Get Started

Get Started

Get Started

Privacy Policy

Effective Date: January 30, 2025

1. Introduction

Welcome to Optise (“Optise,” “we,” “us,” or “our”). We provide an AI-powered website optimization platform primarily for business-to-business (B2B) use, but we also interact with individuals through various channels, including webinars, events, and content downloads. By accessing or using our Services, participating in our events, downloading content, or interacting with us in any other way, you acknowledge that you have read and understood this Privacy Policy.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the ePrivacy Directive, the California Consumer Privacy Act (CCPA), and other relevant data protection laws in jurisdictions where we operate. These regulations help safeguard your information and provide you with certain rights over how we collect, use, and share your data.

Our aim is to maintain the highest standards of privacy and data security while delivering value through AI-driven insights. If you do not agree with any part of this Privacy Policy, please refrain from using our Services or engaging with us via other channels.

2. Who We Are (Data Controller & Processor)

2.1 Who We Are

  • Optise ehf. (Iceland): Optise is a company registered in Iceland, located at Borgartún 29, 105 Reykjavík. For the purposes of applicable data protection laws, Optise acts as the Data Controller for personal data we collect directly (e.g., user registration, marketing outreach), deciding how and why this data is processed.

  • Data Processor Role: When you (our customer) use the Optise platform to process personal data about your end users or site visitors, we act as a Data Processor (or “service provider” under certain U.S. laws) and will only process that data on your behalf and under your instructions. In such cases, we typically enter into a Data Processing Agreement (DPA) that outlines respective responsibilities and compliance obligations under relevant data protection regulations (e.g., Article 28 of the GDPR).

  • Aggregated/Anonymized Data: In line with our Terms of Service (“Terms”), any personal data we aggregate and anonymize so that it no longer identifies you or your end users becomes our property to use without restriction—provided it does not contain personal identifiers. We treat fully anonymized data as non-personal data under applicable laws, since it cannot be used to identify any individual.

2.2 Key Definitions

To ensure clarity, here are key terms referenced throughout this Privacy Policy:

  • “Services”: Encompasses our AI-powered optimization platform, websites, branded social media pages, events, webinars, and any other interactions where we engage with you.

  • “Personal Data”: Any information relating to an identified or identifiable individual. It can include direct identifiers (e.g., name, email) or indirect identifiers (e.g., IP addresses, cookies) if they can be used to pinpoint a specific person.

  • “Controller”: The entity that determines the purposes and means of processing personal data. Optise is typically the Controller for data we collect about our users, prospects, and event attendees.

  • “Processor”: The entity that processes personal data on behalf of the Controller, following their instructions (e.g., Optise when our customers upload their end-user data for analysis).

  • “Affiliates” (if applicable): Other companies under common ownership or control with Optise. They may assist us in delivering Services or handling data in accordance with this Privacy Policy.

  • “User-Generated Content”: Content that users may voluntarily submit through our websites, platform, events, or social media pages (e.g., feedback, testimonials, forum posts).

  • “Payment Data” (if applicable): Financial information collected for billing or subscription purposes, such as billing address or partial payment card details (typically processed by third-party payment providers).

2.3 Data Controller Information

Optise ehf.

Borgartún 29

105 Reykjavík

Iceland

Email: legal@optise.com

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please refer to our Contact Us section.

3. What Data We Collect

We collect personal data in a variety of ways to provide, maintain, and improve our Services, as well as to support related business and marketing activities. Below are the main categories of data we may collect or receive:

  1. Account & Registration Data

    • Business Contact Details: Name, business email, job title, company name, and related professional information.

    • Login Credentials: Stored in a secure, hashed format or managed via single sign-on (e.g., Google Authentication).

    • Preferences & Role: Information you supply during onboarding, such as user roles, account preferences, or admin permissions within your organization.

  2. Event & Webinar Participation

    • Registration Details: Name, email, company, role, and other information you provide when signing up for Optise-hosted webinars, events, or training sessions.

    • Interaction Data: Questions asked, poll responses, or feedback submitted during events, which may be recorded or stored to improve future sessions.

  3. User-Generated Content

    • Testimonials or Reviews: If you provide a testimonial or review, we may display it on our platform or in marketing materials with your explicit consent.

    • Platform Contributions: Posts, messages, or uploaded content within any forums, community boards, or feedback forms we host.

  4. Technical & Usage Data

    • Device Information: IP address, browser type, operating system, device identifiers (e.g., mobile device IDs).

    • Usage Patterns: Pages viewed, buttons clicked, session duration, navigation paths, and the date/time of your visits or logins.

    • Cookies & Tracking: Data collected via cookies, pixels, and other tracking methods (see [Cookies and Tracking] section for details).

  5. Performance & Analytics Data

    • Website Performance Metrics: Conversion rates, load times, bounce rates, user flow data—collected to deliver AI-driven insights and recommendations.

    • Benchmarking: Aggregated data used to compare performance across industries or user groups; individual users are not directly identified in these reports.

  6. Third-Party Integrations & Sources

    • CRM & Analytics Tools: Data collected from integrations you authorize (e.g., connecting your CRM or analytics account for deeper optimization).

    • Publicly Available Sources: Social media handles, public websites, or directories if relevant to verifying business details or enriching your user profile.

    • Payment Data (if billing is handled by Optise directly): May include billing addresses, subscription details, and partial payment card information, though we often rely on secure third-party processors.

    • Google Analytics (read-only access)
      If you connect your Google account to provide Google Analytics data (via the https://www.googleapis.com/auth/analytics.readonly scope), we retrieve only the metrics needed to allow for data analysis and generate actionable insights (e.g., identifying trends and anomalies). This data is stored securely on our servers, correlated with other sources to inform recommendations, and may be aggregated (and fully anonymized) across customers to improve our Services and user-facing features. We do not sell your data to third parties. We also adhere to Google’s Limited Use requirements by using your Google Analytics information solely for these user-facing features. If you request deletion of your data, we will remove it from our systems as feasible; however, aggregated or anonymized analytics cannot be de-anonymized and therefore will remain in our datasets for lawful analysis.

  7. Communications & Marketing Preferences

    • Support Tickets: The content of emails, chat transcripts, or phone calls with customer support.

    • Newsletter & Marketing Opt-ins: Records of your preferences (e.g., whether you’ve opted in or out of marketing communications).

  8. Aggregated/Anonymized Data

    • We may aggregate or anonymize personal data for internal analytics, product development, and other lawful business purposes. Once data is fully anonymized, it no longer constitutes personal data under applicable law.

Note: The exact data we collect can vary based on how you interact with us—whether you’re solely using our AI platform, attending events, or downloading content. If you have questions about specific data collection practices, please reach out to us directly.

4. Legal Basis for Processing

We process your personal data in line with the requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws. The specific legal bases we rely on may vary depending on how and why we collect your data. Below is a general overview of these legal bases and corresponding examples of how we apply them:

  1. Performance of a Contract

    • Service Delivery: We process your personal data to provide the features you request (e.g., account management, AI-driven analytics).

    • Customer Support: Handling technical inquiries and resolving service-related issues.

  2. Legitimate Interests

    • Product Improvement & Internal Research: Analyzing usage data, feedback, and trends helps us enhance our AI algorithms and deliver better insights.

    • Fraud Prevention & Security: Monitoring IP addresses, login patterns, and other signals to detect potential fraud or abuse.

    • Marketing & Outreach: Sending updates, product announcements, or event invitations to existing customers or prospects, provided these interests are not overridden by your rights and freedoms.

  3. Consent

    • Marketing Communications: Where required, we obtain your explicit opt-in before sending promotional emails or newsletters. You can withdraw this consent at any time.

    • Non-Essential Cookies & Tracking: When local law requires consent for using certain cookies or similar tracking technologies, we will seek your permission.

  4. Legal Obligations

    • Regulatory Compliance: We may be required to retain transactional records or share data with government authorities or law enforcement if mandated by law.

    • Audits & Reporting: Fulfilling obligations such as accounting, taxation, or other regulatory reporting.

Note: If you have any questions about how these legal bases apply to your specific situation, please contact us using the details in the Contact Us section.

5. How We Use Your Information

We use the data we collect to operate, enhance, and promote our Services, as well as to protect our interests and those of our customers. Below are the primary purposes for processing:

  1. Service Provision & Enhancement

    • AI-Driven Insights: Generating personalized website optimization recommendations based on performance metrics and user interactions.

    • Analytics & Benchmarking: Conducting analyses of aggregated data for internal research, product development, and industry benchmarking, without identifying individual users.

  2. Communication & Support

    • Administrative Messages: Notifying you of service-related updates, system alerts, or other operational communications (e.g., password resets, billing confirmations).

    • Customer Support: Responding to inquiries submitted via email, chat, or our support portal, and troubleshooting technical issues.

  3. Marketing & Promotional Activities

    • Newsletters & Offers: Sending periodic updates on new features, events, webinars, and promotional deals if you’ve opted in or if otherwise permitted by local law.

    • Personalized Content: Customizing the marketing content you see on our site or in emails based on your preferences, usage data, or business profile.

  4. Fraud Prevention & Security

    • Monitoring & Alerts: Tracking IP addresses, device information, and login behavior to detect suspicious activity.

    • Risk Management: Employing automated or manual checks to mitigate threats to our network or unauthorized account access.

  5. Compliance & Legal Requirements

    • Regulatory Disclosure: Cooperating with authorities or responding to lawful requests (e.g., subpoenas, court orders).

    • Internal Governance: Maintaining records necessary for audits, accounting, dispute resolution, or risk management.

  6. Event & Webinar Engagement

    • Event Communications: If you register for a webinar or industry event, we use your data to provide relevant information, reminders, and post-event follow-ups.

    • Feedback & Surveys: Gathering insights from polls, Q&A sessions, or surveys during events to improve future offerings.

Note: Where we rely on legitimate interests, we perform a balancing test to ensure that our interests do not infringe on your fundamental rights and freedoms. You always have the option to object (see [Your Rights] section) if you believe our processing impacts your privacy interests disproportionately.

6. Data Sharing and Disclosure

We do not sell personal data to third parties. However, we may share certain data in the following contexts:

  1. Service Providers & Sub-processors

    • Hosting & Infrastructure: Cloud providers, data centers, and DevOps tools that enable our platform to run reliably.

    • Analytics & Marketing Tools: Third-party vendors that help us perform analytics, manage email campaigns, or measure marketing effectiveness (e.g., CRM, email delivery services).

    • Payment Processors (if applicable): Securely handling billing information and subscription charges, subject to strict contractual obligations.

  2. Business Transfers

    • Mergers & Acquisitions: If we undergo a merger, acquisition, reorganization, or partial sale of assets, personal data may be transferred as part of the transaction.

    • Corporate Affiliates: If your data is shared among our corporate family (e.g., parent company, subsidiaries, sister companies), it remains governed by this Privacy Policy or one with similar data protection commitments.

  3. Resellers, Distributors, or Advertising Partners (If Relevant)

    • Channel Partners: In B2B contexts, you may interact with third-party resellers or distributors authorized to provide or promote our Services.

    • Advertising & Social Media: We may share limited user data with advertising or social media platforms to deliver targeted campaigns or measure ad performance, subject to user consent where legally required.

  4. Legal or Regulatory Requirements

    • Compliance with Laws: We may disclose data to law enforcement or government agencies if we believe it’s necessary to comply with a legal obligation, protect our rights, or ensure the safety of our users.

    • Protecting Our Services: In case of suspected wrongdoing or to enforce our Terms of Service, we might share information with external advisers or investigators.

  5. User Consent or Instruction

    • Third-Party Integrations: If you authorize a direct integration with a third-party tool (e.g., CRM, analytics platform), we share the data needed for that integration in accordance with your instructions.

    • Testimonials & Public Forums: With your explicit consent, we may publish testimonials or user reviews on our website or marketing materials. Similarly, if you post data publicly on forums or community pages, it becomes accessible to others.

  6. Aggregated or Anonymized Data

    • We may share aggregated or anonymized data with partners, industry researchers, or the public to showcase insights, usage trends, or performance benchmarks. This data does not identify individual users.

Note: We take steps to ensure that all third parties we work with uphold high standards of privacy and data security. Where required by law (e.g., under GDPR), we sign Data Processing Agreements or incorporate Standard Contractual Clauses to govern cross-border data transfers.

7. International Data Transfers

We operate globally and may need to transfer personal data to servers or partners in countries outside of your home jurisdiction. This includes transfers from the European Economic Area (EEA) to the United States or other locations where our affiliates, data centers, or service providers are based.

  1. Compliance Mechanisms

    • Standard Contractual Clauses (SCCs): For transfers from the EEA to countries lacking an adequacy decision, we rely on SCCs approved by the European Commission to ensure a high level of data protection.

    • Adequacy Decisions: Where the European Commission deems a third country’s data protection laws to be “adequate,” we may transfer data under that decision.

    • EU–U.S. Data Privacy Framework (where applicable): For transfers to the United States, we may rely on relevant frameworks or additional safeguards as updated by regulatory developments.

  2. Technical & Organizational Safeguards

    • Encryption: Data may be encrypted in transit and at rest to safeguard confidentiality.

    • Access Controls: Strict access rights and role-based permissions help ensure that only authorized personnel can view personal data.

  3. Affiliates & Regional Hosting (If Applicable)

    • We may store or process data in various geographic regions to improve service reliability and reduce latency. We always ensure consistent data protection standards across our affiliates and hosting locations.

8. Cookies and Tracking

We use cookies, web beacons, pixels, and other tracking technologies (collectively, “Cookies”) to analyze trends, administer the website, track users’ movements around our platform, and gather demographic information about our user base. This helps us personalize and improve your experience.

  1. Types of Cookies

    • Essential Cookies: Necessary for our website to function properly (e.g., session cookies, security measures). These cannot be switched off without affecting core functionality.

    • Analytics Cookies: Gather information about how you interact with our Services, allowing us to improve features and user flows. (For instance, we may use tools such as Google Analytics or other similar platforms.)

    • Preference & Functional Cookies: Remember your settings (language, login details) to make future visits more personalized.

    • Advertising & Targeting Cookies: Used (where lawful) to deliver relevant advertisements or measure the effectiveness of campaigns on our platform or third-party sites. We only deploy these with your consent where required by local law.

  2. How We Use Cookies

    • Performance Monitoring: Track load times, user navigation paths, and site performance metrics.

    • User Experience: Store user preferences, like language and account settings.

    • Marketing: Tailor ads and promotional messages to your interests, analyze campaign success, and remarket across partner networks.

  3. Managing Cookie Preferences

    • Cookie Banner: On your first visit, you may see a banner prompting you to accept or decline certain cookie categories (except essential cookies).

    • Browser Settings: You can set your browser to block or alert you about cookies. However, disabling certain cookies may reduce platform functionality.

    • Opt-Out Mechanisms: Where required by law, we provide an opt-out link or mechanism (e.g., “Do Not Sell or Share My Personal Information” for California residents). Refer to our [Cookie Notice] (link) for more details.

  4. Third-Party Integrations

    • Widgets & Embeds: Sometimes our site includes social media widgets or embedded content (e.g., YouTube videos), which may set their own cookies under separate privacy policies.

    • Analytics & Ad Partners: Partner platforms might deploy tags or pixels to help us measure campaign performance or user engagement.

9. Data Retention

We keep personal data for only as long as is necessary to fulfill the purposes described in this Privacy Policy (or as required by law). Retention periods may vary based on your account activity, legal obligations, and our operational needs.

  1. Account & Profile Data

    • Retained for the duration of your account. If you close your account or request deletion, we will remove or anonymize this data within a reasonable timeframe, unless we are legally required to keep it longer (e.g., for tax or audit purposes).

  2. Analytics & Performance Data

    • Stored in aggregated or anonymized form whenever possible. Personally identifiable analytics data is typically retained for a shorter period (e.g., up to 3 years), after which it may be anonymized for long-term insights or product development.

  3. Marketing & Communication

    • We maintain records of your marketing preferences (opt-ins/opt-outs) to ensure we respect your choices. If you unsubscribe, we keep a minimal record to avoid sending you further communications.

  4. Backup & Archival Copies

    • Some data may remain in backups or archives for a period longer than active databases. We employ secure storage and restricted access for these copies and delete or anonymize them in line with our retention schedules.

  5. Secure Disposal

    • When data is no longer needed, we securely delete or anonymize it. Methods may include encryption, systematic deletion, or physical destruction of media, depending on the storage location.

10. Your Rights

Depending on your location and the applicable law (e.g., GDPR, CCPA, or other privacy regulations), you may have certain rights regarding your personal data. These rights can include:

  1. Right of Access

    • Obtain confirmation on whether we process your personal data and, if so, request a copy of that data.

  2. Right to Rectification

    • Correct inaccuracies or incomplete personal data, ensuring the information we hold is accurate.

  3. Right to Erasure (“Right to be Forgotten”)

    • Request deletion of your personal data under certain circumstances (e.g., where the data is no longer needed, or you withdraw consent).

  4. Right to Restrict Processing

    • In specific situations (e.g., you contest the accuracy of your data), ask us to limit how we process your personal information.

  5. Right to Object

    • Object to processing based on legitimate interests or direct marketing. If you opt out of direct marketing, we will cease such communications.

  6. Right to Data Portability

    • Receive your personal data in a structured, commonly used, machine-readable format and/or request its transfer to another service provider.

  7. Right to Withdraw Consent

    • Where we rely on consent (e.g., for marketing or non-essential cookies), you can revoke it at any time without affecting prior processing.

  8. Right to Lodge a Complaint

    • If you believe we have infringed your data protection rights, you can file a complaint with a relevant supervisory authority (e.g., an EU Data Protection Authority).

Additional Rights for U.S. Residents (e.g., California)

  • Right to Know: Request disclosure of categories of data collected, used, or shared.

  • Right to Delete: Ask us to remove certain information we hold about you.

  • Right to Opt-Out of “Sale” or “Share”: If we share personal information for cross-context behavioral advertising or under a broad “sale” definition in applicable law, you may have the right to opt out.

  • Right to Correct: Request correction of inaccurate information.

Exercising Your Rights

  • How to Submit a Request: Contact us with your specific request. We may need to verify your identity before proceeding.

  • Response Time: We aim to respond within the timelines required by law (e.g., one month under GDPR, 45 days under CCPA).

  • Fees: Generally, we do not charge a fee to exercise these rights unless a request is manifestly unfounded or excessive.

11. Security Measures

We take the security of your personal data seriously and implement appropriate technical, administrative, and organizational safeguards to protect against unauthorized access, loss, misuse, or alteration. While no system can be completely secure, our measures include:

  1. Encryption & Access Controls

    • Data in Transit: We use Transport Layer Security (TLS/SSL) to protect data transmitted between our systems and yours.

    • Data at Rest: Where feasible, we encrypt stored personal data or use strong hashing algorithms for sensitive fields (e.g., passwords).

    • Access Management: Role-based access controls, multi-factor authentication (MFA), and strict internal policies ensure only authorized personnel can view or process personal data.

  2. Network & Infrastructure Security

    • Firewalls & Intrusion Detection: Our production environments are protected by firewalls and monitored for suspicious activity.

    • Vulnerability Scanning & Patching: We regularly test our infrastructure for potential weaknesses and apply security patches promptly.

  3. Incident Response & Breach Notification

    • Preparedness: We have an internal incident response plan for suspected data breaches.

    • Notification: In the event of a confirmed data breach involving your personal data, we will notify affected individuals and relevant authorities as required by law.

  4. Employee Training & Policies

    • Awareness Programs: Team members undergo periodic privacy and security training.

    • Confidentiality: All employees and contractors sign agreements requiring them to safeguard personal data and adhere to company policies.

Important Note: Although we strive to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to keep your login credentials confidential and follow basic cybersecurity best practices.

12. Children’s Privacy

Our Services are not intended for individuals under the age of 16 (in the EU) or 13 (in the United States), or any higher age threshold as required by local laws. We do not knowingly collect or process personal data from children. If you believe a child under these age thresholds has provided us with personal information, please contact us immediately so we can take steps to remove such data.

  • Business-to-Business Focus: Because we primarily serve business and enterprise clients, we anticipate minimal interaction with minors on our platform.

  • Compliance Measures: If we discover any inadvertent collection, we will promptly delete the data in accordance with applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy as our Services evolve, legal requirements change, or our data practices develop. When we make significant revisions:

  1. Notice to Users

    • We will provide prominent notice (e.g., a banner on our website or an email notification) if we make material updates that affect how we process your data.

  2. Effective Date

    • A revised “Last Updated” date at the top of this policy indicates when changes take effect. Continuing to use our Services after that date constitutes acceptance of the updated policy.

  3. Encouragement to Review

    • We recommend you periodically review this Privacy Policy to stay informed about how we protect and handle your personal data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise your rights under applicable data protection laws, please get in touch using the details below:

Optise ehf

Borgartún 29

105 Reykjavík

Iceland

Email: legal@optise.com / support@optise.com

Website: www.optise.com

If you are located in the European Union and require the contact details of our EU Representative or Data Protection Officer (if applicable), please consult our website or reach out via the email address above for more information.

Legal Disclaimer: This Privacy Policy is for informational purposes only and does not constitute legal advice. For tailored guidance on data protection obligations, you should consult qualified legal professionals