• Home
  • Platform Privacy Policy.

Platform Privacy Policy

  • Home
  • Platform Privacy Policy.
Last Updated 18th March, 2026

1. Introduction

This Privacy Policy explains how OptCulture i.e. OptCulture Private Limited (“Company”, “we”, “our”, or “us”) processes personal data in connection with the provision of our software platform, services, and related technologies (collectively, the “Services”). Our Services enable businesses to manage customer engagement, loyalty programs, marketing campaigns, analytics, and related digital interactions, i.e. suite of customer loyalty, data management and engagement management software as a service. This Privacy Policy describes:
  • The types of personal data that may be processed through our Services
  • How such data is used and protected
  • Our role in the processing of personal data
  • The safeguards implemented to ensure compliance with applicable data protection laws
Scope of this Privacy Policy This Privacy Policy applies to individuals whose personal data is processed through our Services, including customers and users of our clients, website visitors, business contacts, and other individuals interacting with our platform. This Privacy Policy also describes how personal data may be processed when clients use our platform and services to manage customer engagement, loyalty programs, marketing campaigns, analytics, and related interactions on their behalf.

2. Our Role in Data Processing

Depending on the context, OptCulture may act as either: Data Processor / Service Provider / Sub Processor In most cases, we act as a Data Processor (or Service Provider) processing personal data on behalf of our clients. Our clients determine:
  • The purposes of processing
  • The types of data collected
  • The retention period
  • The lawful basis for processing
In such cases:
  • Our client is the Data Controller
  • We process personal data only in accordance with their instructions and to the extent required to provide the services as per contractually agreed terms
Independent Controller In limited circumstances, we may act as a Data Controller, such as when processing personal data related to:
  • Our website visitors
  • Business contacts
  • Prospective customers
  • Vendor relationships

3. Categories of Personal Data Processed

Depending on how our clients configure the Services, the following categories of personal data may be processed including but not limited to the following: Identity and Contact Information
  • Name
  • Email address
  • Phone number
  • Customer ID or loyalty ID
  • Other personal information collected using zero party, first party or second party data collection methods
  • Collected by any other methods
Transactional Information
  • Purchase history
  • Payment-related data (limited to transactional metadata)
  • Order details
  • Loyalty points and rewards
Customer Engagement Data
  • Campaign interactions
  • Email open rates
  • Engagement via channels like Email, SMS, RCS, WhatsApp and Push Notifications
  • Marketing preferences
Behavioral and Usage Data
  • Website or application interactions
  • Customer journey analytics
  • Purchase patterns
  • Preferences and segmentation attributes
Technical and Device Data
  • IP address
  • Device identifiers
  • Browser type
  • Operating system
  • Location derived from IP
  • Cookies and similar technologies
Support and Communication Data
  • Customer support communications
  • Feedback submissions
  • Service inquiries
The specific categories processed depend on the configuration selected by our clients.

4. How Personal Data Is Collected

Personal data processed through the Services may be collected through the following source, including but not limited to: Directly from Clients Clients may upload or transmit personal data to the platform through:
  • CRM integrations
  • POS systems
  • Data imports
  • Customer registration systems
  • Forms
Through Client Digital Properties Data may be collected when individuals interact with:
  • Client websites
  • Mobile applications
  • Loyalty programs
  • Promotional campaigns
Automated Technologies Certain technical data may be collected automatically through:
  • Cookies
  • APIs
  • Tracking pixels
  • Device identifiers

5. Purpose of Processing

We process personal data solely to provide the Services and in accordance with our clients’ instructions. Processing activities may include: Customer Relationship Management
  • Managing loyalty programs
  • Maintaining customer profiles
  • Facilitating personalized engagement
Campaign Management
  • Creating and executing marketing campaigns
  • Scheduling and automating communications
  • Personalizing marketing content
Customer Segmentation
  • Grouping users based on demographics
  • Behavioral segmentation
  • Predictive audience targeting
Analytics and Reporting
  • Campaign performance measurement
  • Customer insights
  • Marketing analytics
Platform Operations
  • Maintaining service functionality
  • Monitoring system performance
  • Ensuring service reliability
Security and Fraud Prevention
  • Detecting unauthorized access
  • Preventing misuse of the platform
  • Protecting systems and data

6. Legal Basis for Processing

Where we act as a Data Processor, the legal basis for processing is determined by the Data Controller (our client). Common legal basis under applicable laws may include:
  • Consent
  • Contractual necessity
  • Legitimate interests
  • Compliance with legal obligations
Where we act as an independent controller, processing may rely on:
  • Legitimate business interests
  • Contract performance
  • Legal compliance
  • Consent where required

7. Disclosure of Personal Data

We may share personal data with entities disclosed to the data controller in order to provide the Services. These may include: Sub-processors and Service Providers We engage carefully selected third-party service providers to support our operations, including:
  • Cloud infrastructure providers
  • Messaging providers (email/SMS)
  • Security monitoring services
  • Analytics platforms
All sub-processors are required to:
  • Enter into data processing agreements
  • Maintain appropriate security safeguards
  • Process data only on our instructions
Legal Authorities We may disclose personal data when required to:
  • Comply with legal obligations and authorities
  • Respond to lawful government requests
  • Protect the rights and safety of individuals
Where legally permissible, we will make reasonable efforts to notify the relevant client prior to such disclosure.

8. International Data Transfers

Our Services may involve the transfer of personal data across international borders. Where personal data is transferred outside the originating jurisdiction, we ensure that appropriate safeguards are implemented, including:
  • Standard Contractual Clauses (SCCs), where mandated
  • Contractual data protection obligations
  • Regulatory-approved transfer mechanisms
These safeguards ensure that personal data remains protected in accordance with applicable privacy laws.

9. Security Measures

We implement robust technical and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. Infrastructure Security
  • Secure cloud hosting environments
  • Network segmentation
  • Firewalls and intrusion detection systems
Encryption
  • Encryption of data in transit using industry-standard protocols
  • Encryption of sensitive data where appropriate
  • Encryption of data at rest
Access Controls
  • Role-based access permissions
  • Multi-factor authentication
  • Strict identity management
Monitoring and Auditing
  • Continuous system monitoring
  • Audit logging
  • Security incident response procedures
Vendor Risk Management
  • Sub-processor due diligence
  • Security assessments
  • Contractual compliance requirements

10. Personal Data Breach

In the event of a personal data breach affecting personal data processed through the Services, OptCulture will take appropriate steps to investigate, contain, and mitigate the incident. Where required under applicable data protection laws, relevant authorities and affected individuals, companies and clients will be notified in accordance with legal requirements.

11. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods may depend on:
  • Client instructions
  • Contractual obligations
  • Legal requirements
Upon termination of services, personal data may be:
  • Returned to the client
  • Deleted securely
  • Anonymized where appropriate

12. Data Subject Rights

Depending on applicable law, individuals may have the right to:
  • Access their personal data
  • Request correction of inaccurate information
  • Request deletion of personal data
  • Restrict or object to processing
  • Withdraw consent
Because our clients act as Data Controllers for personal data processed through the Services, they are responsible for responding to requests from individuals exercising their data protection rights. Individuals whose personal data is processed through our platform should direct such requests, including requests to access, correct, delete, or restrict processing of their personal data, to the relevant client organization acting as the Data Controller. Where OptCulture acts as a Data Processor, we process personal data solely on the instructions of the relevant client and will assist our clients in fulfilling data subject requests in accordance with applicable laws and contractual obligations.

13. Children’s Data

Our Services are not directed to children. We do not knowingly process personal data relating to children unless:
  • Such processing is authorized by the client
  • Required parental or guardian consent has been obtained where required by applicable law
Clients are responsible for ensuring compliance with laws relating to children’s data.

14. Cookies and Tracking Technologies

Our platform and related services may use cookies and similar technologies to improve functionality, analyze usage patterns, and enhance user experience. Users may manage cookie preferences through their browser settings.

15. Sale of Personal Data

We do not sell personal data to third parties. Personal data processed through our Services is used exclusively for the purpose of providing services to our clients and is not monetized through data brokerage or independent advertising activities. Notwithstanding anything to the contrary, Company shall have the right to collect and analyze anonymized or aggregate data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Client Data and data derived therefrom), and Company will be able to (during and after the term hereof):
  • Use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings
  • Disclose such data solely in aggregate or other de-identified form in connection with its business

16. Privacy Contact

For privacy-related inquiries or concerns, please contact:
Data Privacy Team OptCulture Email: privacy@optculture.com
Where applicable, individuals may also contact the relevant client organization (Data Controller) responsible for their personal data.

17. Policy Updates

We reserve the right to update this Privacy Policy periodically to reflect:
  • Changes in legal requirements
  • Updates to our services
  • Improvements to our privacy practices
Any updates will be published on this page with the last updated date.

Frequently Asked Questions

No, we will not send you unwanted advertising text messages. We may initiate a program whereby we send advertising text messages to cell phones. However, this will be an opt-in based service. You will decide if, and when you want to receive advertising on your cell phone.

One of the services, provided by OptCulture, allows visitors and members to send text messages to friends, family, colleagues, using the OptCulture Interface. The OptCulture Interface conditions of use forbid spamming to cell phone users and several software filters are in place to block spammers. However, we cannot guarantee that no spamming will ever occur. You have the possibility to block your phone from receiving any message from OptCulture or OptCulture members by clicking on the ”anti-spam’ link on the home page.

If at any time you would like to change any information in your account, Login from the home page. Here you can change or update your information. You must click preferences to maintain new changes.

Although your privacy is very important to us, due to the existing legal and technical environment, we cannot ensure that your personally identifiable information will not be disclosed to third parties in ways not described in this policy. Additionally, we can (and you authorize us to) disclose any information about you to private entities, law enforcement or other government officials as we, in our sole discretion, believe necessary or appropriate to address or resolve inquiries or problems. This will not be done for commercial purposes or gain from OptCulture as such.

Do you have more questions?
Find quick answers to your questions in our FAQs.
Read More FAQs

#1 Omni-Channel Marketing Platform: Best for Brands of All Sizes - OptCulture

USA: +1 (325) 880-1871
UAE: +971 52 447 2860
IND: +91 7075874182
Features Integrations Solutions Resources Pricing
© 2026 OptCulture | Terms of Service | Privacy Policy | Platform Privacy Policy