Privacy Policy

PRIVACY POLICY

PlaybookOps, LLC
Last Updated: Jan 1, 2026

1. Introduction

PlaybookOps, LLC (“PlaybookOps,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data in accordance with applicable global data protection laws, including the EU General Data Protection Regulation (“GDPR”), UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable regulations.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

Visit our website

Use the PlaybookOps SaaS platform

Interact with our AI features

Engage with our integrations, community tools, or support channels

Use the PlaybookOps mobile application

PlaybookOps is a business-to-business (B2B) platform intended for users 18 years of age or older.

2. Company Information

PlaybookOps, LLC
Idaho Limited Liability Company
591 Park Avenue, Suite 100
Idaho Falls, ID 83402
Email: [email protected]

3. Roles Under Data Protection Law

A. Customer Content – Data Processor

When customers upload content (including voice recordings, SOPs, internal employee information, workflows, and related materials), PlaybookOps acts as a data processor on behalf of the customer (the “data controller”).

Customers retain ownership of their content and are responsible for ensuring that any personal data they submit is lawfully collected and processed.

B. Platform Data – Data Controller

PlaybookOps acts as a data controller for:

Account registration information

Billing data

Usage analytics

Aggregated and anonymized system improvement data

4. Information We Collect

A. Account & Identity Data

Name

Email address

Phone number (if provided)

Company name

Job title

Office Location (if provided)

Manager / reporting hierarchy (if provided)

Hire Date (if provided)

Profile photo or avatar URL (if provided, including OAuth providers such as Google)

Login credentials

B. Customer Content Data

Uploaded by customers, including:

Voice recordings

Transcriptions

Standard Operating Procedures (SOPs)

Internal operational documentation

Employee role descriptions

Workflow data

Images, PDFs, Word Documents, spreadsheets, and presentations

Flowcharts (including AI-generated)

AI chat conversations and responses

Document embeddings (vector representations of content used for AI-powered search and retrieval)

When customers connect their Google Drive account via our integration, PlaybookOps stores an encrypted OAuth token to facilitate file imports. This token is used solely for accessing files the customer selects and can be revoked at any time by disconnecting the integration.

C. Usage & Analytics Data

Log files

IP address

Browser/device information

Session data

Feature usage metrics

D. Payment Information

Payment processing is handled by Stripe. PlaybookOps does not store full credit card numbers. Stripe processes payment data in accordance with its own privacy and security standards. Account admins navigate to Stripe’s platform for all payment handling and return to the app via webhooks and integrations.

5. Sensitive Personal Data

PlaybookOps is not designed to process sensitive personal data such as:

Health information

Government identification numbers

Biometric data

Financial account numbers

Social Security numbers

Payroll or HR records

PlaybookOps is not designed or intended to process regulated personal data, including Protected Health Information (PHI) as defined under HIPAA, financial account data governed by GLBA, or any other category of data subject to sector-specific regulatory requirements.

Customers are strictly prohibited from uploading regulated or sensitive data to the platform. Any customer operating in a regulated industry — including but not limited to healthcare, financial services, or human resources — must contact PlaybookOps at [email protected] prior to use to determine whether a Business Associate Agreement (BAA), Data Processing Agreement (DPA), or other compliance addendum is required.

Customers assume full responsibility for any regulated or sensitive personal data submitted to the platform in violation of this policy.

6. How We Use Information

We use information to:

Provide and operate the platform

Generate AI-driven SOP outputs

Improve system functionality

Provide customer support

Process payments

Ensure platform security

Comply with legal obligations

Send marketing and promotional communications, including product updates, newsletters, and platform announcements (with prior consent where required by law, and subject to opt-out at any time)

7. AI Technologies & Data Practices

PlaybookOps uses third-party AI services including OpenAI, Anthropic, and Google to power platform features such as document generation, chat assistance, embeddings, transcription, and media creation. PlaybookOps does not self-host, fine-tune, or train AI models. All AI processing is performed via API calls to these third-party providers.

A. Data Separation

PlaybookOps operates a multi-tenant architecture where all customers share common infrastructure. Customer data is logically separated using organization-scoped access controls, and access is restricted to authenticated users within the same organization. This is not a physically isolated environment — it is a shared system with application-level and database-level access restrictions designed to prevent cross-organization data exposure.

B. AI Data Usage

When you use AI-powered features, relevant content (such as document text, chat messages, or audio files) is transmitted to third-party AI providers for processing. This data is sent for real-time inference only. PlaybookOps does not use customer content to train, fine-tune, or improve AI models. Data handling by third-party providers is subject to their respective privacy policies and data processing agreements.

Additionally, document content may be converted into vector embeddings (numerical representations) using OpenAI's embedding models and stored within the platform to enable AI-powered search and retrieval (RAG). AI chat history — including messages, responses, model and provider used, and token usage — is persisted for session continuity.

C. Platform Improvement

PlaybookOps may collect aggregated, non-identifiable usage metadata (such as feature usage frequency and error rates) to improve platform performance and reliability. Customer-authored content is not used for this purpose.

8. Legal Bases for Processing (GDPR)

For users in the EEA/UK, we rely on:

Contractual necessity

Legitimate interests — preventing fraud, abuse, and unauthorized access to the platform

Legitimate interests — maintaining and improving platform security, reliability, and performance

Legitimate interests — analyzing aggregated, non-identifiable usage data to improve service quality

Legal compliance

Consent (where required)

9. Data Retention

Upon account or organization termination, customer data and associated storage files are deleted. Deletion is initiated by an organization administrator and processed promptly. Any residual data is removed within 30 days, unless legal retention obligations apply.Infrastructure-level backups managed by our hosting and database providers (Supabase, Fly.io) may be retained for up to 90 days in accordance with their respective data retention policies.Legal retention may extend data storage where required by law.

10. Security Measures

PlaybookOps implements industry-standard safeguards including:

Encryption at rest

Encryption in transit (TLS/HTTPS)

Role-based access controls

Invite-only access with role-based administrative controls; multi-factor authentication (MFA) is on the near-term security roadmap

Access logging and monitoring

Vulnerability monitoring

Documented incident response procedures

SOC 2 compliance roadmap

No system is completely secure; however, we implement reasonable technical and organizational measures to protect data.

11. Subprocessors

We use trusted third-party providers, including:

Vercel (Hosting – Front End)

Fly.io (Hosting – Back End)

Supabase (Database, Authentication, and File Storage)

OpenAI (AI Processing – chat, embeddings, transcription, and text-to-speech)

Anthropic (AI Processing – chat and content generation)

Stripe (Payments)

Google AI Studio (AI Processing – image generation)

Google (OAuth Authentication and Google Drive Integration)

Sentry (Error Monitoring)

SMTP Email Provider (Transactional Emails – Invitations, magic links, notifications)

All subprocessors are bound by appropriate contractual safeguards.

12. International Data Transfers

Data is hosted in the United States.
Where required under GDPR, we implement appropriate safeguards for cross-border transfers, including the 2021 EU Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Addendum (IDTA).

13. Data Subject Rights

Depending on jurisdiction, you may have the right to:

Access personal data

Correct inaccuracies

Request deletion

Restrict processing

Object to processing

Data portability

Withdraw consent

California Privacy Rights (CCPA/CPRA)

California residents have the right to:

Know what personal information is collected and how it is used

Request access to or deletion of their personal information

Correct inaccurate personal information

Opt out of the sale or sharing of personal information

Non-discrimination for exercising their privacy rights

PlaybookOps does not sell or share personal information as defined under CCPA/CPRA.

To exercise these rights — including requests for data access, portability, or deletion — contact: [email protected]. Requests will be processed within one month, extendable by up to two months for complex requests, in accordance with applicable law. Note that certain rights, such as data portability and export, are currently fulfilled through manual support processes.

14. Children’s Privacy

PlaybookOps is intended for users 18 years or older. We do not knowingly collect data from minors.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

16. Contact

For privacy-related inquiries:

[email protected]
PlaybookOps, LLC
591 Park Avenue, Suite 100
Idaho Falls, ID 83402