Addendum Data Controller

Effective Date: 14th May, 2024

OpinStar (“the Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of our customers in compliance with applicable laws and regulations in the United States. This Addendum to our Data Controller Policy (“Addendum”) outlines additional provisions that govern our role as a data controller and our processing of personal data.

1. Compliance with U.S. Laws

  • the United States. We are committed to maintaining compliance with all applicable federal and state laws, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Children’s Online Privacy Protection Act (COPPA), the CAN-SPAM Act, the California Online Privacy Protection Act (CalOPPA), and all other relevant state-specific privacy and consumer protection laws.
  • We adhere to the guidelines and best practices set forth by the Federal Trade Commission (FTC) for online privacy, data security, and fair business practices. This includes transparent data collection, use, and sharing practices, as well as implementing reasonable security measures to protect customer information.
  • We will continue to monitor and update our policies and practices as necessary to maintain compliance with evolving legal requirements. We will notify customers of any material changes to our policies through email or prominent notices on our website, and provide a method for customers to acknowledge and accept the updated terms.
2. Data Collection and Use


  • The Company collects personal data from customers for the purposes of providing our services, improving our offerings, and communicating with customers regarding their accounts and our products.
  • We shall obtain explicit consent from customers before collecting any sensitive personal information, as defined by applicable laws.
  • Personal data shall be used for the specific purposes for which it was collected, and we shall not process personal data in a manner incompatible with those purposes without obtaining further consent.
3. Data Retention and Deletion
  • The Company shall retain personal data only for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required by law or for the establishment, exercise, or defense of legal claims.
  • Our data retention and deletion practices are designed to protect your privacy while maintaining the necessary information to provide you with our Services. We retain your personal information, account information, transactional data, and user-generated content for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law or
    necessary for legitimate business purposes.
  • Analytical data may be retained in an aggregated and anonymized form for statistical and research purposes. When the specified retention period expires or when you request deletion of your information, we securely delete or anonymize your data using industry-standard techniques.
  • Please note that some residual data may remain in our backup systems for a limited period due to our data backup and disaster recovery practices, but this data will be securely deleted or overwritten in accordance with our regular backup cycle.
4. Data Security
  • The Company shall implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
  • We shall regularly review and update our security measures to ensure the ongoing confidentiality, integrity, and availability of personal data.
5. Data Subject Rights
  • The Company shall provide customers with the means to exercise their rights under applicable data protection laws, including the right to access, rectify, erase, restrict processing, data portability, and object to processing of their personal data.
  • We shall respond to data subject requests in a timely manner and provide assistance to customers in exercising their rights, in accordance with our policies and procedures.
6. Third-Party Data Processors
  • The Company may engage third-party data processors to assist in the processing of personal data on our behalf. We shall conduct due diligence on potential data processors and enter into appropriate data processing agreements that comply with applicable laws.
  • We shall monitor the performance of our data processors and take necessary steps to ensure their compliance with our instructions and applicable data protection requirements.
7. Data Breaches
  • In the event of a data breach involving personal data, the Company shall notify affected customers and relevant authorities without undue delay, in accordance with applicable breach notification laws.
  • We shall cooperate with authorities and take necessary steps to mitigate the effects of the breach and prevent future occurrences.
8. Dispute Resolution
  • Any disputes arising out of or in connection with this Addendum shall be resolved through mediation or arbitration, as agreed upon by the parties.
  • The governing law and jurisdiction for dispute resolution shall be the laws of the State of Delaware, United States.
9. Limitation of Liability
  • To the fullest extent permitted by applicable law, OpinStar shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from your access to or use of our Services.
  • In no event shall OpinStar’s total liability for all claims related to our Services exceed the amount paid by you, if any, for accessing or using our Services during the six (6) months prior to the first event or occurrence giving rise to such liability.
10. Indemnification
  • The Company shall indemnify and hold harmless customers from and against any third-party claims, damages, or losses arising out of the Company’s breach of this Addendum or violation of applicable data protection laws, subject to the limitations of liability set forth herein.
11. Force Majeure
  • The Company shall not be liable for any failure or delay in performance under this Addendum due to circumstances beyond its reasonable control, including but not limited to acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, strikes, or shortages of transportation facilities, fuel, energy, labor, or materials.
12. Severability
  • If any provision of this Addendum is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect to the fullest extent permitted by law.
13. Periodic Reviews and Updates
  • The Company shall periodically review and update this Addendum to ensure its ongoing compliance with applicable laws and best practices.
  • We shall notify customers of any material changes to this Addendum by posting the updated version on our website or through other appropriate communication channels.

This Addendum forms an integral part of our Data Controller Policy and should be read in conjunction with our primary policy. Any terms not defined in this Addendum shall have the meaning ascribed to them in the main policy.

If you have any questions or concerns about this Addendum or our data processing practices, please contact our Data Protection Officer at:
Email: [email protected]
Phone No. – [Upon Request].