Privacy Policy
Last updated: March 31, 2026
OPTICOMM AI S.R.L. ("OptiComm", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit opticomm.ai, use our software-as-a-service products, the OptiComm.AI need-prediction platform, the Sales Intelligence dashboard, and the AI voice agents at agents.opticomm.ai, our APIs, or otherwise interact with us (together, the "Services").
We process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), Romanian Law no. 190/2018 implementing the GDPR, and other applicable data protection laws.
1. Who we are (Controller)
For the purposes of the GDPR, the controller of your personal data is:
OPTICOMM AI S.R.L. Registered office: Drumul Taberei nr. 59, Sector 6, Bucharest, Romania Trade Register no. J2018008555402 (EUID ROONRC.J2018008555402) · Sole registration code (CUI): 39498041 Email: privacy@opticomm.ai
Data Protection Officer (DPO): Camelia Nălucă Contact: dpo@opticomm.ai
Note on roles. When you use our Services to process personal data about your own customers and contacts (for example, order histories ingested from your commerce platform, or the contact details and call recordings of the people our voice agents speak to), you act as the controller and we act as a processor on your behalf. That processing is governed by our Data Processing Agreement. This Privacy Policy describes the processing for which OptiComm is the controller, for example, website visitors, account administrators, prospects, partners, and direct business contacts.
2. The personal data we collect
Depending on how you interact with us, we may process the following categories of personal data:
a) Account and identity data, name, business email, username, job title, organisation, and authentication data.
b) Contact and communication data, the content of messages, support tickets, and correspondence you send us, and records of our communications.
c) Billing and transaction data, billing contact, company details, VAT/CUI, and payment status. Card details are handled by our payment processor; we do not store full card numbers.
d) Usage and technical data, IP address, device and browser type, operating system, log data, pages viewed, referring URLs, timestamps, and interactions with the Services.
e) Cookies and similar technologies, as described in our Cookie Policy.
f) Marketing and preference data, your preferences for receiving communications and your responses to campaigns.
g) Customer Data, where you submit personal data into the Services (including data from connected commerce platforms and contacts used by the voice agents), we process it as a processor under the DPA, not under this Policy.
We do not intentionally collect special categories of personal data (e.g. health, biometric, or data revealing political opinions) through our website, and we ask that you do not submit such data to us unless specifically requested and lawfully justified.
3. How we collect personal data
- Directly from you, when you register, request a demo, contact us, subscribe to communications, or use the Services.
- Automatically, through cookies, server logs, and analytics when you use our website or Services.
- From third parties, such as our resellers, partners, lawful enrichment providers, public registers, or social/professional networks, where permitted.
4. Why we process personal data and our legal bases
| Purpose | Examples | Legal basis (GDPR Art. 6) |
|---|---|---|
| Providing and administering the Services | Account creation, authentication, support | Performance of a contract (Art. 6(1)(b)) |
| Billing and payments | Invoicing, collecting fees, accounting | Contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) |
| Security, fraud prevention, and abuse detection | Logging, monitoring, incident response | Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) |
| Improving and developing the Services and AI models | Diagnostics, analytics, model evaluation on aggregated/de-identified data | Legitimate interests (Art. 6(1)(f)) |
| Communicating with you | Service notices, responding to enquiries | Contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f)) |
| Direct marketing | Newsletters, product updates, events | Consent (Art. 6(1)(a)) or legitimate interests for existing customers (Art. 6(1)(f)), subject to opt-out |
| Legal and regulatory compliance | Tax, accounting, responding to authorities | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | Disputes, audits | Legitimate interests (Art. 6(1)(f)); legal obligation |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may request details of this assessment from privacy@opticomm.ai. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
5. Automated processing, predictions and profiling
Our platform's core purpose is to predict customer needs (what a customer is likely to order, when, and how much) and to generate scores and recommendations for sales teams. When carried out on your customers' data, this profiling is performed on your behalf as processor, under your instructions and legal basis, as set out in the DPA.
For the processing where OptiComm is the controller (e.g. our own prospects and website users), we do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a lawful basis and appropriate safeguards. Where any such processing were to take place, we would inform you, provide meaningful information about the logic involved, and offer the right to obtain human intervention, to express your point of view, and to contest the decision, in accordance with Article 22 GDPR.
6. AI voice agents and call recording
Where our AI voice agents are used (by us or, more commonly, by our customers acting as controllers), calls may be recorded and transcribed to provide, secure, support, and improve the Services. The agents disclose that the caller is an AI system, consistent with the transparency requirements of the EU AI Act. Recording and transcription of personal data are carried out only where there is a valid legal basis and required notices/consents are in place; where our customer operates the agents, the customer is responsible for that basis as controller. See our Responsible AI & Transparency Statement for more detail.
7. Cookies and similar technologies
We use cookies and similar technologies to operate the website, remember preferences, measure performance, and (with your consent) for analytics and marketing. Non-essential cookies are set only after you give consent through our consent banner. See our Cookie Policy for the full list and your controls.
8. Sharing and disclosure of personal data
We do not sell personal data. We may share personal data with:
- Service providers and sub-processors who help us deliver the Services (e.g. cloud hosting and infrastructure, AI/LLM providers, voice/telephony and speech providers, communications, analytics, payment, and support tools), under written contracts that comply with Article 28 GDPR. Our current sub-processors are listed at /subprocessors.
- Professional advisers such as lawyers, auditors, and accountants.
- Authorities and regulators where required by law or to protect our rights.
- Acquirers in the context of a merger, acquisition, or asset sale, subject to confidentiality and this Policy.
9. International transfers
Where personal data is transferred outside the European Economic Area (EEA), for example, to certain AI or infrastructure providers, we ensure an adequate level of protection through one or more of the following safeguards: an adequacy decision of the European Commission; the European Commission's Standard Contractual Clauses (SCCs), where necessary supplemented by additional technical and organisational measures; or another lawful transfer mechanism under Chapter V of the GDPR. Where possible, we use EU-based processing regions. You may request a copy of the relevant safeguards from privacy@opticomm.ai.
10. How long we keep personal data
We retain personal data only for as long as necessary for the purposes set out in this Policy, including to satisfy legal, accounting, or reporting requirements.
- Account data, for the duration of the relationship and a reasonable period thereafter.
- Billing and accounting records, retained for the period required by Romanian fiscal and accounting law (generally up to 10 years).
- Marketing data, until you withdraw consent or object, then suppressed from active use.
- Usage and security logs, typically retained for up to 12 months.
- Call recordings and transcripts (controller processing), retained only as long as necessary for the stated purpose, then deleted or anonymised.
When personal data is no longer needed, we securely delete or anonymise it.
11. Your rights
Subject to the conditions and exceptions in the GDPR, you have the right to: access your personal data and obtain a copy; rectification of inaccurate or incomplete data; erasure ("right to be forgotten"); restriction of processing; data portability; object to processing based on legitimate interests, and to object to direct marketing at any time; withdraw consent at any time where processing is based on consent; and not to be subject to a decision based solely on automated processing producing legal or similarly significant effects, as described in Section 5.
To exercise your rights, contact privacy@opticomm.ai or dpo@opticomm.ai. We will respond within one month, which may be extended by two further months for complex or numerous requests. We may need to verify your identity before acting. If your request relates to data we process on behalf of one of our customers (as processor), we will refer you to that customer.
12. Right to lodge a complaint
If you believe our processing infringes data protection law, you have the right to lodge a complaint with the Romanian supervisory authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania Web: https://www.dataprotection.ro · Email: anspdcp@dataprotection.ro
You may also complain to the supervisory authority in your country of residence or work. We would, however, appreciate the chance to address your concerns first.
13. How we protect personal data
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. Our security programme is supported by independently certified management systems, including:
- ISO/IEC 27001, Information Security Management System;
- ISO/IEC 27018, Protection of personally identifiable information (PII) in public clouds;
- ISO/IEC 42001, AI Management System;
- ISO/IEC 20000-1, IT Service Management;
- ISO 22301, Business Continuity Management;
- ISO 9001, Quality Management.
We also align our security and operational-resilience practices with the EU NIS2 Directive (Directive (EU) 2022/2555) and, where applicable, DORA (Regulation (EU) 2022/2554). Measures include encryption in transit and at rest, access controls, network security, logging and monitoring, secure development practices, staff training, vendor due diligence, and incident response procedures.
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ANSPDCP within 72 hours where required, and affected individuals without undue delay where the breach is likely to result in a high risk.
14. Children
The Services are intended for business users and are not directed at children. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, contact privacy@opticomm.ai and we will take appropriate steps.
15. Third-party links
Our Services may contain links to third-party websites or services (including connected commerce platforms). We are not responsible for their privacy practices. We encourage you to read their privacy notices.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice (for example, by email or in-product notice). Please review it periodically.
17. Contact us
OPTICOMM AI S.R.L., Privacy Drumul Taberei nr. 59, Sector 6, Bucharest, Romania Email: privacy@opticomm.ai · DPO (Camelia Năluca): dpo@opticomm.ai