Skip to content
Opkivo home
ProductPricingCompareKnowledge BaseSecurity
Open the console
ProductPricingCompareKnowledge BaseSecurity Open the console
Legal

Opkivo Privacy Policy

This policy explains how APPTHEWORK SRL processes personal data in connection with Opkivo.

Last updated: 22 May 2026

This Privacy Policy explains how APPTHEWORK SRL processes personal data in connection with Opkivo, available at opkivo.com and through any related websites, applications, APIs, products, subscriptions, and services operated under the Opkivo name.

APPTHEWORK SRL is a Romanian limited liability company.

Company details:

  1. Legal name: APPTHEWORK SRL
  2. Unique registration code: 46315821
  3. Trade Registry number: J40/11505/2022
  4. EUID: ROONRC.J40/11505/2022
  5. Registered office: Str. Ernest Juvara 14, Ap. 2, Sector 6, Bucharest, postal code 060104, Romania
  6. Contact email: hello@opkivo.com

1. Our role

For personal data processed for our own business purposes, APPTHEWORK SRL acts as data controller.

This includes personal data processed for account administration, website operation, product operation, subscriptions, billing, customer communication, security, analytics, marketing, support, legal compliance, and business administration.

For personal data included in Customer Content inside an Opkivo workspace, APPTHEWORK SRL usually acts as processor on behalf of the customer that owns or administers the workspace.

In that case, the customer is generally the controller and decides why and how that personal data is processed. If your personal data appears inside an Opkivo workspace operated by one of our customers, you should normally contact that customer first regarding your data protection rights.

2. Personal data we process

Depending on how you use Opkivo, we may process the following categories of personal data:

  1. Account data, such as name, email address, login details, organisation name, workspace membership, role, and permissions.
  2. Contact data, such as email address, phone number, business contact details, support messages, and communication preferences.
  3. Subscription and billing data, such as plan, subscription status, invoices, payment status, billing address, tax information, transaction references, and commercial history.
  4. Payment data processed through Stripe, such as payment method references, payment status, transaction identifiers, fraud prevention signals, and limited payment metadata. We do not intentionally store full payment card numbers on Opkivo.
  5. Technical data, such as IP address, device information, browser type, operating system, session data, logs, timestamps, error reports, and security events.
  6. Usage data, such as pages visited, features used, workspace activity, preferences, product interactions, and diagnostic information.
  7. Support data, such as support requests, messages, attachments, screenshots, bug reports, and related correspondence.
  8. Marketing data, such as newsletter subscription status, campaign interactions, consent records, and communication history.
  9. Customer Content, such as emails, messages, threads, tasks, internal notes, comments, files, knowledge base entries, customer details, and other data submitted to an Opkivo workspace.

3. How we collect personal data

We may collect personal data:

  1. Directly from you when you create an account, subscribe, contact us, request support, pay for Opkivo, or use the service.
  2. From your organisation or workspace administrator when they invite you to Opkivo.
  3. Automatically when you access the website, product, or related services.
  4. From connected services, integrations, authentication providers, email systems, payment providers, hosting providers, analytics tools, or security tools.
  5. From Customer Content submitted by our customers and their users.

4. Why we process personal data

We process personal data for the following purposes:

  1. To provide, operate, maintain, secure, and improve Opkivo.
  2. To create and manage accounts and workspaces.
  3. To authenticate users and manage access.
  4. To process subscriptions, payments, invoices, taxes, and billing records.
  5. To provide customer support.
  6. To send service messages, administrative notices, security alerts, billing messages, and product updates.
  7. To monitor performance, debug errors, prevent abuse, protect security, and maintain infrastructure.
  8. To understand product usage and improve user experience.
  9. To send marketing communications where permitted by law.
  10. To comply with legal, accounting, tax, regulatory, and contractual obligations.
  11. To enforce our Terms of Service and protect our rights, users, customers, infrastructure, and business.
  12. To process Customer Content according to customer instructions.

5. Legal bases under GDPR

Where GDPR applies and APPTHEWORK SRL acts as controller, we rely on one or more of the following legal bases:

  1. Contract, where processing is necessary to provide Opkivo, manage your account, process subscriptions, provide support, and perform our Terms of Service.
  2. Legal obligation, where processing is necessary for tax, accounting, regulatory, security, or compliance obligations.
  3. Legitimate interests, where processing is necessary for security, fraud prevention, product improvement, internal administration, business communication, service analytics, legal protection, and platform operation, provided that your rights and freedoms do not override those interests.
  4. Consent, where required for certain cookies, analytics, newsletters, marketing communications, or optional processing.

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing carried out before withdrawal.

6. Customer Content and workspace data

Customer Content is controlled by the customer that owns or administers the relevant Opkivo workspace.

We process Customer Content only as necessary to provide Opkivo, follow customer instructions, secure the service, provide support, comply with law, and enforce our Terms of Service.

Customers are responsible for:

  1. Informing their own users, employees, contractors, clients, and contacts about processing carried out through Opkivo.
  2. Establishing a lawful basis for processing Customer Content.
  3. Managing access permissions inside workspaces.
  4. Responding to data subject requests relating to Customer Content.
  5. Setting appropriate retention rules.
  6. Ensuring they do not upload unlawful, unnecessary, excessive, or improperly obtained personal data.

7. Stripe and payments

We use Stripe to process subscriptions and payments.

When you pay for Opkivo, Stripe may process personal data such as name, email address, billing details, payment method details, payment status, transaction identifiers, fraud prevention data, and related payment information.

Stripe may act as processor or controller depending on the specific processing activity. Stripe processes payment data according to its own legal terms and privacy documentation.

We do not intentionally store full card numbers on Opkivo. Payment card processing is handled by Stripe.

8. Cookies and similar technologies

We may use cookies and similar technologies to operate opkivo.com and Opkivo.

These may include:

  1. Strictly necessary cookies required for login, security, sessions, preferences, and basic functionality.
  2. Google Analytics cookies used to understand website usage, where you have accepted analytics.

At launch, Google Analytics is the only non essential analytics tool used on opkivo.com. We do not currently use marketing cookies on the public website.

Where required by law, we will request consent before using non essential cookies.

You can manage cookies through your browser settings or through any cookie preference tool we provide.

9. Who we share data with

We may share personal data with:

  1. Hosting and infrastructure providers.
  2. Email and communication providers.
  3. Authentication and security providers.
  4. Payment and billing providers, including Stripe.
  5. Analytics and monitoring providers.
  6. Customer support and operational tools.
  7. Professional advisers, such as lawyers, accountants, auditors, and consultants.
  8. Public authorities, courts, regulators, or law enforcement where required by law.
  9. Business partners or successors in case of merger, acquisition, restructuring, asset transfer, or similar transaction.

We do not sell personal data.

We require service providers to process personal data under appropriate confidentiality, security, and data protection obligations.

10. International transfers

Where personal data is transferred outside the European Economic Area, we will use appropriate safeguards where required by law.

These may include adequacy decisions, standard contractual clauses, contractual safeguards, technical protections, and other lawful transfer mechanisms.

11. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Retention periods depend on the type of data and the reason for processing.

In general:

  1. Account data is retained while your account is active and for a reasonable period after account closure.
  2. Subscription, billing, tax, and accounting data is retained for the period required by applicable law.
  3. Support messages are retained as needed to handle requests, improve support, and protect legal interests.
  4. Security logs are retained for a limited period necessary to detect abuse, investigate incidents, and protect the service.
  5. Marketing data is retained until you unsubscribe, withdraw consent, or object, unless we need to retain limited data to respect your preferences.
  6. Customer Content is retained according to customer workspace settings, subscription status, instructions, legal obligations, backup cycles, and deletion procedures.

Backup copies may remain for a limited period after deletion before being overwritten or permanently removed.

12. Security

We use reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and unauthorised access.

These measures may include access controls, authentication, encryption where appropriate, logging, monitoring, backups, infrastructure security, permission management, internal policies, and supplier controls.

No online service can guarantee absolute security. Users and customers are responsible for securing their own accounts, devices, users, permissions, email systems, integrations, and networks.

13. Your GDPR rights

Where GDPR applies and subject to legal conditions, you may have the following rights:

  1. Right of access.
  2. Right to rectification.
  3. Right to erasure.
  4. Right to restriction of processing.
  5. Right to data portability.
  6. Right to object.
  7. Right to withdraw consent.
  8. Right not to be subject to a decision based solely on automated processing where applicable.
  9. Right to lodge a complaint with a supervisory authority.

To exercise your rights, contact hello@opkivo.com.

If your request relates to personal data contained in an Opkivo workspace controlled by one of our customers, we may direct you to that customer or assist the customer in responding, depending on our role and legal obligations.

You may also lodge a complaint with the Romanian data protection authority:

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
Website: dataprotection.ro

14. Marketing communications

We may send marketing communications if you subscribe, create an account, request information, or otherwise interact with us in a way that permits such communication under applicable law.

You can unsubscribe from marketing emails at any time by using the unsubscribe option in the email or by contacting hello@opkivo.com.

We may still send non marketing service messages, such as security notices, account notifications, billing messages, and important product updates.

15. Automated decision making

We do not use personal data for automated decisions that produce legal or similarly significant effects on individuals, unless expressly stated in a separate notice.

We may use automated systems for security, abuse detection, fraud prevention, spam prevention, analytics, routing, logging, and product functionality.

16. Children

Opkivo is not intended for children.

We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, contact hello@opkivo.com and we will take appropriate steps.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we may notify users by email, product notice, website notice, or another reasonable method.

The updated version will apply from the date stated at the top of the policy.

18. Contact

For privacy questions, requests, or complaints, contact:

APPTHEWORK SRL
Str. Ernest Juvara 14, Ap. 2, Sector 6, Bucharest, postal code 060104, Romania
Email: hello@opkivo.com

Opkivo home

Opkivo. Work does not get lost.

Product

ProductPricingCompareAlternativesKnowledge Base

Use cases

Use casesShared inboxEmail helpdesk with tasksIT service teamsManaged service providersSaaS support teams

Company

SecurityAboutContact

Legal

TermsPrivacy

We use Google Analytics to understand website usage.