OPCX Solutions logo

Legal

Privacy Policy

Last Updated: 03/03/2026

1. Introduction

This Privacy Policy explains how OPCX Solutions ("we", "us", "our") collects, uses, and protects personal data through our consulting services and web‑based applications available at www.opcx.solutions. We follow a privacy‑by‑design approach and only collect the minimum information required to deliver our services.

2. Lawful Basis for Processing

Under the UK GDPR and Data Protection Act 2018, we process personal data under the following lawful bases:

  • Contractual Necessity — to provide consulting services, create and maintain user accounts, and operate our applications.
  • Legitimate Interests — to maintain platform security, prevent misuse, and improve service reliability.
  • Legal Obligation — to meet accounting, tax, and regulatory requirements.

3. Data We Collect

We do not use tracking cookies, analytics scripts, advertising pixels, or third‑party marketing tools.

  • Consulting Services — Name, email address, and any business information you provide through contact forms or direct communication.
  • Web Applications — Email address for authentication and any data you enter into the app's tools or features.
  • Company or Team Workspaces — If you use an app within a shared workspace, your workspace administrator may access the data you contribute within that environment.

4. How We Use Your Data

We use your data to:

  • Provide consulting services and respond to enquiries
  • Create and manage user accounts
  • Deliver app functionality and store user‑generated content
  • Maintain platform security
  • Comply with legal and financial record‑keeping requirements

We do not sell or share your data with advertisers or unrelated third parties.

5. Third‑Party Infrastructure (Supabase)

We use Supabase as our backend service provider to store and process data.

  • Security — All data is encrypted in transit (SSL/TLS) and at rest.
  • Access Control — Row Level Security (RLS) ensures your data is only accessible to you or your authorised Company workspace.
  • Sub‑processing — Supabase acts as a sub‑processor under our role as Data Controller.

6. Data Retention and Deletion

  • Individual Accounts — You may request deletion of your account at any time. Deletion removes your personal profile and associated data from our backend.
  • Company Workspaces — If you belong to a Company workspace, your contributions (e.g., tasks, logs, files) may remain accessible to the Company administrator even after your personal account is deleted.
  • Consulting Enquiries — Inactive enquiries are deleted after a reasonable period.
  • Legal Records — Certain information (e.g., invoices) may be retained for statutory accounting periods.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion (where applicable)
  • Object to or restrict processing
  • Request data portability

To exercise these rights, contact us using the details below. We will respond within 30 days.

8. Contact Information

Data Controller: OPCX Solutions
Email: contact@opcx.solutions
Location: Buckingham, United Kingdom