Last updated: November 15, 2025
This Privacy Notice describes how Opti.ai, Inc. (together with its affiliated companies - "Opti", "we", or "us") collects, stores, uses and discloses personal data when you interact with us, including when you provide us services, visit or interact with our website, participate in any of our events, interact with any of our online ads and content, emails, sales and marketing channels, integrations or communications under our control, and purchase or use our services and products (collectively, “Commercial Engagements”).
Personal data that we collect, process and manage on behalf of our business customers (“Business Customers”) through our AI Identity and Access Management platform (the “Platform”), as part of the Opti services and products described in one or more applicable order forms (“Customer Data”) is not covered by this Privacy Notice. The processing by Opti of Customer Data is covered by the commercial agreements, including our Data Processing Addendum, that Opti has with the respective Business Customer. To learn about the privacy practices of our customers, please contact them directly.
Please review this Privacy Notice carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us. By accessing the website or otherwise interacting with other Commercial Engagements, you are agreeing to all of the terms set forth in this Privacy Notice.
If you do not agree to this Privacy Notice, please do not interact with us, or give us any information.
Our Commercial Engagements (and our Platform) are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Notice, including information about any visitors to our website, as pertaining to individuals acting in a business capacity, rather than in their personal capacity.
You are not legally required to provide us with any personal data and may do so (or avoid doing so) at your own free will. However, please keep in mind that without it, we may not be able to provide you with the full range of our Commercial Engagements or deliver the best user experience when interacting with them. If you prefer not to share your personal data or have it processed by us or any of our service providers, please refrain from providing it, visiting our website or interacting with us. You may also submit a request to exercise your rights as explained in Section 10 below.
We will not use or disclose personal data covered by this Privacy Notice in a manner materially different from what is disclosed in this Privacy Notice.
Specifically, this Privacy Notice describes our practices regarding:
Data Collection & Processing
Data Uses & Lawful Bases for Processing
Data Storage and Transfer
How Long We Retain Your Personal Data
How We Disclose Your Personal Data
Cookies and Data Collection Technologies
Communications
Data Security
Sale/Sharing for Targeted Advertising
Data Subject Rights
Data Controller/Processor
Additional Notice & Contact Details
When we use the term “personal data” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
We collect the following categories of personal data, when you interact with Opti’s Commercial Engagements with respect to the following types of data subjects:
Business Representatives’ Data: personal data concerning our Business Customers’ internal focal persons who directly engage with Opti concerning their organization’s account, e.g., the account administrators, billing contacts and authorized signatories on behalf of the Business Customer (“Business Representatives”).
Prospect Data: personal data relating to visitors of our website, participants at our events, and any other prospective customer, user or partner (collectively, “Prospects”) who visits, purchases, or otherwise interacts with our Commercial Engagements.
Vendor Representatives’ Data: personal data concerning potential and existing vendors’ internal focal persons who directly engage with Opti in connection to prospective or existing engagements with and services to Opti.
We may collect the following data about Business and Vendor Representatives and Prospects:
Contact and business details: name, business email, business phone number, position, workplace and professional information, and related business insights, our communications with such individuals (correspondences, sensory information including call and video recordings, and transcriptions and analyses thereof), feedback and testimonials received, contractual and billing details, as well as any expressed, presumed or identified needs, preferences, attributes and insights relevant to our potential or existing engagement, purchasing details, commercial information, including records of our products or services purchased, obtained, or considered, records.
Connectivity, technical and aggregated usage data: IP addresses, device data (like type, OS, device ID, browser version, locale and language settings used), activity logs, session recordings, inferred or presumed data generated from Commercial Engagements, other internet or electronic network activity information and other device or browser information. We also infer our Business Customers’ needs and preferences, as identified to us or recognized through our engagement with Business Representatives and Prospects.
For the purposes of the California Consumer Privacy Act ("CCPA"), in the last 12 months, we have collected the following categories of Personal Information, as defined in the CCPA: Identifiers; Internet or other electronic network activity information; Professional or employment-related information; Geolocation Data; Commercial Information; Inferences; and Audio, electronic, visual, thermal, olfactory information.
We have collected such Personal Information from the following sources:
• Automatically, when you visit the website or through our marketing campaigns on any other sites or platforms that facilitate our Commercial Engagements;
• Directly from Business Customers, Business and Vendor Representatives and Prospects;
• Through our service providers.
We use your personal data as necessary for the following business and commercial purposes and in reliance on the lawful bases detailed in the chart below:
Prospects, Business and Vendor Representatives | |
Purpose | Lawful basis for processing |
To facilitate, operate and provide our Commercial Engagements. |
|
To monitor, study and analyze our Commercial Engagements. |
|
To gain a better understanding on how individuals use and interact with our Commercial Engagements, and how we could improve their and others’ experience and continue improving our offerings and the overall performance of our Commercial Engagements. |
|
To provide customer service and technical support. |
|
To support and enhance our data security measures, including for purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity. |
|
To comply with court orders and warrants, and prevent misuse of the services, and to take any action in any related legal dispute and proceeding. |
|
To comply with applicable laws and regulations. |
|
To contact you with general or personalized service-related messages, as well as promotional messages that may be of specific interest to you. |
|
To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. |
|
To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences. |
|
To facilitate, sponsor and offer certain events, contests and promotions. |
|
To create aggregated data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective services, conduct research, or for any other purpose. |
|
If you reside or are engaging with us in a territory governed by privacy laws under which “Consent” is the only or most appropriate lawful basis for the processing of personal data as described herein (in general, or specifically with respect to the types of personal data you expect or elect to process or have processed by us or via our interactions, or due to nature of such processing), your continued interaction with us means that you have had the opportunity to read and that you accept this Privacy Notice and will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Notice, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at privacy@opti.ai.
We and our authorized service providers (further detailed below) maintain, store and process personal data in the United States of America and Israel, as well as and other locations - in which Opti, its subsidiaries, affiliates or service providers operate - as reasonably necessary for the proper performance and delivery of our Commercial Engagements, for our internal business purposes in the locations where Opti resides, or as may be required by law.
While privacy laws may vary between jurisdictions, Opti is committed to protecting personal data in accordance with this Privacy Notice and customary industry standards, including using appropriate lawful transfer mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
Opti is headquartered in the United States, with a subsidiary in Israel - a jurisdiction that is considered by the European Commission, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and the UK Secretary of State to have an adequate level of protection for personal data originating from the EEA, Switzerland and the UK, respectively. For data transfers from the EEA, Switzerland or UK to countries that are not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered, as appropriate, into EEA or Swiss Standard Contractual Clauses, or International Data Transfer Agreements/Addendums, as approved by the authorized regulatory bodies. You can request to obtain a copy by contacting us as indicated in Section 12 below.
We retain personal data for as long as we deem it as reasonably necessary in order to maintain and expand our relationship and provide you with our Commercial Engagements; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship), all in accordance with our data retention policy and applicable laws.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete or anonymize it for any reason and at any time, with or without notice to you.
If you have any questions about our data retention policy, please contact us by e-mail at privacy@opti.ai.
We disclose personal data in the following ways:
Service Providers: We engage selected third-party companies to perform services on our behalf or complementary to our own. Such service providers include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, billing and payment processing services, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session or activity recording services, remote access services, content transcription and analysis services, performance measurement, data optimization and marketing services, social and advertising networks, content and data enrichment providers, event production and hosting services, e-mail, voicemails, support, enablement and customer relation management systems, and our legal, financial, privacy and compliance advisors (collectively, “service providers“). Our service providers may have access to personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Commercial Engagements, and may only use the data as determined in our agreements with them.
Event Sponsors: If you attend an event or webinar organized by us, or download or access an asset on our website related to such an event, webinar or other activity involving third-party sponsors or presenters, we may share your personal data with them. Depending on the applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a specific sponsor’s booth. In these circumstances, your personal data will be subject to the sponsors’ privacy statements. If you do not wish for your personal data to be shared, you may choose not to opt-in via the event/webinar registration, or elect to not have your badge scanned, or you can opt-out in accordance with Section 7 below.
Sharing your Feedback or Recommendations: If you submit a public review or feedback, note that we may (at our discretion) store and present your review in our website or other available media. If you wish to remove your public review, please contact us at privacy@opti.ai.
Partnerships: We may engage selected business and channel partners, resellers, distributors, and providers of professional services in connection with our services, which allow us to provide them, including as required by local regulations, and to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for Business Customers and Prospects. In such instances and in certain cases, you may be required to directly engage with such respective third-party provider and accept its specific terms and privacy policy or we may share relevant contact, identity, and other details at your instruction in order for you to benefit from such third-party services. Such engagement may also be subject to those third parties’ specific terms and privacy policies, depending on the service provided. If you directly engage with any of our third-party providers, please note that any aspect of that engagement that is not directly related to the services and directed by Opti is beyond the scope of Opti’s Terms and this Privacy Notice and shall be covered by the third-party provider’s terms and privacy policy.
Legal Compliance: We may disclose or allow government and law enforcement officials access to your personal data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and services.
Protecting Rights and Safety: We may share personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Opti and our employees, any of our Prospects, or our Business Customers or their Representatives, our vendors, or any members of the general public.
Opti Subsidiaries and Affiliated Companies: We may share personal data internally within our group, for the purposes described in this Privacy Notice. In addition, should Opti or any of its subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, personal data may be shared with or transferred to the parties involved in such an event. We may disclose personal data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy or receivership.
For the avoidance of doubt, Opti may share personal data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.
For the purposes of the CCPA, in the past 12 months, we may have disclosed Identifiers; Internet or other electronic network activity information; Professional or employment-related information; Geolocation Data and Inferences; to service providers, Opti Subsidiaries and Affiliated Companies, for legal compliance, or to protect rights and safety. We may have disclosed identifiers and Customer Record Information for Service Integrations or with Event Sponsors. We do not use or disclose sensitive personal information outside of the purposes allowed by the CCPA. We do so in pursuit of the business and commercial purposes described in Section 2 above.
We may use tracking technologies on our website, our marketing campaigns on any other sites or platforms that facilitate our Commercial Engagements - such as log files, pixels and cookies (collectively “cookies”).
Cookies, log files and similar tracking technologies are used to improve the user experience, analyze our performance and marketing activities, personalize your experience, for service development and improvements, improve and maintain the safety and functionality of our Commercial Engagements and to collect statistical or anonymous data about how you and other users use and interact with us.
The type of information collected may include (but is not limited to) internet protocol (IP) addresses, MAC address, device type, browser type, operating system type, Internet Service Provider (ISP), date/time stamp of user interface interactions.
To learn more about our practices concerning cookies and tracking, please see our Cookie Policy.
For more information on our cookie and data collection technologies on our website, and to configure your cookie preferences on our website, as applicable - depending on your location and activity on our website - click the cookie widget icon on the left side of each page of our website.
We engage in service and promotional communications, through e-mail, phone, SMS and notifications.
Service Communications: We may contact you with important information regarding our services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our services, billing issues, log-in attempts or password reset notices, etc. Please note that you will not be able to opt out of receiving certain service communications which are integral to your use of some of our services (like password resets or billing notices).
Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities or any other information we think you will find valuable, subject to any necessary collection of your consent as appropriate based on applicable laws. We may provide such notices through any of the contact means available to us (e.g., phone, mobile or e-mail), or through our marketing campaigns on any other sites or platforms.
If you do not wish to receive such promotional communications, you may notify us at any time by sending an e-mail to: privacy@opti.ai or by following the instructions contained in the promotional communications you receive.
We have implemented industry-standard physical, administrative and technical security measures, designed to secure your personal data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. However, we cannot guarantee that our Commercial Engagements will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, or if you have any questions about our security, please contact us by e-mail at privacy@opti.ai.
Under some US data protection laws, like the California Consumer Privacy Act (CCPA), our disclosure of certain internet activity and device information with third parties may be considered a “sale” or “sharing” of personal information. We do so in pursuit of the business and commercial purposes described in Section 2 above.
For the purposes of the CCPA, in the last 12 months we have "sold" or "shared" Internet or Other Electronic Network Activity Information, Geolocation Data, and Commercial Information with our analytics and advertising partners and service providers. Opti has not knowingly sold or shared the personal information of individuals under the age of 16.
Where applicable, we only activate cookies that may result in a “sale” and/or “sharing” of your personal information if you have directed us to do so by opting in to all of our cookies through our cookie banner (without directing us to block sell/share cookies through the toggle option available to you in the cookie banner).
To the extent the result of this opt-in activation is considered a “sale” or “sharing” of your personal information under the CCPA, you may exercise your right to opt out again at any time in the following ways (cumulative):
Click the cookie widget icon on the left side of each page of our website, toggle on the “Do Not Sell or Share My Personal Information”, then click the “Continue” button.
Please note: If you visit us from a different device or browser, or clear Cookies, then you need to return to this screen to re-select your preferences.
Set the Global Privacy Control (GPC) for each participating browser system that you use to opt out of the use of third-party advertisement, analytics or other cookies (instructions on how to download and use GPC are available here).
Under certain laws, including the EU or UK General Data Protection Regulation (GDPR) and the CCPA, individuals have rights regarding their personal data. These rights include – each to the extent applicable to you – the right to request information concerning or request access to your personal data, or to request its correction, portability or erasure. You may also have the right to restrict or object to the processing of your personal data, the right to direct us not to sell or share your personal data to third parties now or in the future, or the right to equal services and prices (e.g. freedom from discrimination). Under some regulatory frameworks you may also have the right to lodge a complaint with the relevant supervisory authority.
We will not charge a fee to process or respond to your verifiable privacy request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Alternatively, we may refuse to comply with your request in such circumstances.
To the extent applicable to you, you may also designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.
Please note that when you or an authorized agent ask us to exercise any of your rights under this policy or applicable law, we may need to ask you to provide us with certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal data related to others and to ask you to provide further information to better understand the nature and scope of data regarding which you request to exercise your rights. Such additional data may be then retained by us for legal, compliance and auditing purposes (e.g., as proof of the identity of the person submitting the request or proof of request fulfillment). We will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the individual about whom we collected the personal data.
We may redact from the data that we will make available to the requesting data subject any personal data related to others.
Please also note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers. We will provide details of our reasoning to you in our correspondence on the matter.
Each right may be executed to the extent available to you under the laws which apply to you and is subject to various exclusions and exceptions under applicable laws. Please contact us by e-mail at: privacy@opti.ai if you wish to exercise your privacy rights.
If you would like to make any requests or queries regarding personal data that we process on our Business Customers’ behalf, please contact the customer or the administrator of such customer’s account directly (see Section 11 below for further information). Note that if you do contact us in this regard, we may share your communications with the relevant Business Customer and its Business Representatives; and that we may also share the contact details of the Business Representative with individuals who sent us such a request or query relating to that representative’s relevant Business Customer.
Certain data protection laws and regulations, such as the EU GDPR, UK GDPR, and CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Commercial Engagements, to the extent that such laws and regulations apply.
Opti is the “data controller” of Prospects’ Data and Business and Vendor Representatives’ Data as they are defined and explained in this Notice. With respect to such personal data, we assume the responsibilities of data controller (to the extent applicable under law), as set forth in this Privacy Notice. In such instances, our service providers processing such data will assume the role of “data processor”.
Opti is the “data processor” of Customer Data, which we process on behalf of our Business Customers. In such instances, our service providers who process Customer Data are “sub-processors” of such data. Accordingly, Opti processes Customer Data strictly in accordance with the respective Business Customer’s reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with the Business Customer.
Updates and Amendments: We may update and amend this Privacy Notice from time to time by posting an amended version on our website. The amended version will be effective as of the date it is published. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us or via the website. After such notice period, all amendments shall be deemed accepted by you. In the event consent is required based on where you reside, you will be asked to consent prior to being allowed to access our website subsequent to a Privacy Notice update/amendment.
External Links: While our Commercial Engagements may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave for the website or application of such third parties, and to read the privacy policies of each and every website and service you visit. This Privacy Notice applies only to our Commercial Engagements.
Children: Our Commercial Engagements are not designed to attract minors. We do not knowingly collect personal data from minors and do not wish to do so. If you believe that we might have any such data, please contact us by e-mail at privacy@opti.ai.
Database Controller: For the purposes of Israel’s Protection of Privacy Law, where Opti.ai Ltd acts as a data controller for personal data processed in connection with this Privacy Notice, Opti.ai Ltd. serves as the “Database Controller” and may be contacted at privacy@opti.ai.
Contacting Us: If you have any comments or questions regarding our Privacy Notice, or if you have any concerns regarding your personal data held with us, please contact Opti’s privacy team at privacy@opti.ai.
