Privacy by
Architecture.
How Servance Pty Ltd (trading as OPPI) collects, uses, and protects your personal information.
Vault Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). No exceptions.
Zero Sale
We never sell, rent, or trade your personal or venue data to third parties.
Total Ownership
You retain full intellectual property rights over your venue data at all times.
APAC Residency
Primary data infrastructure hosted in the Asia-Pacific region under strict access controls.
01. Who We Are
This privacy policy is issued by Servance Pty Ltd, an Australian company trading as OPPI. We build operational intelligence software for the hospitality industry.
When you use our website (oppi.au), sign up for our services, or interact with our platform, we act as the data controller. This means we decide how and why your personal information is processed.
When our customers use OPPI to process their own venue data (including information about their staff, guests, or operations), we act as a data processor on their behalf. In those cases, your venue is the data controller and their privacy policy applies.
Governing Law
02. What We Collect
We collect different categories of personal information depending on how you interact with us:
Account Information
- Name and email address
- Organisation and role
- Phone number (if provided)
- Billing and payment details
Venue Operational Data
- Sales summaries and revenue metrics
- Labour and roster information
- Menu structure and product data
- Task and workflow records
Technical & Usage Data
- IP address and browser type
- Pages visited and interaction patterns
- Device information and screen size
- Referral source
Communications
- Support tickets and chat logs
- Email correspondence
- Feedback and survey responses
- Waitlist and demo request details
03. How We Collect It
We collect personal information through three channels:
- Directly from you: when you create an account, fill out a form, join our waitlist, or contact our team.
- From your venue systems: when you connect integrations such as your POS, property management system, or rostering tool. We only access data you explicitly authorise.
- Automatically: through server logs, cookies, and similar technologies when you visit our website. See Section 11 for details on cookies.
We do not purchase personal information from third-party data brokers. We do not scrape publicly available information to build profiles.
04. Why We Use It
We use your personal information for the following purposes:
- To provide and operate the OPPI platform, including generating insights, projections, and operational recommendations for your venue.
- To process payments and manage your subscription.
- To communicate with you about your account, service updates, and support requests.
- To maintain the security and integrity of our systems, including fraud detection and abuse prevention.
- To improve our products by analysing aggregated, anonymised usage patterns.
- To comply with legal obligations, including Australian tax and corporate law.
We will not use your personal information for purposes materially different from those described above without notifying you first.
05. AI & Automated Processing
OPPI uses artificial intelligence and automated systems to analyse venue operational data and generate actionable insights. This is a core part of our service. Here is how we handle it:
No Model Training on Your Data
Anonymisation Before Analysis
Human Oversight
07. Where Your Data Lives
Transparency about where your data is stored matters. Here is the current state of our infrastructure:
- Our primary database and authentication infrastructure is hosted in Singapore (AWS ap-southeast-1) via our database provider.
- Application hosting and edge delivery may utilise servers in multiple regions, including Australia and the United States, depending on the provider.
- AI processing requests may be routed to API providers with infrastructure in the United States and Europe.
Cross-Border Disclosure (APP 8)
08. How We Protect It
We implement technical and organisational measures appropriate to the sensitivity of the information we hold:
- Encryption in transit using TLS 1.3 and at rest using AES-256.
- Logically isolated infrastructure. Venue data is partitioned so one customer cannot access another's information.
- Role-based access control (RBAC) with the principle of least privilege.
- OAuth-based integrations. We never store your third-party system passwords.
- Regular access reviews and security monitoring.
No system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals in accordance with the Notifiable Data Breaches (NDB) scheme.
For more detail on our security architecture, see our Security page.
09. How Long We Keep It
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Category | Retention Period |
|---|---|
| Account & profile data | Active subscription + 90 days |
| Venue operational data | Active subscription + 90 days |
| Billing & transaction records | 7 years (Australian tax law) |
| System logs & telemetry | 90 days rolling |
| Support correspondence | 2 years from resolution |
| Marketing preferences | Until you unsubscribe |
When data is no longer required, it is securely deleted or anonymised so that it can no longer be linked to an individual.
10. Your Rights
Under the Australian Privacy Principles and applicable international frameworks, you have the following rights:
Access
Request a copy of the personal information we hold about you.
Correction
Ask us to correct inaccurate or incomplete information.
Deletion
Request that we delete your personal information, subject to legal retention obligations.
Complaint
Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC).
To exercise any of these rights, contact us at privacy@oppi.au. We will respond within 30 days. If we refuse a request, we will provide written reasons and information about how to complain.
If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.
12. Changes & Contact
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "last updated" date at the top of this page.
- Notify active customers via email for significant changes.
- Provide a reasonable period before changes take effect.
Contact Details
Entity: Servance Pty Ltd (trading as OPPI)
Privacy enquiries: privacy@oppi.au
Website: oppi.au
Regulator: Office of the Australian Information Commissioner (OAIC)