Last updated: 1 March 2026
Opus Guide — D326 Holding SASU
515 Chemin de Dartaise, 26400 Grâne, France
Contact: info@opus.guide
1. Introduction
Opus Guide is a SaaS platform that helps teams create step-by-step guides and standard operating procedures (SOPs). It is operated by D326 Holding SASU, a French simplified joint-stock company (SASU) registered in France.
This Privacy Policy explains what personal data we collect, on what legal basis, how we use it, who we share it with, how long we keep it, and what rights you have. We are committed to handling your data responsibly and in compliance with the General Data Protection Regulation (GDPR) and applicable French data protection law.
For the purposes of GDPR, D326 Holding SASU is the data controller for data collected directly from visitors to our website (opus.guide) and trial users. For business customers, we act as a data processor on behalf of the customer organisation, who is the data controller. A Data Processing Agreement (DPA) is available upon request at info@opus.guide.
2. Data We Collect and Why
2.1 Account and Login Data
Data collected: Email address, password (hashed, never stored in plain text).
Legal basis: Performance of contract (Article 6(1)(b) GDPR) — necessary to provide access to the service.
Retention: Retained for the duration of the account. Deleted immediately upon account deletion.
2.2 User-Generated Content
Data collected: Process documentation, SOPs, guide steps, screenshots, and any other content you create within the platform.
Legal basis: Performance of contract (Article 6(1)(b) GDPR).
Important: When you use AI-assisted guide generation, the content of your instructions is sent to OpenAI's API for processing. See Section 4 (Sub-processors) for details.
Retention: Deleted immediately upon account deletion or guide deletion.
2.3 Published Guides
Data collected: Guide content you choose to publish.
Legal basis: Performance of contract (Article 6(1)(b) GDPR).
Important: Guides you publish are hosted on GitLab Pages and are publicly accessible to anyone with the link. Do not include sensitive personal data in published guides.
2.4 Billing Data
Data collected: Email address, subscription plan, and payment status. Payment card details are processed directly by Stripe and are never seen or stored by Opus Guide.
Legal basis: Performance of contract (Article 6(1)(b) GDPR) and legal obligation (Article 6(1)(c) GDPR) for invoicing and tax records.
Retention: Billing records retained for 10 years to comply with French accounting law.
2.5 Marketing Communications
Data collected: Email address.
Legal basis: Consent (Article 6(1)(a) GDPR). You may withdraw consent at any time by clicking 'Unsubscribe' in any marketing email, or by contacting info@opus.guide. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Retention: Until you unsubscribe or request deletion.
2.6 Website Analytics
Data collected: Page visits, referral sources, browser type, approximate location (country/region). We use both Google Analytics and Pirsch Analytics on our marketing site (opus.guide).
Legal basis: Consent (Article 6(1)(a) GDPR) for Google Analytics (non-essential cookies). Legitimate interest (Article 6(1)(f) GDPR) for Pirsch Analytics, which is cookieless and does not process personal data.
Retention: As configured in each analytics platform. You can opt out of Google Analytics via our cookie banner.
3. Cookies and Tracking Technologies
We use cookies on our website. You can manage your cookie preferences at any time via the cookie settings banner.
Category
Legal Basis
Examples
Essential
Contract performance
Session login, security
Analytics
Consent
Google Analytics (usage patterns)
Advertising
Not used
We do not use advertising or targeting cookies.
Note: Pirsch Analytics does not use cookies and does not process personal data in a way that requires consent.
4. Data Sharing and Sub-processors
We do not sell your personal data. We do not share it with third parties for marketing or advertising purposes. We share data only with the following sub-processors, who act on our behalf under appropriate data protection agreements:
Sub-processor
Purpose
Location / Info
Anvil Works Ltd
Application hosting, data storage, transactional email
UK (AWS eu-west-2) — anvil.works
OpenAI, LLC
AI-assisted guide generation (user content sent to API)
USA — openai.com/policies/privacy
Stripe, Inc.
Payment processing and subscription billing
USA/EU — stripe.com/privacy
Google LLC (Analytics)
Website analytics (opus.guide)
USA — policies.google.com/privacy
Pirsch Analytics
Privacy-friendly website analytics
Germany — pirsch.io/privacy
MailerLite
Marketing and newsletter email delivery
EU — mailerlite.com/privacy
GitLab Inc.
Hosting of published guides via GitLab Pages
USA — about.gitlab.com/privacy
We may also disclose data if required by law, court order, or government authority. In such cases, we will disclose only the minimum necessary information and, where legally permitted, notify you in advance.
5. International Data Transfers
Your data is stored in the United Kingdom (Anvil Works, AWS eu-west-2, London). The UK currently holds an EU adequacy decision under GDPR, meaning transfers between the EU and UK are treated as equivalent to intra-EU transfers.
Some of our sub-processors are based in the United States (OpenAI, Stripe, Google, GitLab, MailerLite). Transfers to these processors are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards. You can request details of transfer mechanisms by contacting info@opus.guide.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:
Encryption of data in transit (HTTPS/TLS)
Encryption at rest at the infrastructure level (Anvil/AWS)
Access controls and authentication requirements
Tenant data isolation — your data is logically separated from other customers
You are responsible for maintaining the confidentiality of your login credentials. Please use a strong password and do not share your account.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where required.
7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure — request deletion of your personal data (subject to legal retention obligations).
Right to restrict processing — ask us to limit how we use your data in certain circumstances.
Right to data portability — receive your data in a structured, machine-readable format where applicable.
Right to object — object to processing based on legitimate interest.
Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint — you have the right to lodge a complaint with your national supervisory authority. In France, this is the CNIL (www.cnil.fr). In the UK, this is the ICO (ico.org.uk).
To exercise any of these rights, please contact us at info@opus.guide. We will respond within 30 days. We may need to verify your identity before processing your request.
8. Automated Decision-Making and Profiling
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
9. Business Customers — Data Processing Agreement
If you use Opus Guide as a business customer (i.e. you are an organisation using the platform to process data about your employees, clients, or third parties), you are the data controller and we act as your data processor under Article 28 GDPR.
A Data Processing Agreement (DPA) is available upon request. Please contact info@opus.guide to obtain a copy. The DPA sets out the subject matter, duration, nature, and purpose of processing, as well as our respective obligations.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website and, where appropriate, by email. The date at the top of this policy indicates when it was last revised.
Continued use of our services after notification of changes constitutes acknowledgement of the updated policy. We encourage you to review this policy periodically.
11. Contact
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:
D326 Holding SASU
515 Chemin de Dartaise
26400 Grâne, France
Email: info@opus.guide
We aim to respond to all privacy-related enquiries within 30 days.
We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.
These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.
These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.
These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.
These cookies help us to better deliver marketing content and customized ads.