Privacy Policy

Overview

At Optiq Code LLC ("Optiq," "we," "us," or "our"), your privacy is fundamental to everything we build. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, CLI tool, API, and related services (collectively, the "Services").

Information We Collect

We collect information in the following categories:

How We Use Your Information

• To provide, maintain, and improve the Services
• To process transactions and send billing-related communications
• To respond to your inquiries and provide customer support
• To send product updates and marketing communications (with your consent)
• To detect, prevent, and address security issues and abuse
• To comply with legal obligations and enforce our terms

Data Sharing & Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

• With service providers who assist in operating the Services (e.g., Stripe for payments, cloud providers for infrastructure)
• If required by law, regulation, or valid legal process
• In connection with a merger, acquisition, or sale of assets (with prior notice to affected users)
• With your explicit consent

Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 for data in transit, and regular third-party security audits. We are actively working toward SOC 2 Type II certification. Access to production systems is restricted to authorized personnel with multi-factor authentication.

Data Retention

Account information is retained for as long as your account is active. Usage data is retained in aggregated, anonymized form. Code data is stored encrypted at rest using AES-256. You can delete your code data at any time directly from the dashboard — deletion is immediate and permanent. When you delete your account, all associated personal data is permanently deleted within 30 days.

Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Request a machine-readable copy of your data
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing

To exercise these rights, contact us at [email protected].

Cookies

We use essential cookies required for the Services to function (authentication, preferences). We use optional analytics cookies only with your consent. A cookie consent banner is displayed on your first visit so you can choose which cookies to allow.

Data Processors & Sub-processors

We use the following third-party processors to operate the Services. Each processor is contractually bound to process data only as instructed and to maintain appropriate security measures.

A Data Processing Agreement (DPA) is available upon request for enterprise customers. Contact [email protected] to request a copy.

International Data Transfers

Optiq is based in the United Kingdom. If you access the Services from outside the UK, your data may be transferred to and processed in the United Kingdom. For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal mechanism to ensure adequate protection. Copies of the SCCs we use are available upon request.

Data Retention Schedule

We retain different categories of data for different periods:

Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. Rate limiting and abuse detection are applied uniformly based on request patterns, not individual user profiles.

Security Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

Legal Basis for Processing (EEA/UK)

If you are in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

• Contract: Processing necessary to provide the Services you requested (account management, authentication, billing)
• Legitimate interest: Usage analytics (aggregated), security monitoring, and service improvement
• Consent: Optional analytics cookies and marketing communications
• Legal obligation: Compliance with applicable laws and regulations

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

To exercise any of these rights, email [email protected] with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email), commercial information (billing data via Stripe), and internet activity (aggregated usage metrics). We have not sold personal information to any third party.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date and, for significant changes, by email.

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority.

Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].