OpsBoard← Back to home
Legal

Privacy Policy

Effective date: June 17, 2025  ·  https://opsboard-azure.vercel.app

1. Overview

OpsBoard ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use the OpsBoard platform.

This policy applies to Coordinators (account holders), Role Leads, and Volunteers who interact with the Service.

2. Information We Collect

Account information (Coordinators):

  • Name and email address (provided at signup)
  • Password (hashed — we never store plaintext passwords)
  • Payment information (processed by Stripe — we do not store card details)

Event information:

  • Event name, description, dates, and location
  • Roles, tasks, SOPs, and shift configurations you create
  • AI-generated board content based on your event description
  • Broadcasts sent during events

Volunteer information (collected on behalf of Coordinators):

  • Name and optionally email address
  • Role and shift assignment
  • Check-in and check-out timestamps
  • Task completion status
  • Hours logged

Usage information:

  • IP address (used for rate limiting AI features)
  • Browser and device type
  • Pages visited and features used

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process payments and send receipts
  • Generate AI-assisted event boards and volunteer responses
  • Send transactional emails (magic links, thank-you emails after events)
  • Rate limit AI features to prevent abuse
  • Generate post-event analytics for Coordinators
  • Respond to support requests
  • Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Services

OpsBoard uses the following third-party services to operate. Each has its own privacy policy governing how they handle data.

Supabase

Database, authentication, and real-time data. All event and volunteer data is stored in Supabase.

Anthropic (Claude)

AI board builder, volunteer Q&A, and event summaries. Event descriptions and volunteer questions are sent to Anthropic's API to generate responses.

Stripe

Payment processing. Stripe handles all payment card data. OpsBoard does not store card numbers.

Resend

Transactional email delivery (magic links, thank-you emails). Volunteer emails are sent via Resend when triggered by a Coordinator.

Upstash (Redis)

Rate limiting. IP addresses are temporarily stored to enforce AI API rate limits (10 requests per minute).

Vercel

Hosting and infrastructure. The OpsBoard application is hosted on Vercel.

5. Data Sharing

We share data only in these circumstances:

  • With third-party services listed above, solely to operate the Service
  • With Coordinators: volunteer data collected at their event is visible to that Coordinator and their assigned Role Leads
  • When required by law, court order, or government authority
  • To protect the rights, property, or safety of OpsBoard or its users
  • In connection with a merger, acquisition, or sale of assets (you will be notified)

6. Data Retention

We retain your data for as long as your account is active. Specific retention periods:

  • Account data: retained until account deletion
  • Event data: retained for 90 days after account deletion, then permanently deleted
  • Volunteer data: retained for the duration of the event Coordinator's account
  • Payment records: retained for 7 years as required by financial regulations
  • IP addresses for rate limiting: stored for up to 60 seconds in Redis

You can request deletion of your account and associated data at any time by contacting nacariheron@gmail.com.

7. Security

We implement security measures including:

  • All data transmitted over HTTPS/TLS
  • Passwords hashed using bcrypt via Supabase Auth
  • Row-level security (RLS) policies enforcing per-user data access at the database level
  • Service role keys never exposed to the client
  • Stripe handles all payment card data — we never touch card numbers

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions to protect your data.

8. Cookies

OpsBoard uses cookies and similar technologies for:

  • Session management (Supabase Auth session cookie — required for login)
  • No advertising or tracking cookies are used

Guest volunteers (who join without an account) use browser sessionStorage to temporarily store their event code, volunteer ID, and name. This data is cleared when the browser tab is closed.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at nacariheron@gmail.com. We will respond within 30 days.

10. Children's Privacy

OpsBoard is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately at nacariheron@gmail.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For questions, requests, or concerns about this Privacy Policy, contact: nacariheron@gmail.com