This Privacy Policy explains how Opio (the “Website”) and the Opio platform (the “Service”) collect, use, and share personal data when you visit opio.fi, request a demo, communicate with us, or use the Service. Opio helps finance teams produce structured, reconciled, and source linked insights from internal documents using AI powered workflows.

Who we are

Data controller (Website and business communications):
OPIO (SAS)

27 rue des Panoyaux, 75020 Paris, France
 Email: gdpr@opio-ai.com (privacy requests onyl). If you use the Service through your employer or another organization, that organization typically acts as the data controller for the personal data contained in documents they upload or process. In that case, Opio generally acts as a data processor on their instructions (see section “Customer Content and Service data”).

What personal data we collect

A. Website data (automatically collected)

• Device and browser information (device type, OS, browser type)
• Usage data (pages visited, time spent, referring page)
• Approximate location derived from IP address
• Cookies and similar technologies (see section 6)

B. Data you provide to us (forms and communications)

• Name, work email, company name, job title
• Messages you send (demo requests, support questions, feedback)
• Any other information you choose to share with us

C. Customer Content and Service data (when you use the Service)

The Service may process information contained in files, documents, and other content uploaded to or generated within the Service (“Customer Content”). Customer Content can include personal data, depending on what your organization uploads (for example, names, emails, signatures, invoice details, or references contained in internal documents).We also collect Service metadata such as:

• Account and user identifiers, roles, and settings
• Logs and security events (login timestamps, IP addresses, audit logs)
• Feature usage information needed to operate, secure, and improve the Service

Why we use personal data

We use personal data for the following purposes:

To provide and operate the Website and Service

• Provide access to the Service, authenticate users, and maintain accounts
• Process Customer Content to deliver the Service’s functionality
• Provide support and respond to requestsTo communicate with you
• Send operational messages (security, updates, service related notices)
• Respond to inquiries and demo requestsTo improve and protect Opio
• Debug, monitor performance, and prevent fraud or abuse
• Secure the Website and Service and enforce policiesTo market our Service (where permitted)
• Send product news or content you may find relevant
 You can opt out of marketing communications at any time by using the unsubscribe link or contacting us.

Legal bases for processing (EEA/UK GDPR)

When the GDPR applies, our legal bases typically are:

• Contract: to provide the Service you or your organization requested
• Legitimate interests: to operate, secure, and improve Opio, and to respond to business inquiries
• Consent: for certain cookies or marketing where required
• Legal obligation: to comply with applicable laws, lawful requests, or to establish or defend legal claims

How we share personal data

We may share personal data with:

‍

Service providers (sub processors)

We use vendors to host and operate parts of the Website and Service (for example, hosting, analytics, customer support tooling, security monitoring). They are authorized to process personal data only as needed to provide services to us and under appropriate contractual protections.

‍

Your organization

If your organization administers your account, they may access and manage user information and certain Service data.

‍

Legal and safety disclosures

We may disclose data if required by law, regulation, legal process, or to protect the rights, safety, and security of Opio, our users, or others.

‍

Business transfers

If Opio is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate protections.

Cookies and similar technologies

We use cookies and similar technologies to:

Enable core Website functionality

Remember preferences

Understand how the Website is used and improve it

Where required, we ask for consent before placing non essential cookies. You can also control cookies through your browser settings. Disabling cookies may affect Website functionality. If you want, you can add a dedicated “Cookie Policy” page and link it here.

International data transfers

Your data may be processed in countries other than your own. When we transfer personal data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms, where applicable.

Data retention

We keep personal data only as long as necessary for the purposes described in this Policy, including:

While your account is active or while we provide the Service

As needed for support, security, and audit requirements

As required by law or to resolve disputes and enforce agreementsCustomer Content retention is governed by our customer contracts and instructions from the customer (the data controller).

Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and destruction. No system is 100% secure, but we work to maintain appropriate safeguards for the nature of the data we process.

Your rights

If the GDPR applies, you may have the right to:

Access your personal data

Correct inaccurate or incomplete data

Request deletion of your data

Restrict or object to certain processing

Request data portability

Withdraw consent (where processing is based on consent)

If you use Opio through your organization, you should direct requests about Customer Content to your organization first. We will support our customers in responding to requests as required by law.

Complaints

If you are located in the EEA/UK, you may have the right to lodge a complaint with your local data protection authority. In France, you can contact the CNIL. CNIL

Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date.

Contact

For privacy related questions or requests, contact:

‍gdpr@opio-ai.com