Security & privacy

How Opsfly handles your data, encryption, access controls, and customer privacy.

Overview

Opsfly handles sensitive business and customer data. This page describes how that data is stored, protected, and controlled.

In summary: all data is encrypted at rest and in transit. Customer conversation data is stored in isolated per-business databases. No conversation data is used to train shared AI models. You can export or delete your data at any time.

How it works

All API communication uses TLS 1.2 or higher. Data at rest is encrypted using AES-256. Platform credentials (Facebook tokens, WhatsApp API keys) are stored in an encrypted secrets vault and never exposed in Builder or Console UI. Access control is role-based — you can invite team members with read-only or full access.

💡 Tip: Enable two-factor authentication on your Opsfly account and on the Facebook Business Manager account connected to your business. These are the two most common entry points for unauthorized access.

Step by step

Prerequisites

No special setup required. Security measures are applied by default to all businesses.

Configuration

To manage team access: Builder → Settings → Team. To rotate API keys: Builder → Settings → API Keys → Regenerate. To request a full data export: contact [email protected] with your business ID. To delete your business and all associated data: contact [email protected] — deletion is permanent and irreversible.

Next steps

If you have specific compliance requirements (GDPR, data residency, etc.), contact [email protected] to discuss Enterprise options.