Privacy Policy
This Privacy Policy describes how OptiKratos collects, uses, and protects your personal information.
Scope of This Notice
This Privacy Policy applies when OptiKratos acts as a Controller under data protection law. It does not cover processing we do on behalf of our Customers (e.g. messages sent through OptiKratos by your business)—for that, Customers are the Controllers and have their own privacy notices.
If you received a message via OptiKratos, please contact the sender (our Customer) about that message. OptiKratos platforms are not directed to minors; do not submit personal data if you are underage.
Key Privacy Highlights
Types of Personal Data We Process
"Personal data" means information relating to an identifiable, living person. We process two types as Controller:
Customer Data
Personal data about current and potential Customers—how you interact with OptiKratos (Agent Builder, AI agents, Analytics, Broadcasting, Template Manager), account information, and related usage data.
Service Data
Routing and message data—including message content—created and processed when we provide AI WhatsApp, Sales, Support, and Booking Agent services to our Customers. If you are an end recipient of messages sent through OptiKratos, those messages were sent by our Customers, who have their own privacy policies.
Who Provides OptiKratos with Personal Data?
Customer Data may come from: your employer or colleagues (e.g. when registering an account); third parties (e.g. sales leads, market research) where we ensure legitimate sources; or information generated during our engagement (e.g. why you are interested in OptiKratos, organization type).
Service Data is processed when Customers send traffic through our services. Your personal data in Service Data typically originates from the Customer who directs messages to you.
How We Process Customer Data
| Activity | Purpose | Lawful Basis | Personal Data | Retention |
|---|---|---|---|---|
| Account administration and contract management | To administer customer relationships, perform identity verification, process billing and payments, fulfil contract obligations, and send service announcements. | Contract / Legitimate interests | Contact data (name, email, phone, company, position); payment details; technical data (IP, logs). | Duration of business relationship |
| Platform and website operation | To operate and administer the OptiKratos dashboard, Agent Builder, APIs, and websites for customers and users. | Legitimate interests | Contact data; technical data (IP, portal/forum logs, cookie data). | Duration of business relationship |
| Information security | To protect platforms, services, and customer data; detect and prevent threats, fraud, and vulnerabilities. | Legal obligation / Legitimate interests | Technical data (logs, IP address, computer settings). | As required by law |
| Marketing (direct and indirect) | Sending newsletters, webinars, white papers, promotional communications; sharing leads with partners only with explicit consent. | Consent / Legitimate interests | Contact data; technical data (page views, sessions); partner data where opted in. | Until opt-out or consent withdrawn |
| Analytics and product development | Gathering insights to improve functionalities and customer experience; performed on aggregated/anonymized data where applicable. | Legitimate interests | Customer feedback; technical data (logs, tracking per Cookie Policy). | Temporary, before anonymization |
| Opt-out and opt-in management | Maintaining consent and unsubscribe features as required by privacy and marketing laws. | Legal obligation | Contact data and opt-in/opt-out preferences; technical logs. | As required to maintain opt-in/opt-out register |
| Service announcements | Providing service notices including downtime, updates, and disturbances per SLA. | Legitimate interests | Email address | Duration of business relationship |
| Legal compliance and reporting | Fulfilling obligations under tax laws and other mandatory reporting requirements. | Legal obligation | Customer entity data; payment and billing information | As required by law |
| Threat, fraud, and spam protection | Upholding service standards by detecting and acting on fraud, spam, phishing; may include automated risk analysis. | Legitimate interests / Legal obligation | Contact data; Service Data (message routing, metadata); technical data. | Until matter resolved |
| Legitimate authority requests | Responding to lawful requests from authorities for subscriber or usage information. | Legal obligation | Contact details; usage data; subscriber data | Processed only to respond to individual request |
Service Data — Data About Our Customers' Customers
As a provider of messaging and AI agent services, we process personal data relating to end recipients of communications as follows:
| Activity | Purpose | Lawful Basis | Retention |
|---|---|---|---|
| Service continuity management | Protecting stability of services against vulnerabilities. | Legal obligation | Per information security practices |
| Threat, fraud, and spam protection (AI-assisted) | Detecting, filtering, and acting on fraud, spam, phishing; may use AI with human oversight where required. | Legitimate interests / Legal obligation | Up to 7 days unless legal obligation requires longer |
| Block list maintenance | Maintaining block list per end-recipient wishes to stop communications. | Consent | Until data subject withdraws block |
| Authority requests | Responding to lawful authority requests for subscriber or message information. | Legal obligation | Processed only to respond to request |
We Do Not Sell Personal Data
OptiKratos does not sell personal data and does not allow third parties to use your personal data for their own business interests without your explicit consent.
With Whom We Share Personal Data
Meta / WhatsApp
OptiKratos integrates with WhatsApp Business API. Message content, metadata, and recipient data are shared as required to deliver WhatsApp communications.
Service providers and consultants
Infrastructure (data centres), payment processors, IT services, customer support tools, security experts, analytics providers.
Authorities and legal recipients
When required by law, regulation, legal process, or government request; to protect rights, security, or public safety.
Business transfers
In connection with merger, acquisition, reorganization, or similar corporate events.
International Data Transfers
OptiKratos operates globally and may transfer personal data between countries. When we transfer data to countries with lower protection, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework where applicable, or equivalent mechanisms. For details on transfer mechanisms for your data, contact our Data Protection Officer.
How We Protect Your Personal Data
OptiKratos maintains technical, administrative, organizational, and physical measures to protect your personal data, including encryption, access controls, and regular security monitoring. We are SOC 2 Type II certified and implement industry best practices. For more on our security posture, see our Trust Center or security documentation.
Your Rights as a Data Subject
To exercise these rights, contact privacy@optikratos.com. We may verify your identity before processing requests.
Right to Access
Request access to your personal data and a copy of what we hold.
Right to Portability
Receive your data in a structured, machine-readable format; request transmission to another controller where feasible.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion under certain circumstances (e.g. no longer necessary, consent withdrawn).
Right to Restriction
Request temporary suspension of processing (e.g. while contesting accuracy).
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent at any time; lawfulness of prior processing unaffected.
Complaints: You may lodge a complaint with a supervisory authority if you believe your data rights have been violated. In the EU/EEA, you can contact the authority in your country. Regardless of location, you may also contact our Data Protection Officer.
Contact Our Privacy Team
Mailing Address
OptiKratos Privacy Team
131 Continental Dr Suite 305
Newark, DE 19713
United States
Last updated: March 11, 2026. We may update this policy from time to time and will notify you of material changes.