Opinly.ai Privacy Policy

Last updated: June 17, 2026

Opinly.ai ("Opinly", "we", "us") is committed to protecting your personal information. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, how long we keep it, the rights you have, and how to contact us. It applies to the Opinly website and all Opinly services (the "Services").

1. Who we are (data controller)

Opinly is the data controller of personal information processed about you in connection with the Services. Opinly is established in Northern Ireland, United Kingdom. You can contact us about this Privacy Policy or any privacy matter at support@opinly.ai. If you are in the European Economic Area, you may also direct privacy enquiries to that address; if and when Opinly appoints an EU representative under Article 27 of the EU GDPR, the representative's contact details will be published here.

2. What personal information we collect

  • Account information. When you create an Opinly account we collect your name, email address, and a chosen password. We may also collect your company name, job title, preferred language, and (optionally) a phone number. We use the phone number only for the service notifications described in Section 4.
  • Billing information. If you purchase a paid plan, our payments provider (Stripe) collects payment-method details on our behalf. We do not store full card numbers on our systems.
  • Content you provide to the Services. The text, prompts, URLs, integration credentials, and other content you submit to use the Services.
  • Usage and product analytics. Information about how you use the Services, such as pages visited, features used, searches performed, and events triggered (e.g. publishing content, receiving a backlink, tracking a prompt). Collected via cookies and similar technologies described in Section 8.
  • Device information. Device type, operating system, browser type, IP address, and unique device identifiers.
  • Communications. If you contact us for support or feedback, we collect your name, email address, and the content of your message.

3. How we use your personal information

  • To provide and improve the Services. Operate and maintain the Services, provide features and functionality, personalise your experience, and fulfil your requests.
  • To communicate with you about your account. Send service updates, security notices, billing communications, password reset instructions, and support responses.
  • To send marketing emails. We may send you marketing emails about new features, product updates, tips, and offers. You can opt out at any time using the unsubscribe link in any marketing email or by changing your preferences in your account settings.
  • To send SMS service notifications. If you provide a mobile phone number, we may send you transactional and account-related text messages about events in your account — for example, when your content is set up, published, or synced to a connected integration; when you receive a backlink through the backlink exchange; prompt-tracking results; billing notices; and security alerts. These messages are not promotional. You can stop them at any time by replying STOP to any message. Standard message and data rates may apply. See Section 27 of our Terms of Service for further detail.
  • For research and development. Anonymised and aggregated data to improve and develop new features.
  • For security and fraud prevention. Detect, prevent, and respond to security incidents, abuse, and unlawful activity.
  • To comply with legal obligations. Respond to legal process, enforce our Terms, and protect rights and safety.

4. Legal bases for processing (UK / EU users)

If you are in the United Kingdom or the European Economic Area, we process your personal information on the following legal bases under the UK GDPR and EU GDPR:

  • Performance of a contract — to provide the Services you have signed up for, including account administration, billing, transactional emails, SMS service notifications tied to your use of the Services, and customer support.
  • Legitimate interests — to improve the Services, conduct product analytics, prevent fraud and abuse, and market our services to existing customers in a way that is balanced against your interests and rights (you have a right to object — see Section 6).
  • Consent — for any processing that requires consent under applicable law, including non-essential cookies and, where required, certain marketing communications. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation — to comply with our legal and regulatory obligations, including tax, accounting, and responses to lawful requests from public authorities.

5. How we share your personal information

  • Service providers (sub-processors). We share personal information with trusted third-party service providers who help us operate and maintain the Services. Current categories of sub-processors include, without limitation: identity and authentication (Clerk), payments (Stripe), email delivery (Amazon SES), email marketing communications and SMS service notifications (Klaviyo), product analytics and feature flagging (PostHog, Statsig), error monitoring (Sentry), AI model providers (including OpenAI, Anthropic, Amazon Bedrock, and xAI), and cloud infrastructure (Amazon Web Services). These sub-processors are bound by written contractual obligations to keep your information confidential and secure and to use it only to deliver their services to Opinly. They are not permitted to use your personal information for their own independent marketing or to share it with further parties, except as required to deliver their service to Opinly (for example, a sub-processor using its own infrastructure or downstream providers to operate). A current list of named sub-processors is available on request from support@opinly.ai.
  • With your consent or at your direction. Where you have asked us to share information with a third party (for example, when you connect a content integration), we will share to the extent necessary to carry out your instruction.
  • Legal and safety. We may disclose personal information to comply with a court order, subpoena, or other legal process; to enforce our Terms; to protect our rights, property, and safety; or to protect the rights, property, and safety of others.
  • Business transfers. If Opinly is involved in a merger, acquisition, financing, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
  • No sale of personal information. Opinly does not sell personal information in the ordinary sense and does not authorise sub-processors to use personal information for their own independent marketing.

6. Your rights (UK / EU users)

If you are in the United Kingdom or the European Economic Area, you have the following rights in respect of your personal information:

  • Right of access — obtain confirmation that we process your data and a copy of the data we hold.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of personal information where applicable.
  • Right to restrict processing — request that we limit how we process your data in certain circumstances.
  • Right to data portability — receive a machine-readable copy of certain data you have provided to us, or have it transmitted to another controller where technically feasible.
  • Right to object — object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
  • Rights regarding automated decisions — Opinly does not currently make decisions about you that produce legal or similarly significant effects using solely automated means. If we begin to do so, we will provide additional information and rights as required.
  • Right to lodge a complaint. You may complain to your local data-protection authority. In the United Kingdom, the lead supervisory authority is the Information Commissioner's Office (ICO), ico.org.uk. We would, however, appreciate the chance to address your concerns first — please contact us at support@opinly.ai.

To exercise any of these rights, contact us at the email above. We may need to verify your identity before responding. We respond within the timeframes required by applicable law (typically one month under UK/EU GDPR).

7. Notice to California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), gives you specific rights regarding your personal information. The categories of personal information we have collected in the last 12 months, the purposes for which we use them, and the categories of recipients are described in Sections 2, 3, and 5 above.

  • Right to know. Request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete. Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. Opinly does not sell personal information for monetary consideration and does not share personal information for cross-context behavioural advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link and update this Privacy Policy.
  • Right to limit use of sensitive personal information. Opinly does not use or disclose sensitive personal information for purposes beyond those permitted under the CCPA without consent.
  • Right of non-discrimination. We will not deny you services, charge you different prices, or provide a different level of service because you exercise a CCPA right.

To exercise these rights, contact support@opinly.ai. You may use an authorised agent to make a request on your behalf; we may require written authorisation and identity verification.

8. Cookies and similar technologies

We use cookies and similar technologies to operate the Services, remember your preferences, understand how the Services are used, and improve them. Categories used:

  • Strictly necessary cookies. Required for the Services to function (for example, authentication, security, load balancing). These do not require consent.
  • Functional cookies. Remember your preferences and choices.
  • Analytics and product cookies. Provided by PostHog and Statsig to understand product usage and run feature experiments.
  • Diagnostic cookies. Provided by Sentry to detect and diagnose errors.

You can control or disable cookies through your browser settings, including blocking non-essential cookies. We are working on an in-product cookie preferences control; until that is available, browser controls are the way to manage your cookie choices, and disabling cookies may affect parts of the Services that rely on them. If you would like us to act on a specific cookie request in the meantime, contact support@opinly.ai.

9. International data transfers

Some of our sub-processors are located outside the United Kingdom or the European Economic Area, including in the United States. Where we transfer personal information to such jurisdictions, we rely on appropriate safeguards as required by applicable law, including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and any supplementary measures determined to be necessary.

10. Data security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration, or destruction. These include encryption in transit and at rest where appropriate, access controls, logging, and regular security reviews. No security measure is perfect; while we strive to protect your information, we cannot guarantee absolute security.

11. Data retention

We keep personal information only for as long as needed for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law. Indicative retention periods:

  • Account information — for the lifetime of your account, plus up to 90 days after account closure for operational wind-down and dispute resolution.
  • Billing records and tax-relevant data — at least 6 years from the end of the relevant tax year, as required by UK tax law.
  • Content you submit to the Services — for the lifetime of your account, unless you delete it sooner. Deleted content is purged from backups within 90 days.
  • Product analytics and event logs — typically up to 24 months, after which data is aggregated or deleted.
  • Support communications — typically up to 24 months after the inquiry is closed.
  • Security logs — typically up to 12 months, longer where needed to investigate an incident.

When we no longer need to retain your personal information, we securely delete or anonymise it.

12. Children

The Services are intended for use by businesses and individuals aged 18 or over and are not directed to children. The 18+ threshold reflects contractual eligibility to enter into our Terms of Service. Separately, in line with the UK GDPR and EU GDPR "digital age of consent" thresholds, we do not knowingly collect personal information from anyone under 16 (or, in the United Kingdom, under 13). If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@opinly.ai so we can delete it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We will notify you by email or by posting a notice on the Services before any material changes take effect. The "Last updated" date at the top of this page indicates the most recent revision.

14. Contact us

If you have any questions about this Privacy Policy or our privacy practices, contact us at: