1Who We Are
Opus 86 is a software-as-a-service CRM platform for independent financial advisors, operated by Bright Light Ventures LLC, a California limited liability company ("Company," "we," "us," or "our"). Our principal address is 15760 Ventura Blvd, 7th Floor, Encino, CA 91436.
This Privacy Policy describes how we collect, use, and protect information when you use opus86.com and the Opus 86 application (collectively, the "Service").
2Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Information | Name, email, username, password (hashed), company, phone | You provide at signup |
| Client Data | Contact records, AUM, notes, tasks, call logs, documents you upload | You enter into the Service |
| Calendar & Email Data | Calendar events, email metadata (if Google Calendar/Gmail integration enabled) | Google OAuth (only if you connect) |
| Usage Data | Pages visited, features used, login timestamps, IP address, browser type | Automatically collected |
| Payment Information | Billing name, last 4 digits, billing address | Stripe (we never see full card numbers) |
| Communications | Support emails, feedback submissions | You provide |
3How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Process payments and manage your subscription
- Send transactional emails (receipts, password resets, feature notifications)
- Power AI features โ your data is sent to Anthropic's API solely to generate AI responses for you. Your data is not used to train AI models. We are in the process of executing a Zero Data Retention agreement with Anthropic; until that agreement is in effect, queries are subject to Anthropic's standard limited retention policy (typically up to 30 days) for trust and safety review.
- Respond to support requests
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
We do not use your data or your clients' data for advertising, profiling, or sale to third parties.
4Data Sharing & Subprocessors
We share data only with the following subprocessors, each bound by appropriate data processing agreements, solely to provide the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase, Inc. | Database & backend infrastructure | All stored CRM data |
| Anthropic, PBC | AI features (no model training; ZDR agreement in process) | Queries you submit to AI features |
| Vercel, Inc. | API hosting & serverless infrastructure | API requests |
| Brevo (Sendinblue) | Transactional email delivery | Email address, message content |
| Stripe, Inc. | Payment processing (PCI-DSS compliant) | Billing information |
| Google, LLC | Calendar & email integration (only if you enable) | OAuth token, calendar/email data |
We do not sell personal information to any third party.
5Google API Data
If you choose to connect your Google account, Opus 86 will request access to your Google Calendar via OAuth 2.0. Our use of Google API data is limited to:
- Displaying your calendar events within your private Opus 86 dashboard
- Sending emails on your behalf only when you explicitly initiate a send action
We do not:
- Share your Google data with any third party (other than Supabase for storage)
- Use your Google data to train AI models
- Access your Google data for any purpose other than displaying it to you
- Store Google Calendar events permanently โ they are fetched fresh each session and held only in memory
You can disconnect your Google account at any time from Settings โ Integrations โ Google Calendar.
6Data Security
- All data is encrypted in transit using TLS 1.2+
- All data is encrypted at rest using AES-256
- Each advisor's data is stored in isolated, per-user rows with row-level security (RLS) โ no data is accessible across accounts
- Daily automated backups retained for 7 days
- We will notify affected users within 48 hours of becoming aware of a confirmed security incident
7Data Retention
We retain your account data for as long as your subscription is active. If you cancel, your data is retained for 30 days to allow for export, then permanently deleted. You may request immediate deletion at any time by emailing support@opus86.com.
Exception for compliance records. Because Opus 86 is used by financial professionals subject to U.S. federal securities recordkeeping rules, certain books-and-records data is retained on a separate seven-year retention schedule and cannot be deleted on request during that period. See Section 8 below for details.
8Compliance Recordkeeping (FINRA / SEC 17a-3 and 17a-4)
Opus 86 is designed for use by financial professionals subject to U.S. federal securities recordkeeping requirements. To enable our customers to comply with SEC Rule 17a-3, SEC Rule 17a-4, and FINRA Rule 4511, Opus 86 maintains an immutable, append-only audit trail of certain account activity for a period of seven (7) years from the date of capture.
The audit trail captures:
- Prompts and inputs you provide to AI features within the platform
- Speech-to-text transcripts of meetings recorded through Opus 86, in both raw and edited form
- AI-generated summaries saved to client records
- Outbound and inbound email and text communications transmitted or received through integrated channels
- Material changes to client account records (contact information, account attributes, household relationships)
Each archived record is time-stamped, attributed to the user who created it, and assigned a SHA-256 cryptographic hash at the time of capture so that any later modification can be detected. Records are retained in an electronic recordkeeping system with row-level security policies that prevent modification or deletion by application users, satisfying the audit-trail alternative to write-once-read-many storage permitted under 17 CFR ยง 240.17a-4(f)(2)(ii)(A).
These records may be produced to securities regulators, self-regulatory organizations, or other authorities upon proper legal request, in accordance with our customer's regulatory obligations.
You may request a summary of audit-trail records relating to your own account by contacting support@opus86.com. Records required to be retained for regulatory purposes cannot be deleted upon request during the seven-year retention period; this is a legal obligation of our customers under federal securities law and is not waivable.
9Your Rights
You have the right to:
- Access โ request a copy of your data
- Correction โ update inaccurate data directly in the app or via support
- Deletion โ request deletion of your account and all associated data, subject to the compliance recordkeeping exception described in Section 8
- Portability โ export your data in a machine-readable format
- Objection โ object to certain processing activities
To exercise any of these rights, contact us at support@opus86.com. We will respond within 30 days.
10California Privacy Rights (CCPA)
California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email support@opus86.com with "California Privacy Request" in the subject line.
11Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance.
12Contact Us
For privacy questions, data requests, or concerns:
- Email: support@opus86.com
- Mail: Bright Light Ventures LLC, 15760 Ventura Blvd, 7th Floor, Encino, CA 91436