data-protection laws as your jurisdiction. Where required, we rely on appropriate safeguards for international transfers, such as the Standard Contractual Clauses approved by the European Commission and the UK Addendum.

Data Protection Officer. We have not appointed a Data Protection Officer. You may direct any GDPR / UK GDPR inquiries to the contact in §13.

8. Data Retention

We retain your information for as long as reasonably necessary to provide our services, fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

Account and contact data: for the duration of our service relationship, plus a reasonable period afterward (typically up to 7 years) for tax, accounting, and legal recordkeeping.
SMS data: for the duration reasonably necessary to provide the service and any applicable record-retention requirements, then deleted or anonymized.
Marketing data: until you unsubscribe or withdraw consent, after which it is removed from active marketing use.
Website analytics: as set by our analytics provider, typically up to 25 months.

Aggregated and de-identified data — which cannot reasonably be used to identify you — may be retained indefinitely.

You may request deletion of your data at any time by contacting us; see §13.

9. Security and Data Breach Notification

We implement reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, loss, disclosure, alteration, or destruction. These include:

HTTPS encryption on all pages of our website and services.
Security headers including Content Security Policy, X-Frame-Options, and X-Content-Type-Options.
Restricted access to personal information within our team on a need-to-know basis.
Use of reputable third-party providers with established security practices.

No method of transmission over the internet or electronic storage is completely secure. While we use reasonable means to protect your information, we cannot guarantee absolute security.

Breach notification. In the event of a data breach affecting your personal information, we will notify affected individuals and applicable regulators as required by, and within the timeframes required by, applicable law.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to operate effectively, analyze how the site is used, and measure performance. We use the following categories:

Strictly necessary cookies — required for the site to function (session management, security). These cannot be disabled through our site.
Analytics cookies — collect aggregated information about how visitors use our site, including pages visited and referrer URLs. We use Vercel Analytics and Speed Insights for this purpose.
Functional cookies — remember your preferences (such as billing display selections).

We do not use advertising cookies or sell behavioral data through cookies. You can control cookie preferences through your browser settings, including blocking or deleting cookies. Doing so may affect your ability to use certain features of our website.

Do Not Track and Global Privacy Control. We do not respond to Do Not Track browser signals at this time, but we honor recognized opt-out signals where required by applicable law (such as the Global Privacy Control signal under California law).

11. Children's Privacy

Our services are intended for adult business users and are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take reasonable steps to delete it. If you believe we may have such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page with a revised "Last updated" date. If we make material changes, we will notify you by email (where you have an account with us) or by prominent notice on our website prior to the change taking effect, where required by law. Your continued use of our website or services after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to request our current named sub-processor list, please contact us:

Email: [email protected]
Contact form: operonsuite.com/contact
Mailing address: OperonSuite, 6080 Water St, Plano, TX 75024

For privacy-related requests, please include your name, the email address associated with your account or inquiry, and a description of your request. We will respond within the timeframe required by applicable law.