Optimate – GDPR Compliance Statement
This GDPR Compliance Statement explains how Optimate Technologies, operating the Optimate platform (“Optimate”, “we”, “us”, “our”), approaches data protection and privacy in accordance with the UK GDPR and, where applicable, the EU GDPR.
1. Data Controller
For most processing activities described in our Privacy Policy, Optimate Technologies acts as the Data Controller, determining the purposes and means of processing personal data when you use the Optimate platform.
Where business customers use Optimate to process personal data relating to their own clients, customers, or staff, Optimate Technologies may act as a Data Processor. In such cases, our responsibilities are further described in our Data Processing Agreement (DPA).
2. Lawful Bases for Processing
We process personal data only where we have a valid lawful basis under GDPR, including:
- Contractual necessity – to provide and operate the Optimate service you have signed up for
- Legitimate interests – such as improving the platform, ensuring security, and preventing misuse, where these interests are not overridden by your rights
- Consent – for certain activities such as marketing communications, social media integrations, and non-essential cookies
- Legal obligations – where processing is required to comply with applicable laws and regulations
3. Data Subject Rights
Under GDPR and UK data protection law, you have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request erasure of your data in certain circumstances
- Restrict or object to specific processing activities
- Request data portability for information you have provided
- Withdraw consent where processing is based on consent
- Lodge a complaint with a supervisory authority
To exercise these rights, contact info@optimatesocial.com. We may need to verify your identity before fulfilling certain requests.
4. Data Security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
- Secure hosting infrastructure and encryption where appropriate
- Access controls, logging, and monitoring
- Regular backups and resilience planning
- Least-privilege access principles for staff and systems
5. Subprocessors & Third Parties
We work with trusted third-party service providers (“Subprocessors”) to deliver the Optimate service, including:
- Supabase – database, authentication, and storage
- Stripe – payment processing and billing
- AI service providers (such as OpenAI or similar) – AI-powered content and insights
- Hosting and infrastructure providers (e.g. Vercel)
- Analytics, monitoring, and communication tools
We ensure appropriate data protection agreements and safeguards are in place with all Subprocessors.
6. International Data Transfers
Personal data may be transferred to and processed outside the UK or EEA where necessary to provide the service. Where this occurs, we ensure appropriate safeguards are implemented, such as Standard Contractual Clauses (SCCs) or other legally recognised mechanisms.
7. Data Breach Notification
In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority where required by law; and
- Inform affected users without undue delay
8. Documentation & Transparency
Our core data processing activities are documented and reviewed regularly. Further details about how we collect, use, and protect personal data can be found in our Privacy Policy and Data Processing Agreement (DPA).
9. Contact & Complaints
If you have questions about this GDPR Compliance Statement or wish to exercise your data protection rights, please contact:
You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).