Home Solutions
Products IDP RFI QA/QC Risk Assessment Lead Management
Pricing About Contact

Cookie Policy

Your Privacy Matters

Effective Date: November 14, 2025

Last Updated: November 14, 2025

Opaida, Inc ("we," "us," or "our") is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679, the Health Insurance Portability and Accountability Act (HIPAA) (45 C.F.R. Parts 160, 162, and 164), and the American Institute of CPAs (AICPA) Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (SOC 2). This Cookie Policy explains how we use cookies and similar tracking technologies on our website(s) and services (collectively, the "Services"). By using our Services, you consent to the practices described in this policy, subject to your rights under applicable laws.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, or if our Services process protected health information (PHI) under HIPAA, additional protections apply as outlined below.

1. What Are Cookies?

Cookies are small text files that are stored on your device (e.g., computer, tablet, or mobile phone) when you visit a website. They enable the website to recognize your device and remember certain information about your preferences or actions. We also use similar technologies, such as pixels, web beacons, and local storage (collectively, "Cookies").

We use Cookies to enhance your experience, improve our Services, and ensure compliance with legal obligations. Under GDPR, non-essential Cookies require your explicit, informed consent. For HIPAA-covered entities or business associates, Cookies will not be used to collect or transmit PHI without appropriate safeguards, including Business Associate Agreements (BAAs) where required.

2. Types of Cookies We Use

We classify Cookies based on their purpose and duration. The table below summarizes the categories:

Category Description Examples of Use Cases Duration Essential?
Strictly Necessary (Essential) Required for the website to function and provide Services you request. These do not require consent. Session management, security features (e.g., CSRF tokens), basic navigation. Session or persistent (up to 2 years) Yes
Performance/Analytics Help us understand how users interact with our Services to improve functionality. Requires consent under GDPR. Aggregated usage data, page load times (e.g., Google Analytics, anonymized). Persistent (up to 2 years) No
Functional Remember choices to provide a personalized experience. Requires consent under GDPR. Language preferences, login status. Persistent (up to 1 year) No
Targeting/Marketing Deliver relevant ads or content based on your interests. Requires consent under GDPR. Ad tracking (e.g., Google Ads, Facebook Pixel), retargeting. Persistent (up to 13 months) No
Health-Related (HIPAA-Specific) If applicable to our Services, used only for PHI-related functions with encryption and access controls. Secure session for patient portals (e.g., encrypted tokens). Session only Yes (if PHI-enabled)
  • First-Party Cookies: Placed by our domain (e.g., [yourcompany.com]).
  • Third-Party Cookies: Placed by trusted partners (e.g., Google, Microsoft Azure for analytics). We only share data with third parties that are GDPR-compliant (e.g., via Standard Contractual Clauses) or HIPAA-compliant (e.g., via BAAs).

For a full list of Cookies, including names, providers, purposes, and durations, refer to our [Cookie Inventory] (available upon request or via our privacy dashboard).

3. Purposes of Cookie Use

We use Cookies for the following legitimate purposes, aligned with GDPR Article 6 and SOC 2 Privacy Criteria:

  • Service Delivery: To operate and secure our Services (e.g., authentication under SOC 2 Security Controls).
  • Analytics and Improvement: To monitor performance and user behavior in aggregated, anonymized form (pseudonymized under GDPR).
  • Personalization: To tailor content based on your preferences.
  • Advertising: To serve targeted ads, with opt-out options.
  • Compliance and Security: To detect fraud, ensure data integrity (SOC 2 Processing Integrity), and protect PHI under HIPAA's Security Rule (e.g., encryption in transit and at rest).

We do not use Cookies to profile sensitive data (e.g., health categories) without explicit consent or HIPAA authorization. All processing is limited to what is necessary (data minimization principle under GDPR).

4. Consent and Management

GDPR Compliance

  • Upon your first visit, you will see a cookie consent banner allowing granular choices (e.g., accept all, reject non-essential, or customize). Consent is active (e.g., via checkbox) and freely given, specific, informed, and unambiguous.
  • You can withdraw consent at any time via our Cookie Settings tool (accessible in the footer of our site) or by contacting us at privacy@opaida.ai
  • For EEA/UK/Swiss users, we rely on legitimate interests for essential Cookies (GDPR Art. 6(1)(f)) and consent for others (Art. 6(1)(a)).
  • Children's data (under 16) requires parental consent; we do not knowingly collect it via Cookies.

SOC 2 and HIPAA Alignment

  • SOC 2: Cookie data is subject to our privacy program, including logical access controls, encryption (AES-256), and regular audits. We maintain logs for 12 months for incident response.
  • HIPAA: If Cookies interact with PHI, they comply with the HIPAA Security Rule (e.g., no PHI in unencrypted analytics Cookies). Access is role-based, with audit trails. De- identified data (per HIPAA §164.514) may be used for analytics.

To manage Cookies:

  • Browser Settings: Adjust via your browser (e.g., Chrome: Settings > Privacy > Cookies).
  • Do Not Track (DNT): We honor DNT signals where possible.
  • Global Opt-Outs: Use tools like Your Online Choices (EU) or Network Advertising Initiative (US).

5. Data Sharing and Third Parties

We share Cookie data only with:

  • Service providers (e.g., cloud hosts) under data processing agreements (DPAs) compliant with GDPR and HIPAA BAAs.
  • Law enforcement, if required by law.

No sale of Cookie data occurs. Transfers outside the EEA/UK use adequacy decisions or safeguards (e.g., EU-US Data Privacy Framework).

6. Data Retention and Security

  • Retention: Essential Cookies are kept as long as needed for the session/purpose; others per the table above. Data is deleted upon consent withdrawal or policy-defined periods.
  • Security: All Cookies are transmitted over HTTPS. We implement SOC 2-aligned controls (e.g., vulnerability scanning, multi-factor authentication for admin access) and HIPAA safeguards (e.g., risk assessments under §164.308).

7. Your Rights

Under GDPR (Arts. 15-22), you have rights to access, rectify, erase, restrict, port, and object to Cookie data processing. For HIPAA individuals, you have rights to access, amend, and restrict PHI uses.

  • Submit requests at privacy@opaida.ai or via our privacy portal.
  • We respond within 30 days (GDPR) or 60 days (HIPAA).
  • Appeals: Contact our Data Protection Officer (DPO) at security@opaida.ai.

8. International Users

This policy applies globally but is tailored for cross-border compliance. Non-EEA users are protected under equivalent standards (e.g., CCPA opt-out notices where applicable).

9. Changes to This Policy

We may update this policy to reflect legal changes or Service updates. Significant changes will be notified via email or site banner, with a 30-day grace period for consent renewal.

10. Contact Us

For questions, contact:

This policy is governed by [New Jersey law]. By using our Services, you acknowledge this policy.

Hi, I’m EVA from opAIda.ai! I'm here to help you.
Chat with OPAIDA

Your Privacy Matters

We use cookies to provide a secure environment (SOC 2), ensure the integrity of our Services (HIPAA), and analyze site performance. While essential cookies are always active, we ask for your consent to use optional cookies for analytics and personalized experiences.