Privacy Policy
Effective date: 12 Feb 2026 · Last updated: 12 Feb 2026
This Privacy Policy explains how Opflow ltd. (“Opflow”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website, products, and services (the “Services”).
1. Who we are (GDPR roles)
For the purposes of the UK and EU General Data Protection Regulation ("GDPR"), Opflow ltd. is the data controller for personal data processed in connection with the Services, unless stated otherwise. Where we process personal data on behalf of a customer under a contract, Opflow ltd. may act as a data processor for that customer’s personal data.
- Controller / Processor:
- Opflow ltd.
- Registered address:
- 124 City Road, London, England, EC1V 2NX
- Contact email:
- julian@localingo.ai
2. Scope
This policy applies to personal data we process about:
- visitors to our website;
- users of our Services;
- customers, prospects, and business contacts;
- anyone who communicates with us (e.g., support requests).
3. Personal data we collect
We may collect and process the following categories of personal data:
- Account and contact data: name, email address, company name, role, account identifiers.
- Service usage data: logs and event data about how you use the Services (e.g., feature usage, device/browser info, IP address, timestamps).
- Support and communications data: messages you send to us, and related metadata.
- Billing and contractual data: invoices, payment status, contractual records, and related correspondence.
We do not intentionally collect special category data (e.g., health data) and ask you not to provide it unless specifically required and agreed.
4. How we use personal data
We use personal data to:
- provide, operate, and maintain the Services;
- create and manage accounts;
- provide support and respond to requests;
- monitor performance, security, and prevent fraud or misuse;
- comply with legal obligations;
- manage billing, accounting, and contractual relationships;
- improve the Services and user experience.
5. Legal bases for processing (GDPR)
We process personal data under one or more of the following legal bases:
- Contract: to provide the Services and perform our contract with you.
- Legitimate interests: to secure and improve the Services, prevent abuse, and manage our business effectively (balanced against your rights).
- Legal obligation: to meet applicable laws (e.g., tax, accounting, and compliance requirements).
- Consent: where required (e.g., certain marketing communications), which you can withdraw at any time.
6. Sharing and third parties
We do not sell your personal data.
We do not relay personally identifiable information to third parties except to the extent necessary to host our database infrastructure with MongoDB Atlas, which stores the data required to operate the Services.
MongoDB Atlas
We use MongoDB Atlas as a database hosting provider. MongoDB Atlas processes data only to provide its services to Opflow and under contractual safeguards.
If you would like additional information about the location of data storage, transfer mechanisms, or contractual safeguards we use, contact us using the details in Section 1.
7. International transfers
Where personal data is transferred outside the UK or European Economic Area, we use appropriate safeguards required by GDPR (such as adequacy decisions or standard contractual clauses, as applicable), and we take additional measures where necessary to protect the data.
8. Data security
We use technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include access controls, encryption in transit where appropriate, logging and monitoring, and least-privilege practices.
No method of transmission or storage is completely secure, but we work to maintain a level of security appropriate to the risk.
9. Data retention and deletion
We keep personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
- Standard data: deleted within 2 months of a verified deletion request (or account closure), unless we must retain it for legal or security reasons.
- Financial / contractual data: retained for 6 years to comply with legal, tax, accounting, and contractual obligations, then deleted or anonymised.
We may retain and use anonymised or aggregated data (that does not identify you) for analytics and service improvement.
10. Your GDPR rights
Depending on your location and applicable law, you may have the right to:
- access your personal data;
- correct inaccurate or incomplete data;
- request deletion (erasure);
- restrict or object to processing;
- request data portability;
- withdraw consent (where processing is based on consent);
- lodge a complaint with your supervisory authority.
To exercise your rights, contact us using the details in Section 1. We may need to verify your identity before fulfilling requests.
11. Children
Our Services are not directed to children, and we do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. If changes are material, we will provide additional notice where required.
13. Contact us
If you have questions or requests about this Privacy Policy or how we process personal data, contact:
- Opflow ltd.
- 124 City Road, London, England, EC1V 2NX
- julian@localingo.ai