Opscotch Privacy and Telemetry Notice

This Privacy and Telemetry Notice (“Notice”) explains how Opscotch Limited, of Level 4 Dominion building, 78 Victoria Street, Wellington 6011 New Zealand (“Opscotch”, “we”, “us”, or “our”), collects, uses, stores, and shares personal information.

This Notice is intended to cover:

• visitors to https://www.opscotch.co;
• prospective customers, customers, resellers, and partners;
• individuals who contact Opscotch;
• administrators and other users associated with Opscotch products; and
• limited telemetry received from self-hosted Opscotch product deployments.

If we provide a separate privacy notice for a specific product, service, event, recruitment process, or program, that separate notice will apply to the extent of any inconsistency.

1. Important product context

Opscotch’s self-hosted product is designed to operate inside customer-controlled environments. Based on the product model described today, Opscotch does not need to receive customer workflow payloads, customer secrets, customer credentials, or customer operational data as part of ordinary license telemetry.

However:

• limited product telemetry may still include information that is personal information in some contexts (for example if it can be linked to an individual administrator or customer contact); and
• if you separately choose to provide logs, screenshots, attachments, diagnostic bundles, or other materials to Opscotch for support, troubleshooting, or commercial engagement, those materials may contain personal information and will be handled under this Notice unless a separate agreement or notice applies.

2. Information we collect

Depending on how you interact with us, we may collect the following categories of information.

2.1 Website and contact information

• name, business email, phone number, employer, role, and similar contact details;
• information you submit through contact forms, demo requests, sales inquiries, support requests, or event registrations;
• records of your communications with us; and
• marketing preference information.

2.2 Contracting, billing, and account information

• customer or reseller contact details;
• order, subscription, invoice, and payment-related information;
• administrator or license owner details;
• entitlement, renewal, and account status information; and
• information needed to verify authority, eligibility, sanctions, anti-fraud, or compliance matters.

2.3 Product telemetry

For self-hosted product deployments, Opscotch may collect limited telemetry such as:

• license key or entitlement identifiers;
• deployment or instance identifiers;
• product version, edition, and feature entitlements;
• activation, validation, renewal, heartbeat, or license-status events;
• limited system or environment metadata reasonably necessary for licensing, fraud prevention, compatibility, or security purposes;
• IP address or network-origin information associated with telemetry calls; and
• limited diagnostic or security event information related to licensing integrity.

That telemetry is intended to be delivered to https://licensing.opscotch.co. In some deployments, customers, resellers, or vendors may choose to proxy, relay, or forward telemetry before it reaches Opscotch’s licensing service, but the telemetry is still ultimately intended for https://licensing.opscotch.co.

The exact telemetry fields currently collected are:

• deploymentId
• fileVersionId
• licenseId
• agentId
• licenseChain
• stepCount
• uniqueStepTriggersCount
• stepTriggerCount
• uniqueFileStepTriggersCount
• fileStepTriggerCount
• uniqueHttpStepTriggersCount
• httpStepTriggerCount
• uniqueTcpStepTriggersCount
• tcpStepTriggerCount
• agentIdVersion
• periodStartEpocMs
• periodEndEpocMs
• periodDurationMs

2.4 Information you choose to provide for support or troubleshooting

If you voluntarily send us a support ticket, email, screenshot, logfile, diagnostic bundle, or similar material, we may collect and use the information in that submission.

2.5 Website analytics and cookies

We and our service providers may use cookies, similar technologies, and website analytics tools to understand traffic, improve website performance, maintain security, and remember settings.

Replace this with your actual tools and cookie choices before publishing:
[COOKIE/ANALYTICS TOOLS]

3. What we do not intend to collect through ordinary licensing telemetry

As part of ordinary product telemetry for the current self-hosted model, Opscotch does not intend to collect:

• customer workflow payloads;
• customer business data flowing through customer-configured pipelines;
• customer secrets or credentials;
• customer prompts or commands beyond what is expressly included in the verified telemetry fields; or
• copies of customer configuration files or logs,

unless you separately and intentionally provide such materials to us (for example in a support request, diagnostic upload, or security investigation), or unless the product is later changed and this Notice is updated accordingly.

4. How we collect information

We collect information:

• directly from you, when you fill out forms, contact us, register for events, negotiate contracts, or submit support materials;
• automatically through our website, telemetry endpoints, licensing systems, and security systems;
• from resellers, partners, payment providers, and other service providers involved in selling or supporting our products; and
• from public or commercial sources where permitted by law and relevant to our business relationship with you.

5. Why we use information

We may use personal information to:

• operate, secure, support, and improve our website and products;
• provide, activate, validate, renew, and enforce licenses and subscriptions;
• maintain records of orders, entitlements, and customer relationships;
• detect fraud, abuse, misuse, sanctions risk, or security threats;
• communicate with customers, prospects, partners, and users;
• process payments, invoices, taxes, and collections;
• provide support, respond to requests, and troubleshoot issues;
• understand product usage trends at an aggregated level and improve product design;
• comply with law, exercise legal rights, and protect Opscotch, our users, and third parties; and
• manage corporate transactions, audits, financing, or due diligence.

6. Legal basis / authority to process

Where required by applicable law, we process personal information on one or more of the following grounds:

• to perform a contract or take steps at your request before entering into a contract;
• for our legitimate interests in operating, securing, licensing, improving, and protecting our business and products;
• to comply with legal obligations; and
• with consent, where consent is required.

7. Sharing information

We may share personal information with:

• service providers that help us operate our website, CRM, support, telemetry, payments, hosting, communications, or security functions;
• payment processors, resellers, distributors, and channel partners involved in your purchase or renewal;
• professional advisers, auditors, insurers, and financing counterparties;
• regulators, courts, law enforcement, or other authorities where required or permitted by law;
• prospective or actual buyers, investors, or transaction counterparties in connection with a merger, reorganization, financing, asset sale, or similar transaction; and
• Affiliates within our corporate group.

Replace with your actual material processors / vendors before publishing:

• [PAYMENT PROCESSOR]
• [CRM / MARKETING PLATFORM]
• [SUPPORT TOOLING / TICKETING VENDOR]
• [HOSTING / TELEMETRY INFRASTRUCTURE]

We may also disclose aggregated or de-identified information that does not reasonably identify an individual.

8. International transfers

Because Opscotch may sell and support products globally, personal information may be stored in or accessed from countries other than the country in which it was collected.

Where required by law, we will use appropriate safeguards for international transfers.

9. Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Notice, including for:

• the duration of the relevant customer, partner, or prospect relationship;
• license, tax, accounting, dispute, audit, fraud prevention, and compliance recordkeeping; and
• security incident investigation and legal preservation.

We may retain de-identified or aggregated information for longer where permitted by law.

Retention schedule (unless a longer period is required by law, audit hold, or an active dispute):

• website inquiries: 24 months
• sales / contract records: 7 years
• billing records: 7 years
• telemetry records: 24 months
• support submissions: 24 months

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, or destruction.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights

Subject to applicable law, you may have rights to:

• request access to personal information we hold about you;
• request correction of inaccurate information;
• request deletion in some circumstances;
• object to or restrict certain processing;
• withdraw consent where processing relies on consent; and
• complain to a privacy regulator.

For New Zealand individuals, the Privacy Act 2020 includes rights of access to and correction of personal information.

12. Product telemetry controls

If a product feature allows you to control or limit optional telemetry, that will be described in the relevant Documentation. Telemetry required for licensing integrity, anti-fraud, product security, or entitlement enforcement may not be optional unless Opscotch expressly offers an offline or alternative licensing arrangement.

13. Third-party services and destinations

Opscotch is not responsible for the privacy practices of third-party websites, APIs, services, connectors, or destinations that you choose to use. If your workflows send information to third parties, those third parties will handle the information under their own terms and notices.

14. Children

Opscotch products and websites are intended for business and professional use and are not directed to children.

15. Changes to this Notice

We may update this Notice from time to time. If we make material changes, we will update the “last updated” date and, where required, provide additional notice.

16. Contact us

Privacy questions, access requests, correction requests, or complaints can be sent to:

Privacy contact: privacy@opscotch.co
Legal entity: Opscotch Limited
Address: Level 4 Dominion building, 78 Victoria Street, Wellington 6011 New Zealand

If you are not satisfied with our response and applicable law gives you that right, you may be able to complain to your local privacy regulator, including the Office of the Privacy Commissioner in New Zealand.