Privacy Policy

Last updated: 29 September 2025

1. Introduction

This Privacy Policy explains how Verta Technologies LLC (“we,” “us,” or “our”) collects, uses, stores, and shares information when you use the Opus mobile application (the “App”). Because the App is designed to safeguard your device and data, transparency and security are core to our mission.

2. Information We Collect

A. Device & Technical Data

• Device model, OS version, language, time zone, mobile carrier, and unique device identifiers (e.g., Android Advertising ID, IDFV/IDFA).

• Network metadata such as IP address, Wi-Fi SSID (hashed), and connection type (cellular/Wi-Fi/VPN).

• Installed app package information (via QUERY_ALL_PACKAGES) strictly for security scanning, threat detection, and app health checks.

B. Security-Related Data

• Threat detection logs: suspicious URLs, malicious applications, USB activity, or SMS headers flagged by our scanners.

• Scan results: malware signatures detected, file hashes, and risk scores.

• VPN session metadata (e.g., timestamps, connection health), but not user traffic contents.

C. Location Data

• Approximate and precise location (via ACCESS_FINE_LOCATION and ACCESS_BACKGROUND_LOCATION) only when required for location-based security features, travel advisories, or compliance checks.

• Location data is not continuously tracked; it is used only for delivering app functionality and security alerts.

D. Storage & File Data

• Access to device storage (READ/WRITE/MANAGE_EXTERNAL_STORAGE) is used for scanning files for threats and for securely handling user-selected uploads.

• We do not access personal photos, videos, or documents unless you explicitly select them for scanning.

E. Camera Access

• Camera permission is used only when you enable a feature that requires it (e.g., secure QR code scanning).

• We do not record or store photos or video.

F. Usage Analytics (optional, consent-based)

• Feature interactions (e.g., dashboard taps, scan frequency).

• Crash reports and performance metrics.

G. User-Provided Information

• Support tickets, feedback, or email addresses supplied via in-app forms.

• In-app purchase history (via Google Play Billing) for subscription management.

We do not collect message content, contact lists, or personal media unless explicitly prompted and consented to for a feature.

3. Purpose & Legal Basis of Processing

We process data to:

• Deliver core security services (contractual necessity, GDPR Art. 6(1)(b)).

• Detect, prevent, and respond to threats (legitimate interest, Art. 6(1)(f)).

• Comply with legal obligations (Art. 6(1)(c)).

• Improve the App through analytics (consent, Art. 6(1)(a)).

• Provide customer support (contractual necessity).

• Enable in-app purchases (contractual necessity).

4. Data Storage & Security Measures

• Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).

• Access is limited via role-based controls and MFA.

• Log retention: security logs are retained for 30 days; anonymized telemetry for 12 months.

• Regular penetration tests; ISO 27001-aligned policies.

• Raw threat logs older than 30 days are purged or irreversibly anonymized.

5. Sharing & Disclosure

We do not sell personal data. We may share limited data with:

• Infrastructure providers (e.g., AWS, GCP, Azure) solely to host back-end services.

• Analytics services (e.g., Firebase, Amplitude)—only with consent and IP anonymization enabled.

• Google Play Billing services to process in-app purchases.

• Law enforcement, when legally compelled.

All vendors are bound by Data Processing Agreements (DPAs) and, where required, Standard Contractual Clauses for international transfers.

6. International Transfers

If data leaves your jurisdiction, we rely on:

• Adequacy decisions (EEA↔UK), Standard Contractual Clauses (EEA↔US), or your explicit consent.

• Additional safeguards, such as encryption and strict access controls.

7. Your Rights

Under GDPR (EEA/UK) and CCPA/CPRA (California), you have the right to:

• Access, rectify, or erase personal data.

• Port data to another service.

• Restrict or object to processing.

• Opt out of “sale” or “sharing” (as defined by CCPA/CPRA).

Submit requests by emailing support@vertatec.com

8. Children’s Privacy

The App is not directed to children under 16. We do not knowingly collect data from children. If we learn that we have, we will delete it promptly.

9. Changes to This Policy

Material changes will be announced in-app and via email at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.

10. Contact Us

Verta Technologies LLC
Email: support@vertatec.com