Privacy Policy

Last updated: March 30, 2026

1. Introduction

Optopus Technologies (JM1042153-M) ("we", "us", or "our") operates the Optopus platform, accessible at https://optopus.my. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform, website, APIs, tracking pixel, live chat widget, and related services (collectively, the "Platform").

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

2. Information We Collect

Account Information

When you register for an Optopus account, we collect your name, email address, phone number, company name, and job title. This information is necessary to create and manage your account.

Customer Data

You and your team enter data into the Platform as part of your business operations. This includes contact records, order data, product catalogs, conversation messages, custom fields, labels, and notes. You control what Customer Data is entered into and stored on the Platform.

Usage Data

We automatically collect information about how you interact with the Platform, including pages visited within the application, features used, session duration, browser type, IP address, and device information. This helps us understand usage patterns and improve the Platform.

Tracking Pixel Data

When you install the Optopus tracking pixel (optopus.min.js) on your website, it collects data about your website visitors. This includes:

• Page views and navigation paths
• Click events and user interactions
• Form submissions
• E-commerce events (add to cart, purchase)
• Referrer URLs and UTM parameters
• Device and browser information
• IP addresses of your website visitors

Communication Data

Messages sent and received through integrated channels — including WhatsApp, live chat, and email — are processed and stored to provide our messaging services and maintain conversation history within your account.

Payment Information

Billing details are processed through our third-party payment partners. We store billing contact information and transaction records, but we do not store full credit card numbers or payment card details on our servers.

Cookies

We use session cookies for authentication purposes and preference cookies to remember your settings. These cookies are essential for the Platform to function correctly and to maintain your logged-in state.

3. How We Use Your Data

We use the information we collect for the following purposes:

• Provide, operate, and maintain the Optopus platform and its features
• Process and manage Customer Data on your behalf as a data processor
• Send transactional emails, including password resets, team invitations, and booking confirmations
• Deliver messages through integrated channels such as WhatsApp, live chat, and email
• Execute marketing automation workflows that you create within the Platform
• Generate analytics, dashboards, and reports based on your data
• Improve platform performance, reliability, and user experience
• Respond to support inquiries and provide customer assistance
• Comply with legal obligations and enforce our terms of service

4. Data Processing (Your Customer Data)

When you use Optopus to manage your customers' data, you act as the data controller and we act as the data processor on your behalf. This distinction is important:

• You determine what Customer Data is collected and how it is used within your Organization
• We process Customer Data solely to provide our services to you as described in these terms
• We do not sell, rent, or share your Customer Data with third parties for their own marketing or commercial purposes
• We do not use Customer Data from one Organization to benefit another Organization
• Each Organization's data is logically isolated and accessible only to authorized members of that Organization

5. Third-Party Services

The Platform integrates with or relies on the following third-party services. When you use these integrations, certain data may be shared with these providers as described below:

WhatsApp / Meta

When you use the WhatsApp integration, messages are transmitted through Meta's WhatsApp Cloud API. Message content, phone numbers, and delivery metadata are processed by Meta in accordance with their privacy policy. You should review Meta's terms before enabling this integration.

WooCommerce

When you connect your WooCommerce store using our WordPress plugin, order and product data is synced from your store to Optopus. This data originates from and remains on your WordPress servers until explicitly synced to the Platform.

Payment Processors

Subscription billing is handled by third-party payment gateways (e.g., Chip-in). We share your billing information with these providers to process payments. We do not store full payment card details on our servers.

Email Delivery

Transactional and marketing emails are sent via Resend. Email addresses and message content are shared with Resend for the sole purpose of delivering emails on your behalf.

Cloud Infrastructure

Your data is hosted on cloud servers provided by reputable infrastructure providers. We select providers that meet industry security standards and maintain appropriate data protection measures.

6. Tracking Pixel & Cookies

The Optopus tracking pixel (optopus.min.js) is a JavaScript SDK that you install on your own website to collect visitor behavior data. This data is used to enrich customer profiles within your Optopus account.

• The pixel fires automatically on page load, similar to how Facebook Pixel and Google Analytics operate
• All data collected by the pixel is associated exclusively with your Optopus Organization and is not shared across Organizations
• You are responsible for disclosing the use of the Optopus tracking pixel and any other tracking technologies in your own website's privacy policy
• You are responsible for obtaining any consent required by applicable data protection laws before deploying the pixel

The Platform itself uses the following types of cookies:

• Session authentication cookies — to keep you logged in securely
• CSRF protection cookies — to prevent cross-site request forgery attacks
• User preference cookies — to remember your interface settings and preferences

7. Data Retention

We retain your data for as long as necessary to provide our services and fulfill the purposes described in this policy. Specific retention periods are as follows:

• Account data — retained while your account is active. Upon account termination, account data is deleted within 90 days.
• Customer Data — retained while your subscription is active. After subscription termination, Customer Data is available for export for 30 days, after which it is permanently deleted.
• Usage logs — retained for 12 months for analytics and troubleshooting purposes, then automatically purged.
• Tracking pixel data — retained according to your Organization's configured data retention settings.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — You may request a copy of the personal data we hold about you.
• Correction — You may request that we correct any inaccurate or incomplete personal data.
• Deletion — You may request that we delete your personal data, subject to any legal retention obligations.
• Data Portability — You may request a copy of your data in a structured, commonly used, machine-readable format.
• Withdraw Consent — Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at privacy@optopus.my. We will respond to your request within 21 days, as required by applicable law.

9. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
• Encryption at rest — Stored data is encrypted using industry-standard encryption algorithms
• Role-based access control (RBAC) — Access within each Organization is governed by configurable roles (owner, manager, member, viewer)
• Multi-tenant data isolation — All database queries are scoped to your Organization, preventing cross-tenant data access
• Regular security assessments — We conduct periodic reviews of our security posture and infrastructure
• Session management — Sessions include automatic expiry and secure token handling

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining safeguards that meet or exceed industry standards.

10. PDPA Compliance (Malaysia)

As a Malaysian company, we comply with the Personal Data Protection Act 2010 (PDPA) of Malaysia. Under the PDPA:

• We process personal data based on lawful grounds, including consent, contractual necessity, and legitimate interest
• We adhere to the seven data protection principles outlined in the PDPA: General, Notice and Choice, Disclosure, Security, Retention, Data Integrity, and Access
• We provide data subjects with the right to access and correct their personal data upon request
• We do not process sensitive personal data without explicit consent
• Cross-border data transfers are conducted with appropriate safeguards as required by the PDPA

11. International Data Transfers

To provide our services, your data may be processed on servers located outside of Malaysia. Our cloud infrastructure partners operate data centers in multiple regions globally.

We ensure that appropriate safeguards are in place for all international data transfers, including contractual arrangements with our service providers that require them to protect your data to standards consistent with this Privacy Policy and applicable law.

By using the Optopus platform, you acknowledge and consent to the transfer and processing of your data outside of Malaysia where necessary to provide our services.

12. Children's Privacy

Optopus is a business platform designed for use by professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of our Platform. When we make material changes:

• We will notify you via email or through an in-app notification at least 14 days before the changes take effect
• We will update the "Last updated" date at the top of this page
• For significant changes that affect how we process your data, we may request renewed consent

Your continued use of the Platform after the updated Privacy Policy takes effect constitutes your acceptance of the changes. We encourage you to review this page periodically.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

• Company: Optopus Technologies (JM1042153-M)
• Email: privacy@optopus.my
• Website: https://optopus.my