Legal

Privacy Policy.

Effective July 2, 2026. This describes what we collect, why, and your choices.

1.Who this policy applies to

This Privacy Policy explains how Opivex ("Opivex", "we", "us") handles personal information when you visit our website, sign up for an account, publish an editor profile, hire an editor, or communicate with us. If you are a Creator or Editor in the European Economic Area, United Kingdom, or California, additional rights apply — see Sections 8 and 9.

2.Information we collect

We only collect what we need to run the marketplace:

  • Account data — email, username, password hash (we never store your plaintext password), role (Creator/Editor), country/region you optionally pick, newsletter opt-in.
  • Profile content — display name, handle, avatar, bio, portfolio URLs and files, prices, niches, styles, stats. This information is public by design.
  • Marketplace activity — hires you post or accept, messages inside workspaces, files uploaded to a workspace, approvals and deliveries, tips.
  • Payment data — billing name, country, and last-four card digits as returned by our processor (Stripe). We never see or store your full card number or CVC; that data flows directly from your browser to Stripe.
  • Technical & usage data — visitor ID cookie, referring URL, path visited, timestamp, and coarse device/browser info from your requests. Used for aggregate analytics and abuse prevention.
  • Support & feedback — the contents of any bug report, feature request, or email you send us.

We do not knowingly collect information from anyone under 18. If you believe a minor has signed up, contact us and we will remove the account.

3.Why we use it (legal bases)

  • To provide the service — create accounts, publish profiles, connect Creators to Editors, run checkout, deliver messages and files (performance of a contract).
  • To keep it safe — filter slurs, block abusive users, detect fraud and multi-account abuse, respond to disputes (legitimate interest).
  • To improve the product — aggregate pageview and conversion analytics, feature usage counts (legitimate interest).
  • To communicate — transactional emails (receipts, delivery notifications, password resets), and — only if you opt in — newsletters and product updates (consent).
  • To comply with law — tax records, sanctions screening, responding to lawful requests (legal obligation).

4.Who we share it with

We do not sell your personal information. We share it only with service providers who help us run Opivex, and only what they need:

  • Stripe, Inc. — payment processing, tax, and payouts to Editors. See Stripe’s privacy policy at stripe.com/privacy.
  • Resend — transactional and newsletter email delivery.
  • MongoDB Atlas — encrypted database hosting.
  • Cloud infrastructure providers — hosting, CDN, and backup storage.
  • Other users — the content you post to your public profile, portfolio, or a workspace is visible to the counterparty of that workspace (and, for profiles, to anyone browsing).
  • Legal & safety — law enforcement or other parties when required by valid legal process, or to protect Opivex, our users, or the public.
  • Successors — in the event of a merger, acquisition, or asset sale, your information may be transferred, subject to this policy.

5.Cookies & similar tech

We use a short list of cookies:

  • opivex_session — HttpOnly, secure session cookie that keeps you signed in.
  • A random anonymous visitor id stored in localStorage, used to de-duplicate pageview counts.
  • Favorites list in localStorage so your ❤ persist without an account.

We do not run third-party advertising cookies. Stripe may set cookies inside its embedded checkout iframe, which is subject to Stripe’s policy.

6.How long we keep it

We keep account and profile data while your account is active. Once you delete your account we remove or anonymize personal data within 30 days, except: (a) transactional records we’re legally required to keep for tax and accounting (typically 7 years), (b) records reasonably needed to resolve open disputes or enforce our Terms, and (c) messages inside a workspace that the counterparty still has access to.

7.How we protect it

Passwords are hashed with scrypt with a per-user salt — never stored in plaintext. Session cookies are HttpOnly, Secure, and SameSite-scoped. Data in transit is encrypted with TLS. Card data never touches our servers. Only a small number of Opivex staff can access production data, and access is logged. No system is 100% secure — if we ever detect a data breach that affects you, we will notify you as soon as reasonably possible and no later than required by law.

8.Your rights (EEA, UK, and similar regions)

If you are in the EEA, UK, Switzerland, or a jurisdiction with equivalent law, you have the right to: access the personal data we hold about you, correct inaccurate data, request deletion, object to or restrict certain processing, withdraw consent (for newsletter or optional cookies), and receive a portable copy of the data you provided. Contact privacy@opivex.com to exercise any of these rights. You also have the right to lodge a complaint with your local data protection authority.

9.Your rights (California)

If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we’ve collected about you in the last 12 months, request deletion, request correction, and opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. Opivex does not sell your personal information and does not share it for cross-context behavioral advertising. You will not be discriminated against for exercising your rights. To submit a request, email privacy@opivex.com from the address on your account.

10.International transfers

Opivex is operated from the United States. If you are outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate. We rely on standard contractual clauses or equivalent safeguards for transfers from the EEA/UK.

11.Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we’ll notify signed-in users by email or in-app notice at least 7 days before it takes effect. Continued use of the service after the change means you accept the updated policy.

12.Contact

Data controller: Opivex. Reach us at privacy@opivex.com for any privacy request or question.

This Privacy Policy is provided as-is and is not a substitute for legal advice. Opivex recommends having a licensed attorney review before your public launch.