1. Introduction

At Optimus Business Plans, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please read this privacy policy carefully. If you disagree with the terms of this privacy policy, please do not access the site.

2. Data Collection and Usage

We collect several types of information for various purposes to provide and improve our service to you:

Personal Data

While using our service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you, including but not limited to:

• Email address
• First name and last name
• Phone number
• Business information provided in questionnaires
• Payment information (processed securely by our payment processor)

Usage Data

We may also collect information on how the service is accessed and used. This usage data may include information such as your computer's Internet Protocol address (IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

3. Cookie Policy

We use cookies and similar tracking technologies to track activity on our service and hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

We use the following types of cookies:

• Essential Cookies: Required for the operation of our website.
• Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.
• Functionality Cookies: Used to recognize you when you return to our website.
• Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

4. Third-Party Services

We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, perform service-related services, or assist us in analyzing how our service is used.

These third parties include:

Stripe

We use Stripe for payment processing. When you make a purchase, your payment information is transmitted directly to Stripe's secure servers. We do not store your full credit card details on our servers. Stripe's use of your personal information is governed by their Privacy Policy.

OpenAI

We utilize OpenAI's technology to generate business plans based on your inputs. The information you provide in questionnaires is transmitted to OpenAI's servers for processing. OpenAI's use of your data is governed by their Privacy Policy. We have implemented measures to ensure that your sensitive business information is handled securely.

Supabase

We use Supabase for database and authentication services. Your account information and business plan data are stored on Supabase's secure servers. Supabase's use of your personal information is governed by their Privacy Policy.

Google Ads

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. When you complete a purchase, we send limited transaction data to Google, including:

• Transaction ID and purchase amount
• Hashed email address (using SHA256 encryption for privacy)
• General location information (country/region)
• The pricing tier of your business plan

This data helps us understand which ads are effective and improve our advertising targeting. Google processes this data according to their Privacy Policy and Ads Data Processing Terms. Your email is hashed before transmission, meaning Google receives only an encrypted identifier that cannot be reversed to reveal your actual email address.

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5. Data Security

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data.

Our security measures include:

• Encryption of sensitive data both in transit and at rest
• Regular security assessments and penetration testing
• Access controls to limit who can access your data within our organization
• Monitoring systems to detect suspicious activity
• Regular backups to prevent data loss

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable laws.

6. Data Retention Policy

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Our retention periods are:

6.1 Active Account Data

• Account Information: Retained for the duration of your account plus 30 days after deletion
• Questionnaire Data: Retained for 5 years from last modification to support plan updates
• Business Plans: Retained for 7 years for your reference and tax/legal purposes
• Payment Records: Retained for 7 years as required by financial regulations
• Support Communications: Retained for 2 years from last interaction

6.2 Inactive Account Data

Accounts inactive for more than 2 years may be marked for deletion. We will send a notification to your registered email 30 days before deletion, giving you the opportunity to log in and maintain your account.

6.3 Account Deletion Procedures

You can request deletion of your account at any time by:

1. Logging into your account and navigating to Settings > Delete Account
2. Emailing privacy@optimusbusinessplans.com with your deletion request
3. Calling our support team at (800) 953-0163

Upon account deletion:

• Your personal data will be deleted within 30 days
• Some data may be retained as required by law (e.g., financial records)
• Anonymized, aggregated data may be retained for analytics
• Deletion is irreversible - we cannot recover deleted accounts

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country.

7.1 Data Processing Locations

Our service providers process data in the following locations:

• OpenAI: United States (AI processing)
• Supabase: United States (database and infrastructure)
• Stripe: United States and other countries where Stripe operates
• Our Servers: United States

7.2 EU-US Data Transfer Mechanisms

For transfers from the European Economic Area (EEA) to the United States, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Your explicit consent when you use our services
• Legitimate interests for providing the services you requested

7.3 User Consent for Transfers

By using our services, you consent to the transfer of your information to the United States and other countries where our service providers operate. If you do not consent to such transfers, please do not use our services.

We ensure appropriate safeguards are in place to protect your data during international transfers, including:

• Encryption during transmission
• Contractual obligations for data protection
• Regular security assessments of our providers

8. Marketing Communications

We may send you marketing communications about our products, services, and promotions that may be of interest to you. We are committed to respecting your communication preferences.

8.1 Types of Marketing Communications

• Product updates and new features
• Business planning tips and resources
• Special offers and promotions
• Company news and updates
• Survey invitations

8.2 Opt-In Procedures

We will only send marketing communications to users who have opted in by:

• Checking the marketing consent box during registration
• Subscribing through our website forms
• Opting in through account settings
• Providing explicit consent during support interactions

8.3 Opt-Out Procedures

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in Account Settings > Email Preferences
• Emailing us at unsubscribe@optimusbusinessplans.com
• Calling us at (800) 953-0163

Please note that even if you opt out of marketing emails, we may still send you:

• Transactional emails (order confirmations, account updates)
• Service announcements (maintenance, security alerts)
• Legal notices (terms updates, privacy policy changes)

8.4 CAN-SPAM Compliance

We comply with the CAN-SPAM Act and ensure all marketing emails:

• Clearly identify the message as an advertisement
• Include our valid physical postal address
• Provide clear opt-out instructions
• Honor opt-out requests within 10 business days
• Use accurate "From," "To," and "Reply-To" information
• Use relevant subject lines that reflect the content

9. User Rights

Under various privacy laws, you have certain rights regarding your personal information:

• Right to Access: You have the right to request copies of your personal information.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal information, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

If you wish to exercise any of these rights, please contact us at contact@optimusbusinessplans.com.

10. Children's Privacy

Our service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.