We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard your information.
Last updated: February 22, 2026 · Effective: February 22, 2026
Datatent B.V. (trading as OptiStack)
Amsterdam, Netherlands
Chamber of Commerce: pending registration
Email: dpo@optistack.com
Response time: Within 5 business days
For all privacy-related inquiries
We collect and process the following categories of personal data, each with a specific legal basis under GDPR Article 6.
| Category | Data Collected | Purpose | Retention | Legal Basis |
|---|---|---|---|---|
| Account Information | Name, email address, company name, job title | Account creation, authentication, communication | Duration of account + 30 days after deletion | Contract performance (Art. 6(1)(b)) |
| Usage Data | Login timestamps, feature usage, page views, session duration | Service improvement, analytics, support | 24 months from collection | Legitimate interest (Art. 6(1)(f)) |
| Technical Data | IP address, browser type, device info, OS version | Security monitoring, troubleshooting, fraud prevention | 12 months from collection | Legitimate interest (Art. 6(1)(f)) |
| Connected Platform Metadata | Cloud resource configurations, query metadata, cost data | Cost analysis, optimization recommendations | Duration of account + 90 days | Contract performance (Art. 6(1)(b)) |
| Billing Information | Payment method details, billing address, invoices | Payment processing, invoicing, tax compliance | 7 years (legal obligation) | Legal obligation (Art. 6(1)(c)) |
| Communication Data | Support tickets, emails, feedback submissions | Customer support, service improvement | 36 months from last interaction | Legitimate interest (Art. 6(1)(f)) |
Under GDPR, you have the following rights regarding your personal data. To exercise any right, contact us at privacy@optistack.com.
Request a copy of all personal data we hold about you. We will respond within 30 days of your verified request.
Art. 15 GDPRRequest correction of inaccurate personal data or completion of incomplete data without undue delay.
Art. 16 GDPRRequest deletion of your personal data when it is no longer necessary for the purpose it was collected ("right to be forgotten").
Art. 17 GDPRReceive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
Art. 20 GDPRRequest restriction of processing while we verify accuracy of your data or assess our legitimate interests.
Art. 18 GDPRObject to processing based on legitimate interests, including profiling and direct marketing at any time.
Art. 21 GDPROptiStack primarily processes and stores personal data within the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place:
We engage the following third-party processors. We notify customers of sub-processor changes at least 30 days in advance.
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Microsoft Azure | Cloud infrastructure hosting | EU (West Europe) | EU data residency |
| Vercel | Frontend hosting and CDN | Global (edge network) | SCCs + DPA |
| Stripe | Payment processing | USA | SCCs + PCI DSS Level 1 |
| Azure Communication Services | Transactional email delivery | EU (West Europe) | EU data residency |
| Sentry | Error tracking and monitoring | USA | SCCs + DPA |
We use strictly necessary cookies for authentication and security. Optional analytics and functional cookies are only set with your explicit consent. For full details on cookies we use and how to manage your preferences, see our Cookie Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
If you have questions about this policy or wish to exercise your data subject rights, contact our Data Protection Officer.
Email: dpo@optistack.com · Response within 5 business days