Legal
Privacy Policy
This policy explains how Agreely, a service of Ophelios Studio, handles personal information when you use the Agreely service and this website.
1. Who we are
Agreely is a consent-accountability service operated by Ophelios Studio ("Agreely", "we", "us"). Agreely helps organizations issue, verify, revoke and prove consent, with an honest cryptographic record. This policy covers the personal information Agreely processes about its own account holders, prospects and website visitors. It does not, on its own, govern the personal information that a customer organization processes about its own data subjects using Agreely (see "Our role as an accountability layer" below).
Person in charge of the protection of personal information
The person responsible for the protection of personal information (the privacy officer required by Quebec Law 25) is David Tucker, Ophelios Studio. You can reach the privacy officer at [email protected].
2. What we collect
We aim to collect only what we need to provide and operate the service:
- Account and company data you provide when you sign up: your name, work email, organization name, role, and the configuration you set up in the app.
- Authentication data: credentials and session information needed to sign you in and keep your account secure.
- Billing data: your plan, billing contact, and subscription status. Card payments are handled by Stripe; we do not store full card numbers on our servers.
- Usage and technical data: log data, IP address, device and browser information, and feature usage, used to operate, secure and improve the service.
- Communications: messages you send us (support, sales, email) and our replies.
3. Why we use it (purposes)
- To provide, maintain and secure the Agreely service and your account.
- To process billing and manage your subscription.
- To provide support and respond to your requests.
- To detect, prevent and address abuse, fraud and security incidents.
- To improve the service and understand how it is used, in aggregate.
- To meet our legal and regulatory obligations.
We do not sell your personal information.
4. Our role as an accountability layer
For the consent records that customer organizations manage through Agreely, the customer is the organization that decides why and how those records are handled; Agreely acts as a processor and accountability layer on the customer's behalf. The product is built around data minimization:
- A data subject's identifiers held for a customer are kept pseudonymous and are designed to be unlinkable across customers; Agreely does not build a cross-customer profile of individuals.
- What is anchored on the public Base blockchain is limited to cryptographic hashes and opaque commitments. No personal information, and no readable consent claim, is written on-chain.
- We design for honesty, not for overstatement. Where a boundary exists (for example what survives an erasure, see section 6), we describe it plainly rather than claiming more than the system delivers.
If you are an individual whose consent a company manages with Agreely, the company is your first point of contact for your rights; we will support that company in responding to you.
5. How long we keep it (retention)
We keep account, billing and usage data for as long as your account is active and for a limited period afterward, to meet legal, accounting and security obligations, then we delete or anonymize it. Backups and write-ahead logs are retained for a documented window and then age out. We will publish specific retention periods as they are finalized; the goal is to keep personal information no longer than necessary for the purposes above.
6. Security and the honest erasure boundary
We use technical and organizational safeguards appropriate to the sensitivity of the information, including per-tenant encryption of sensitive records, encryption in transit, access controls, and isolation between customers.
For consent records, Agreely implements the right to erasure as a per-cell cryptographic shredding: erasing a record destroys every readable copy of its claim so that, the moment the erase is committed, the live database is anonymized (no readable category or purpose claim survives). To be honest about what this does and does not guarantee:
- The live database is anonymized immediately; full physical destruction completes within a documented retention window.
- What can remain after a shred is an unreadable on-chain commitment orphan (kept so other records still verify), a linkage to an opaque random reference carrying no readable claim, and encrypted ciphertext residual in write-ahead logs and backups until retention expiry.
We do not claim that data is "irreversibly destroyed everywhere at all times." No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.
7. Service providers (sub-processors)
We share personal information with a small set of service providers who process it on our behalf, under contract and only as needed:
- Stripe for payment processing and subscription billing.
- Our hosting provider (Fly.io) for running the application and storing data.
- The Base blockchain for anchoring cryptographic hashes only. No personal information is placed on-chain.
We will keep this list current as our providers change.
8. Canadian data residency and cross-border processing
We aim to host and process personal information in Canada. Some service providers (for example payment processing) may process limited data outside Quebec or outside Canada. Before transferring personal information outside Quebec, we assess whether it would receive adequate protection, as required by Quebec Law 25, and we rely on contractual and technical safeguards. We will identify the relevant locations as our infrastructure is finalized.
9. Your rights
Subject to applicable law, you may exercise the following rights regarding your personal information:
- Access the personal information we hold about you.
- Rectification of information that is inaccurate, incomplete or out of date.
- Withdrawal of consent, where processing is based on consent.
- Portability: receive certain information in a structured, commonly used technological format.
- Erasure / de-indexing where the law allows.
To exercise any of these rights, contact the privacy officer at [email protected]. We will respond within the timeframe required by law. If you are not satisfied, you may file a complaint with the Commission d'accès à l'information du Québec (CAI).
10. Cookies and sessions
This website and the app use a small number of cookies and similar technologies that are necessary to sign you in, keep your session secure, and remember basic preferences (such as language and theme). We do not use advertising cookies. Where any non-essential analytics are used, we will say so and seek consent as required.
11. Changes to this policy
We may update this policy as the service evolves or as the law requires. We will post the updated version here with a new "last updated" date, and we will provide notice of material changes where appropriate.
12. Contact
Questions about this policy or your personal information? Contact our privacy officer:
David Tucker, person in charge of the protection of personal information
Ophelios Studio
[email protected]