Privacy Policy

1. Who We Are

OpsMerge is a cloud-based IT documentation platform operated by Direct IT Services UK Ltd, a company registered in England and Wales (trading as OpsMerge). Our registered office is in the United Kingdom.

When we refer to “OpsMerge”, “we”, “us”, or “our” in this policy, we mean Direct IT Services UK Ltd.

Our website is opsmerge.cloud and you can contact us at hello@opsmerge.cloud.

2. Information We Collect

We collect information in the following categories to provide and improve our service:

2.1 Account Data

When you create an account, we collect your name, email address, company name, and job title. If you are the billing contact, we also collect your billing address. We do not store payment card details directly; these are handled by our payment processor.

2.2 Usage Data

We automatically collect information about how you interact with the service, including pages visited, features used, actions performed (audit logs), timestamps, and session duration. This data helps us understand usage patterns, improve the product, and maintain security.

2.3 Device and Technical Information

When you access OpsMerge, we collect your IP address, browser type and version, operating system, device type, and referring URL. This information is used for security monitoring, troubleshooting, and service optimisation.

2.4 Customer Content

You may upload or create documentation, notes, configuration data, and other content within the platform. We process this content solely to provide the service and as described in our Data Processing Agreement.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service provision: To create and manage your account, deliver the platform functionality, and provide customer support.
• Security: To protect accounts, detect and prevent fraud, enforce our terms, and maintain the integrity of our infrastructure.
• Communication: To send essential service notifications (security alerts, billing confirmations, product updates), and, where you have opted in, marketing communications.
• Improvement: To analyse usage patterns, diagnose technical issues, develop new features, and improve existing functionality.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases as defined by the UK General Data Protection Regulation (UK GDPR):

• Performance of a contract (Art. 6(1)(b)): Processing necessary to fulfil our contractual obligations to you, including providing the OpsMerge platform, managing your account, and processing payments.
• Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving our service, ensuring platform security, preventing fraud, and conducting analytics. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with legal or regulatory obligations to which we are subject.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

5.1 Sub-processors

We engage trusted third-party sub-processors to help deliver the service. These include our infrastructure hosting provider, email delivery service, and payment processor. Each sub-processor is bound by contractual obligations to protect your data and process it only as instructed. A current list of sub-processors is available upon request.

5.2 Legal Requirements

We may disclose personal data where required by law, regulation, legal process, or enforceable governmental request. We will notify you of such requests where legally permitted.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify you via email or prominent notice on our website before your data is transferred or becomes subject to a different privacy policy.

6. International Transfers

OpsMerge is based in the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

• Transfers to countries with an adequacy decision from the UK Secretary of State.
• International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) where no adequacy decision exists.
• Additional technical and organisational measures as required by the specific transfer context.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the duration of your active account. Upon account termination, personal data is deleted within 30 days, except where retention is required by law.
• Audit logs: Retained for 90 days from the date of the logged event, then automatically purged.
• Billing records: Retained for up to 7 years to comply with UK tax and accounting obligations.
• Customer content: Retained while your account is active. After termination, you have a 30-day window to export your data before it is permanently deleted.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected.
• Right to data portability: Request your personal data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request that we restrict processing of your personal data in certain circumstances.
• Right to object: Object to processing based on legitimate interests, including profiling.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at dpo@opsmerge.cloud. We will respond to your request within one month, as required by law. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Cookies

We use cookies and similar technologies to operate and improve our service. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

10. Children

OpsMerge is a business-to-business service and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Where changes are material, we will notify you by email to the address associated with your account and post a prominent notice on our website at least 14 days before the changes take effect.

Your continued use of OpsMerge after the effective date of the revised policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Data Protection Officer: dpo@opsmerge.cloud
• General enquiries: hello@opsmerge.cloud
• Website: opsmerge.cloud

Direct IT Services UK Ltd, trading as OpsMerge, is the data controller responsible for your personal data processed through the OpsMerge platform.