This page describes how Opsis processes data on behalf of its customers, and serves as the basis for a Data Processing Agreement (DPA) for customers who need one. It should be read together with the Privacy Policy.
1. Roles of the parties
| Party | Role (data protection) | Primary responsibilities |
|---|
| Customer (app owner) | Personal Data Controller | Legal basis for recording analytics and session replays in their app; authority to connect the PostHog project to Opsis |
| Opsis | Personal Data Processor | Processing imported session data solely to provide the QA service; security; retention and deletion |
PostHog is the customer's own data source, connected by the customer via OAuth — it is not an Opsis sub-processor.
2. Data categories processed
- Account data: customer email address (authentication).
- PostHog OAuth tokens: read-only tokens, encrypted at rest.
- Session replay data imported from the customer's PostHog project: events, console and network errors, click behavior, and routes visited.
- Pseudonymized end-user identifiers: distinct IDs are hashed with SHA-256 at import; raw IDs are not stored.
3. Processing operations
- Import: recent session replays are fetched from the customer's PostHog project via OAuth, with distinct IDs pseudonymized and personal data patterns (emails, phone numbers, national ID numbers, card numbers, tokens) redacted before storage.
- Signal detection: deterministic detection of rage and dead clicks, console errors, network failures, and checkout abandonment.
- AI analysis: redacted snippets are analyzed to cluster and explain findings; findings must cite real sessions.
- Playwright reproduction: findings are verified in a real browser, producing video, trace, screenshot, and log evidence.
- Reporting: markdown reports with redacted, copy-paste-ready fix prompts.
4. Sub-processors
| Sub-processor | Function |
|---|
| Supabase | Database and authentication; stores encrypted OAuth tokens |
| Opsis AI | AI analysis of redacted data snippets only |
| Cloud hosting provider | Runs the Opsis application and stores verification artifacts |
5. Security measures
- OAuth tokens encrypted at rest with AES-256-GCM; never sent to the browser, never logged.
- Minimal read-only OAuth scopes; unused pending grants expire after 30 minutes and are revoked and deleted.
- Supabase Postgres with deny-all row-level security on secret tables.
- Verification artifacts served only through an authenticated, organization-checked gateway — no public URLs.
- Pseudonymization (SHA-256) of end-user distinct IDs and redaction of personal data before storage, before AI analysis, and in reports.
6. Retention
| Data | Retention |
|---|
| Imported sessions and findings | Kept while the workspace is active |
| Verification artifacts (video, trace, screenshots, logs) | 30 days by default during early access; per-plan once paid plans launch (7 days on Free up to 365 on Enterprise) |
| PostHog OAuth tokens | Until disconnect — tokens are then revoked upstream (best-effort) and deleted from our systems |
| Unused pending OAuth grants | 30 minutes, then revoked and deleted |
7. Deletion on request
Customers can request deletion of their workspace data at any time by emailing admin@heyopsis.com. We process deletion requests promptly and confirm once complete.