OpSo · by OpSolid
Privacy Policy
Last updated: 11 June 2026
OpSo is a digital business card and trade-fair networking app with a built-in mini-CRM, operated by OpSolid. This policy explains what data we process, why, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR / DSGVO). It covers the OpSo mobile app and the public card pages at card.opsolid.de.
1. Who is responsible
The data controller for OpSo is:
OpSolid (Hasan Dönmez)
Germany
Contact: info@opsolid.de
We process personal data only as described here, and only for the purposes set out below.
2. What data we process
Account data. OpSo uses passwordless sign-in — there is no password. To create or access your account we process your email address. We send a six-digit one-time code to that address; the code is stored only as a short-lived hash and expires after 15 minutes. Your account may also hold an optional name, phone number, avatar and your language preference.
Your card content. Whatever you choose to put on your digital card: name, role, company, email, phone, bio, profile photo, links, gallery images and video, and visual theme. You control whether each card is public, unlisted, private, or event-only, and whether your email and phone are shown.
Captured contacts and leads. When you save someone you met — or when someone fills in the “leave your details” form on your public card — we store the information provided: name, email, phone, company, role, notes, tags, a qualification and pipeline stage, an optional deal value, and any meeting photos you attach. For card capture and accepted connections we also record a consent marker (timestamp, IP address, and basis) so it is clear the person agreed to share their details.
Media uploads. Images and videos you upload for your card or attach to a contact (profile photos, gallery media, meeting photos).
Trade-fair data. The fairs and events you follow or attach contacts to. OpSo keeps a catalogue of public trade fairs (name, dates, location, organiser) that is not personal data.
Push notification tokens. If you allow notifications, we store the push token issued by Expo for your device so we can notify you about new captures, connection requests, and similar events.
Technical and usage data. When a public card is viewed we record a basic analytics event — the time, the referring page, the browser user-agent, and the IP address — so the card owner can see view counts. For sign-in security we store your active sessions, each with the device type, IP address, and an expiry. We do not use advertising or cross-site tracking cookies.
3. Why we process it, and the legal basis
- To run the service — create your account, publish your card, store your contacts, and deliver push notifications you opted into. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- To send your sign-in code by email — required to log you in without a password. Legal basis: contract (Art. 6(1)(b)).
- Card-view analytics — to give card owners basic view statistics and to keep the service secure and rate-limited. Legal basis: legitimate interests (Art. 6(1)(f)).
- Contacts captured from your public card — processed on the consent the person gives via the capture form. Legal basis: consent (Art. 6(1)(a)), recorded with timestamp and IP.
- Security and abuse prevention — sessions, IP logging, rate limiting. Legal basis: legitimate interests (Art. 6(1)(f)).
- Legal compliance — where we must retain or disclose data by law. Legal basis: legal obligation (Art. 6(1)(c)).
4. Where your data is stored
OpSo runs on a dedicated server in the European Union (Hostinger, EU region). The application database (PostgreSQL) and all uploaded media are stored on that EU server. Encrypted database backups are taken daily and kept for 14 days. Data in transit is protected with TLS.
5. Service providers we use
We keep third parties to a minimum and never sell your data. The processors actually involved in running OpSo are:
- Hostinger — hosting of the server, database, and media in the EU.
- Expo (Expo Push Service) — delivery of push notifications to your device. Only the device push token and the notification content are sent.
- Email / SMTP provider — delivery of your one-time sign-in code by email. We send these from info@opsolid.de through our email provider; only your email address and the code are involved.
We do not use advertising networks, data brokers, or analytics vendors. If we add an optional AI assistant or other feature in the future that sends data to a new provider, we will update this policy and, where required, ask for your consent first.
6. When data is shared with other people
Your card is shared with whoever you give it to — a public card is, by design, visible to anyone with the link. When you accept a connection request from another OpSo user, the profile details on your card (name, role, company, email, phone, avatar) are added as a contact in their workspace, and theirs in yours. You can keep cards unlisted or private if you do not want this.
7. How long we keep data
- We keep your account and content for as long as your account is active.
- When you delete your account, it is deactivated immediately and your data is scheduled for permanent erasure within 30 days.
- Sign-in codes are short-lived and expire after 15 minutes.
- Encrypted backups roll off after 14 days.
- We may keep limited records longer where the law requires it.
8. Your rights (GDPR / DSGVO)
If you are in the EU or EEA you have the following rights over your personal data:
- Access (Art. 15) — find out what we hold about you.
- Rectification (Art. 16) — correct inaccurate data.
- Erasure (Art. 17) — have your data deleted; see section 9.
- Portability (Art. 20) — export your account, cards, and contacts in a machine-readable format. Contacts can also be exported as CSV or vCard from the app.
- Restriction and objection (Art. 18, 21) — limit or object to certain processing.
- Complaint — lodge a complaint with your data protection authority.
To exercise any of these rights, email info@opsolid.de. We respond within 30 days.
9. Deleting your account and data
You can delete your account directly in the OpSo app under Settings → Delete account. This deactivates your account at once, signs out all your devices, and schedules your account, cards, contacts, and uploaded media for permanent deletion within 30 days. You can also request deletion by emailing info@opsolid.de.
10. Children
OpSo is a professional networking tool intended for business use. It is not directed at children, and we do not knowingly collect data from anyone under 16.
11. Changes and contact
If we change this policy, we will update the date at the top of this page. For any privacy question, or to exercise your rights, contact OpSolid at info@opsolid.de.
EU HOSTING · GDPR & DSGVO