Privacy Policy

1. Who we are

This Privacy Policy is issued by DecisionOps Ltd, a company registered in England and Wales. Our registered office is in the United Kingdom. You can contact us about privacy matters at ops@decisionopshq.com.

We are the data controller for personal data processed through our website (decisionopshq.com) and our software products, Revenue OS and Personal OS.

2. Data we collect

We collect the following categories of personal data:

• Account information: Name, email address, and password hash when you create an account.
• Billing information: Payment card details (processed by Stripe — we do not store raw card data), billing address, and transaction history.
• Pipeline data (Revenue OS): Lead names, email addresses, company names, and engagement signals imported from your CRM or provided directly.
• Personal decision data (Personal OS): Goals, habits, journal entries, and Life Score inputs that you voluntarily provide.
• Usage data: Log data including IP address, browser type, pages visited, feature usage, and session duration.
• Communication data: Content of support emails and chat messages you send to us.
• Cookie data: As described in Section 9 below.

3. How we use your data

We use your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve our software products under the performance of a contract.
• Billing and payments: To process payments and manage subscriptions under the performance of a contract.
• Communication: To respond to support requests, send service notifications, and provide product updates under our legitimate interests.
• Security: To detect, investigate, and prevent fraudulent, harmful, or illegal activity under our legitimate interests and legal obligations.
• Analytics: To understand how our products are used and to improve them, using anonymised or aggregated data where possible, under our legitimate interests.
• Marketing: To send you marketing communications about our products where you have given consent or where we have a legitimate interest as an existing customer.

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

• Performance of contract: Processing necessary to fulfil your subscription agreement with us.
• Legitimate interests: Where processing is necessary for our legitimate business interests and does not override your rights.
• Legal obligation: Where we must process data to comply with UK law.
• Consent: Where you have given clear, informed consent, which you may withdraw at any time.

5. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy:

• Account data: Retained for the duration of your subscription plus 90 days after cancellation, to allow reactivation.
• Billing records: Retained for 7 years in accordance with UK financial record-keeping obligations.
• Pipeline and decision data: Deleted within 30 days of account closure unless you request earlier deletion.
• Usage and log data: Retained for up to 12 months, then anonymised or deleted.
• Support communications: Retained for 2 years to assist with future enquiries.

6. Your rights under UK GDPR

You have the following rights regarding your personal data:

• Right of access (DSAR): To request a copy of the personal data we hold about you.
• Right to rectification: To have inaccurate personal data corrected.
• Right to erasure: To request deletion of your personal data where there is no legitimate reason for us to continue processing it.
• Right to restrict processing: To request that we limit how we use your data in certain circumstances.
• Right to data portability: To receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: To object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: Where processing is based on consent, to withdraw it at any time.

To exercise any of these rights, please email ops@decisionopshq.com with "Data Subject Request" in the subject line. We will respond within 30 days.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Third parties

We share personal data with the following categories of third parties, all bound by appropriate data processing agreements:

• Stripe: Payment processing. Stripe is PCI DSS Level 1 certified. Data may be processed in the US under the EU-US Data Privacy Framework and UK IDTA.
• AWS (Amazon Web Services): Infrastructure and hosting, eu-west-2 (London) region.
• Plausible Analytics: Privacy-focused website analytics. No personal data or cookies are used. EU-based.
• Intercom / support tooling: Customer support communications where applicable.

We do not sell personal data to third parties. We do not use personal data for advertising profiling.

8. International transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), the UK IDTA, or reliance on adequacy decisions. The primary processing of your data occurs on UK-based infrastructure.

9. Cookies

Our website uses the following cookies:

• Essential cookies: Required for the website and application to function. No consent required.
• Analytics cookies: We use Plausible Analytics, which does not use cookies and does not collect personal data. No consent required.
• Preference cookies: Used to remember your settings (e.g., product tab preference). No personal data is collected.

We do not use advertising, tracking, or third-party profiling cookies.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the application. The date at the top of this policy reflects when it was last updated.

11. Contact us

For any privacy-related questions, data subject requests, or concerns, please contact us: