OppAction Privacy Policy

1. Scope & Relationship to Other Agreements

This Privacy Policy supplements and forms part of the OppAction Terms of Service, AI & Automation Disclaimer, API Terms, Beta Terms, enterprise agreements, operational policies, and supplemental feature disclosures.

All capitalized terms not defined in this Privacy Policy have the meanings assigned in the Terms of Service.

In the event of any conflict between this Privacy Policy and an expressly negotiated written agreement signed by Mugpire, LLC, the signed agreement shall control solely to the extent expressly stated.

2. Information We Collect

2.1 Information You Provide

We may collect information that you provide directly or indirectly through the Services, including:

• account registration information;
• names;
• business names;
• usernames;
• email addresses;
• phone numbers;
• billing information;
• payment-related information;
• authentication credentials;
• marketplace account information;
• uploaded files;
• uploaded images;
• product listings;
• metadata;
• prompts;
• workflow configurations;
• synchronization settings;
• automation configurations;
• API credentials;
• support communications;
• feedback;
• enterprise account information;
• delegated-user information;
• and related operational information.

2.2 Marketplace & Third-Party Data

Where authorized by you, we may collect information from third-party providers and connected systems, including:

• Shopify;
• Etsy;
• Amazon;
• Walmart;
• Google Shopping;
• advertising platforms;
• fulfillment systems;
• analytics providers;
• authentication providers;
• AI providers;
• APIs;
• synchronization systems;
• cloud providers;
• payment processors;
• and related third-party systems.

Such data may include:

• product listings;
• inventory data;
• pricing data;
• images;
• marketplace metadata;
• analytics data;
• operational data;
• synchronization records;
• API activity;
• and related marketplace or operational information.

2.3 Automatically Collected Information

We may automatically collect operational, technical, and usage-related information, including:

• IP addresses;
• browser metadata;
• device metadata;
• authentication records;
• clickstream data;
• usage patterns;
• operational telemetry;
• audit logs;
• synchronization logs;
• workflow logs;
• automation logs;
• API logs;
• session information;
• network information;
• interaction data;
• performance data;
• crash reports;
• error logs;
• and related operational or analytical information.

2.4 AI Interaction Data

We may collect and process:

• prompts;
• AI Outputs;
• workflow instructions;
• automation instructions;
• recommendation interactions;
• scoring interactions;
• synchronization instructions;
• analytics interactions;
• enterprise workflow activity;
• and related AI interaction data.

3. Operational Data Categories

For clarity and operational governance purposes, OppAction may distinguish between:

• “User Content”;
• “Usage Data”;
• “Operational Data”;
• “Analytics Data”;
• “Telemetry”;
• “Metadata”;
• “Audit Logs”;
• “Security Logs”;
• “AI Interaction Data”;
• “Aggregated Data”;
• “De-identified Data”;
• “Enterprise Activity Data”;
• and “Workflow Data.”

Aggregated and De-identified Data are not considered User Content.

4. How We Use Information

We may collect, process, analyze, store, transmit, reproduce, modify, adapt, monitor, preserve, disclose, and otherwise use information for purposes including:

• operating the Services;
• providing functionality;
• enabling marketplace integrations;
• enabling synchronization systems;
• enabling automation systems;
• enabling AI functionality;
• enabling analytics systems;
• enabling enterprise workflows;
• authentication and security;
• fraud prevention;
• abuse detection;
• operational governance;
• infrastructure management;
• debugging;
• troubleshooting;
• performance optimization;
• workflow optimization;
• analytics;
• recommendation systems;
• scoring systems;
• predictive systems;
• customer support;
• legal compliance;
• policy enforcement;
• dispute resolution;
• evidentiary preservation;
• AI safety systems;
• operational monitoring;
• synchronization governance;
• enterprise governance;
• API governance;
• regulatory cooperation;
• and improving current or future products and services.

5. AI Systems & Internal Model Improvement

OppAction may utilize AI systems, AI providers, machine-learning systems, automation systems, recommendation systems, orchestration systems, analytics systems, predictive systems, and related technologies.

OppAction will not intentionally use non-public User Content to train generalized public-facing AI models without authorization.

However, OppAction may internally use information, including AI Interaction Data, Operational Data, Telemetry, Aggregated Data, and De-identified Data for:

• quality assurance;
• debugging;
• abuse detection;
• operational optimization;
• AI safety systems;
• workflow improvement;
• recommendation improvement;
• analytics improvement;
• synchronization improvement;
• infrastructure optimization;
• internal model/system improvement;
• enterprise governance;
• and operational research.

AI providers and third-party systems may independently process information pursuant to their own policies and operational requirements.

6. Operational Monitoring, Governance & Audit Logging

OppAction may generate, preserve, analyze, and rely upon:

• audit logs;
• synchronization logs;
• workflow logs;
• automation logs;
• authentication records;
• API logs;
• IP logs;
• browser metadata;
• clickstream data;
• enterprise activity logs;
• delegated-user activity logs;
• AI interaction records;
• operational telemetry;
• export/import records;
• and related operational or evidentiary information.

Such records may be used for:

• operational governance;
• abuse prevention;
• fraud prevention;
• AI governance;
• workflow governance;
• security analysis;
• dispute resolution;
• arbitration;
• litigation;
• evidentiary preservation;
• operational analytics;
• policy enforcement;
• and cooperation with regulators, providers, marketplaces, or law enforcement.

7. Aggregated & De-identified Data

OppAction may create, generate, analyze, use, disclose, commercialize, and otherwise utilize Aggregated Data and De-identified Data for lawful business purposes.

Aggregated and De-identified Data may include:

• usage trends;
• operational metrics;
• analytics patterns;
• scoring trends;
• synchronization metrics;
• workflow patterns;
• API metrics;
• enterprise operational trends;
• infrastructure analytics;
• benchmarking analytics;
• and related operational intelligence.

De-identification methodologies may evolve over time.

8. Third-Party Providers & Marketplace Platforms

OppAction depends on third-party providers and external infrastructure.

Third-party providers may include:

• Shopify;
• Etsy;
• Amazon;
• Walmart;
• Google Shopping;
• AI providers;
• payment processors;
• cloud providers;
• analytics systems;
• authentication providers;
• infrastructure providers;
• APIs;
• synchronization systems;
• developer tools;
• and related providers.

Third-party providers operate independently from OppAction.

OppAction does not control:

• third-party security practices;
• provider policies;
• API behavior;
• provider uptime;
• provider compliance;
• or provider operational decisions.

Third-party systems may:

• fail;
• change;
• impose restrictions;
• revoke permissions;
• modify APIs;
• alter data access;
• or discontinue functionality

at any time.

9. Enterprise Accounts & Delegated Users

Enterprise organizations, account owners, and administrators are responsible for:

• managing delegated access;
• supervising enterprise users;
• supervising contractors and agencies;
• controlling permissions;
• monitoring workflows;
• securing credentials;
• revoking former-user access;
• supervising automations;
• and supervising AI-agent activity.

Activity occurring through enterprise environments, delegated systems, connected APIs, workflows, or operational infrastructure may be attributed to the account owner or organization.

10. Security

OppAction implements commercially reasonable administrative, technical, operational, and organizational security measures designed to protect information.

However, no system, infrastructure, API, synchronization framework, cloud environment, authentication system, AI provider, or operational workflow can be guaranteed completely secure.

OppAction does not guarantee:

• absolute security;
• uninterrupted security;
• immunity from unauthorized access;
• prevention of all breaches;
• uninterrupted availability;
• or prevention of all operational failures.

Users are solely responsible for:

• maintaining account security;
• supervising delegated access;
• managing permissions;
• securing credentials;
• monitoring connected systems;
• supervising workflows;
• supervising automations;
• and maintaining appropriate operational safeguards.

11. Data Retention

OppAction may preserve, retain, archive, backup, reproduce, or maintain:

• operational records;
• audit logs;
• synchronization logs;
• AI interaction records;
• analytics records;
• security records;
• enterprise activity records;
• workflow records;
• evidentiary records;
• backups;
• and related operational information

for periods determined by OppAction in its sole discretion, subject to applicable law.

Data deletion requests may not result in complete or immediate deletion from:

• backups;
• operational archives;
• evidentiary systems;
• security systems;
• synchronization systems;
• or preserved compliance records.

12. International Processing

Information may be processed, stored, analyzed, synchronized, or transmitted in multiple jurisdictions.

Third-party providers may operate globally and may process information outside your jurisdiction.

By using the Services, you acknowledge and consent to such transfers and processing.

13. Regulatory Cooperation & Legal Disclosures

OppAction may preserve, disclose, cooperate with, or provide information where reasonably necessary to:

• comply with law;
• respond to legal process;
• cooperate with regulators;
• cooperate with marketplaces;
• cooperate with providers;
• cooperate with law enforcement;
• investigate abuse;
• enforce agreements;
• preserve evidence;
• protect operational infrastructure;
• prevent fraud;
• or protect rights, safety, property, or operational interests.

14. Cookies & Similar Technologies

OppAction and its service providers may utilize cookies and related technologies to support operational functionality, security, analytics, enterprise governance, synchronization systems, AI systems, workflow systems, infrastructure management, and related operational activities.

Such technologies may include:

• cookies;
• session technologies;
• local storage technologies;
• browser storage mechanisms;
• authentication technologies;
• telemetry systems;
• analytics technologies;
• operational monitoring technologies;
• synchronization technologies;
• API monitoring technologies;
• device identifiers;
• browser identifiers;
• clickstream technologies;
• diagnostic technologies;
• debugging technologies;
• infrastructure-monitoring systems;
• fraud-prevention technologies;
• abuse-detection systems;
• performance-monitoring systems;
• security-monitoring technologies;
• workflow-governance technologies;
• enterprise-governance systems;
• AI-governance systems;
• operational telemetry systems;
• and related tracking, operational, analytical, or governance technologies.

14.1 Purposes of Operational Technologies

OppAction may use such technologies for purposes including:

• authentication;
• account management;
• session management;
• enterprise governance;
• synchronization functionality;
• workflow functionality;
• automation functionality;
• API functionality;
• AI-system functionality;
• operational monitoring;
• infrastructure management;
• analytics;
• debugging;
• troubleshooting;
• fraud prevention;
• abuse detection;
• security monitoring;
• risk assessment;
• operational governance;
• synchronization governance;
• AI governance;
• workflow governance;
• performance optimization;
• enterprise administration;
• load balancing;
• operational analytics;
• system improvement;
• reliability enhancement;
• feature improvement;
• service improvement;
• compliance activities;
• evidentiary preservation;
• and operational or commercial administration.

14.2 Third-Party Technologies

OppAction may permit third-party providers, service providers, analytics providers, infrastructure providers, AI providers, marketplaces, APIs, synchronization systems, or operational partners to utilize cookies or related technologies in connection with the Services.

Third-party technologies may be used for:

• analytics;
• infrastructure support;
• operational monitoring;
• synchronization systems;
• authentication services;
• fraud prevention;
• security monitoring;
• debugging;
• API management;
• workflow systems;
• performance monitoring;
• and related operational purposes.

Third-party providers operate independently from OppAction and may process information pursuant to their own policies, operational practices, and legal obligations.

14.3 Browser Controls & Cookie Settings

Most browsers and devices permit users to manage cookie settings, local storage settings, tracking preferences, or related operational technologies through browser or device controls.

Users may be able to:

• block cookies;
• delete cookies;
• restrict tracking technologies;
• clear browser storage;
• disable analytics technologies;
• manage device identifiers;
• or configure browser privacy settings.

However, disabling or restricting cookies or related technologies may:

• impair functionality;
• disrupt synchronization systems;
• interfere with authentication systems;
• degrade workflow functionality;
• limit enterprise functionality;
• impair AI-system functionality;
• disrupt automation systems;
• limit analytics functionality;
• interfere with operational controls;
• or otherwise negatively affect portions of the Services.

Certain operational, authentication, synchronization, governance, security, or infrastructure-related technologies may be necessary for core functionality of the Services.

14.4 Analytics & Operational Monitoring

OppAction may use analytics, telemetry, operational-monitoring, diagnostic, and performance technologies to:

• understand usage patterns;
• improve workflows;
• improve synchronization systems;
• improve AI systems;
• improve infrastructure;
• improve operational performance;
• detect abuse;
• detect fraud;
• monitor APIs;
• monitor enterprise systems;
• monitor automation systems;
• preserve operational integrity;
• conduct troubleshooting;
• analyze performance;
• and improve current or future products and services.

Operational analytics and telemetry systems may collect:

• usage information;
• device information;
• browser metadata;
• session data;
• workflow activity;
• synchronization activity;
• API interactions;
• enterprise operational data;
• AI interaction data;
• performance metrics;
• diagnostic information;
• and related operational information.

14.5 Consent Mechanisms & Regional Requirements

Where required by applicable law, OppAction may implement consent-management tools, cookie banners, preference-management systems, or related consent mechanisms.

Consent mechanisms may vary based on:

• jurisdiction;
• applicable law;
• enterprise configuration;
• provider requirements;
• operational requirements;
• or technical limitations.

OppAction reserves the right to modify, update, replace, restrict, or operationally adjust tracking technologies, analytics technologies, telemetry systems, synchronization systems, and related operational technologies at any time.

15. U.S. State Privacy Rights

Depending on your state of residence and subject to applicable law, you may have certain privacy rights regarding Personal Information processed by OppAction.

These rights may arise under laws including, without limitation:

• the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”);
• the Colorado Privacy Act;
• the Virginia Consumer Data Protection Act;
• the Connecticut Data Privacy Act;
• the Utah Consumer Privacy Act;
• and other applicable U.S. state privacy laws, regulations, amendments, or successor frameworks.

Where required by applicable law, eligible consumers may have rights including:

• rights to know or access;
• rights to deletion;
• rights to correction;
• rights to data portability;
• rights to opt out of certain processing activities;
• rights relating to targeted advertising;
• rights relating to profiling or automated decision-making where applicable;
• rights relating to “sale” or “sharing” concepts as defined under applicable law;
• rights to appeal certain request determinations where applicable;
• and related statutory rights.

15.1 Submission of Privacy Requests

Eligible requests may be submitted using the contact information identified in this Privacy Policy.

OppAction may require:

• identity verification;
• account verification;
• authentication procedures;
• ownership verification;
• enterprise authorization verification;
• delegated-access verification;
• or additional information reasonably necessary

to:

• authenticate requests;
• prevent fraud;
• prevent abuse;
• protect security;
• verify lawful authority;
• preserve evidentiary integrity;
• and protect user or platform rights.

Authorized agents may submit requests on behalf of consumers where permitted by law, subject to verification procedures and proof-of-authority requirements.

15.2 Response Timing & Verification

OppAction will respond to verified requests within time periods required under applicable law.

Where permitted by law, OppAction may:

• extend response periods;
• request additional information;
• deny unverifiable requests;
• deny excessive or abusive requests;
• deny requests prohibited by law;
• charge permitted fees for excessive requests;
• or limit requests as permitted by applicable law.

OppAction reserves the right to implement reasonable anti-fraud, anti-abuse, operational-security, and verification safeguards.

15.3 Enterprise & Business Account Limitations

Certain rights requests may be limited where information is processed:

• on behalf of enterprise organizations;
• within business-account environments;
• under delegated administrative authority;
• pursuant to contractual obligations;
• pursuant to marketplace integrations;
• pursuant to synchronization systems;
• or within enterprise governance environments.

In such circumstances, OppAction may direct requests to the applicable enterprise customer, administrator, controller, or account owner where appropriate under applicable law.

15.4 Operational, Security & Legal Retention Exceptions

Notwithstanding any privacy-right request, OppAction may preserve, retain, analyze, disclose, or continue processing information where reasonably necessary to:

• comply with legal obligations;
• comply with regulatory requirements;
• comply with marketplace obligations;
• preserve audit records;
• preserve evidentiary records;
• preserve operational logs;
• preserve security records;
• detect abuse;
• prevent fraud;
• investigate misconduct;
• protect operational infrastructure;
• maintain synchronization systems;
• maintain enterprise governance systems;
• maintain workflow integrity;
• enforce agreements or policies;
• exercise or defend legal claims;
• comply with law-enforcement requests;
• or otherwise exercise rights permitted by applicable law.

15.5 Sale, Sharing & Targeted Advertising Concepts

OppAction does not sell Personal Information in exchange for monetary compensation in the traditional consumer-data-broker sense.

However, certain operational, analytics, advertising, API, synchronization, infrastructure, or provider-related activities may potentially be characterized as “sharing,” “targeted advertising,” “cross-context behavioral advertising,” or similar concepts under evolving privacy laws.

Where required by applicable law, eligible consumers may exercise applicable opt-out rights relating to such processing.

15.6 Automated Decision-Making & Profiling

OppAction may utilize:

• AI systems;
• recommendation systems;
• analytics systems;
• scoring systems;
• predictive systems;
• workflow systems;
• synchronization systems;
• operational-governance systems;
• abuse-detection systems;
• and related automated processing technologies.

Such systems are generally used to:

• support operational functionality;
• provide optimization recommendations;
• improve workflows;
• detect abuse;
• enhance security;
• improve analytics;
• and improve user experience.

OppAction does not guarantee that automated systems are:

• error free;
• unbiased;
• complete;
• or suitable for legally significant decision making.

Users remain responsible for independently reviewing outputs and operational decisions.

15.7 Appeals

Where required by applicable law, eligible consumers may appeal certain request determinations by contacting OppAction using the contact information identified in this Privacy Policy.

OppAction may deny appeals where permitted by law.

16. Privacy Rights Requests & Verification Procedures

OppAction maintains operational, administrative, and verification procedures for processing privacy-rights requests in accordance with applicable law, operational-security requirements, fraud-prevention obligations, enterprise-governance considerations, and evidentiary-preservation requirements.

16.1 Submission of Requests

Privacy-rights requests may be submitted using the contact information or request mechanisms identified in this Privacy Policy.

Requests may relate to rights including:

• access;
• correction;
• deletion;
• portability;
• opt-out rights;
• profiling-related rights;
• targeted-advertising rights;
• sale/sharing-related rights;
• and related statutory rights where applicable.

OppAction may require requests to include information reasonably necessary to:

• identify the requesting individual;
• verify account ownership;
• authenticate enterprise authority;
• validate delegated authority;
• authenticate API-related authority;
• investigate suspicious activity;
• protect operational integrity;
• preserve evidentiary reliability;
• and prevent fraud or abuse.

16.2 Verification Procedures

Before processing requests, OppAction may require verification procedures including:

• identity authentication;
• account authentication;
• multi-factor verification;
• delegated-authority verification;
• enterprise-account verification;
• organizational-authority verification;
• API credential validation;
• ownership confirmation;
• authentication-token validation;
• or additional operational verification procedures reasonably necessary under the circumstances.

OppAction may request additional information, documentation, records, or confirmations reasonably necessary to:

• verify identity;
• verify authority;
• verify request legitimacy;
• verify enterprise authorization;
• prevent fraud;
• prevent unauthorized disclosures;
• maintain operational security;
• and protect user, enterprise, marketplace, provider, or platform interests.

16.3 Authorized Agents & Delegated Requests

Authorized agents may submit requests on behalf of consumers where permitted by applicable law.

OppAction may require:

• written authorization;
• proof of delegated authority;
• enterprise authorization;
• identity verification;
• direct user confirmation;
• or additional verification procedures

before processing delegated or agent-submitted requests.

Enterprise-account requests may be subject to:

• enterprise governance controls;
• administrator approval requirements;
• organizational verification;
• contractual restrictions;
• operational-security review;
• and evidentiary-preservation obligations.

16.4 API, Automation & Enterprise Environments

Certain information processed through:

• APIs;
• enterprise systems;
• automation systems;
• delegated workflows;
• synchronization systems;
• enterprise organizations;
• AI agents;
• or operational-governance systems

may be subject to:

• operational limitations;
• enterprise-governance restrictions;
• contractual obligations;
• synchronization dependencies;
• provider requirements;
• evidentiary-preservation obligations;
• and legal or compliance constraints.

OppAction may direct requests to enterprise account owners, administrators, controllers, or other authorized entities where appropriate under applicable law.

16.5 Denial Rights & Operational Exceptions

To the maximum extent permitted by applicable law, OppAction may deny, limit, defer, or refuse requests where reasonably necessary to:

• comply with law;
• comply with regulatory obligations;
• preserve operational security;
• preserve evidentiary integrity;
• maintain fraud-prevention systems;
• maintain abuse-detection systems;
• maintain synchronization integrity;
• preserve audit logs;
• preserve compliance records;
• preserve security records;
• preserve enterprise governance systems;
• protect rights of others;
• investigate misconduct;
• prevent unauthorized disclosures;
• enforce agreements or policies;
• exercise legal claims or defenses;
• or otherwise protect operational, legal, enterprise, marketplace, provider, or platform interests.

OppAction may also deny requests where:

• requests cannot be verified;
• requests appear fraudulent;
• requests are excessive or abusive;
• requests threaten operational integrity;
• requests conflict with legal obligations;
• requests impact rights or security of others;
• requests involve preserved evidentiary records;
• requests involve compliance-preserved information;
• or denial is otherwise permitted by applicable law.

16.6 Timing Expectations

OppAction will respond to verified requests within time periods required by applicable law.

Where permitted by law, OppAction may:

• extend response periods;
• request additional verification information;
• pause processing pending verification;
• charge permitted fees for excessive requests;
• or limit request frequency.

16.7 Appeals

Where required by applicable law, eligible individuals may appeal certain request determinations by contacting OppAction using the contact information identified in this Privacy Policy.

OppAction may deny appeals where permitted by applicable law.

17. Sensitive Data Restrictions

The Services are designed primarily for ecommerce optimization, analytics, automation, synchronization, AI-assisted workflows, marketplace operations, enterprise governance, and related commercial functionality.

The Services are not designed, intended, marketed, or authorized for the processing, storage, synchronization, transmission, export, publication, or operational handling of highly sensitive, regulated, protected, or special-category information unless expressly authorized in writing by Mugpire, LLC.

Users must not upload, transmit, synchronize, process, export, publish, disclose, or otherwise provide highly sensitive or regulated information through the Services unless expressly authorized in writing by OppAction.

Examples of prohibited or restricted sensitive information may include:

• Social Security numbers;
• government identification numbers;
• passport numbers;
• driver’s license numbers;
• state identification numbers;
• banking credentials;
• financial-account credentials;
• payment-card information outside expressly authorized payment workflows;
• full payment-card numbers;
• authentication secrets;
• highly sensitive authentication data;
• private cryptographic keys;
• biometric data;
• facial-recognition data;
• fingerprint data;
• voiceprint data;
• precise geolocation information;
• medical records;
• health information;
• protected health information;
• insurance information;
• pharmaceutical information;
• children’s data;
• student records;
• protected classifications;
• racial or ethnic origin information;
• religious information;
• union-membership information;
• sexual-orientation information;
• citizenship-status information;
• immigration-status information;
• criminal-history information;
• background-check information;
• regulated financial information;
• export-controlled information;
• government-classified information;
• or other regulated, restricted, protected, or highly sensitive information.

Users are solely responsible for:

• ensuring lawful uploads;
• ensuring lawful processing;
• ensuring lawful synchronization;
• ensuring lawful disclosures;
• ensuring lawful exports;
• ensuring lawful publication activities;
• obtaining all required consents;
• obtaining all required authorizations;
• obtaining all required permissions;
• complying with privacy laws;
• complying with security obligations;
• complying with contractual obligations;
• complying with marketplace requirements;
• and complying with regulatory requirements.

OppAction disclaims responsibility and liability for:

• unauthorized sensitive-data uploads;
• unlawful disclosures;
• unauthorized synchronization;
• unlawful exports;
• regulatory violations;
• enterprise misuse;
• delegated-user misuse;
• AI-agent misuse;
• automation-related disclosures;
• and operational consequences arising from prohibited or unauthorized sensitive-data processing.

OppAction reserves the right to:

• restrict sensitive-data processing;
• remove content;
• suspend workflows;
• disable integrations;
• revoke access;
• preserve evidence;
• investigate activity;
• cooperate with regulators or law enforcement;
• and take operational or security actions reasonably necessary to protect the Services, users, providers, marketplaces, or operational infrastructure.

18. Security Incidents & Operational Response

OppAction may investigate, analyze, respond to, mitigate, preserve records relating to, disclose information regarding, or cooperate with providers, marketplaces, regulators, law enforcement, infrastructure providers, enterprise organizations, security vendors, incident-response providers, or affected parties regarding suspected or actual:

• security incidents;
• breaches;
• unauthorized access;
• credential compromise;
• account compromise;
• OAuth compromise;
• token compromise;
• API abuse;
• synchronization abuse;
• automation abuse;
• malware;
• ransomware;
• infrastructure attacks;
• denial-of-service attacks;
• distributed denial-of-service attacks;
• phishing;
• fraud;
• suspicious activity;
• operational threats;
• workflow compromise;
• AI-system abuse;
• provider-related incidents;
• marketplace-related incidents;
• infrastructure failures;
• or related operational, legal, security, governance, or compliance concerns.

OppAction reserves the right to take operational, technical, administrative, governance, investigatory, evidentiary, security-related, or emergency-response actions reasonably necessary to:

• protect the Services;
• protect operational infrastructure;
• preserve evidence;
• preserve operational continuity;
• investigate incidents;
• detect abuse;
• prevent fraud;
• protect enterprise environments;
• maintain synchronization integrity;
• maintain workflow integrity;
• preserve audit integrity;
• protect providers or marketplaces;
• comply with legal obligations;
• cooperate with investigations;
• and maintain operational governance or security.

Such actions may include:

• preserving logs;
• preserving audit records;
• preserving backups;
• preserving synchronization records;
• preserving workflow records;
• preserving authentication records;
• preserving operational telemetry;
• restricting workflows;
• suspending accounts;
• disabling automations;
• disabling APIs;
• revoking tokens;
• disconnecting integrations;
• limiting synchronization systems;
• requiring credential resets;
• implementing emergency operational controls;
• or related operational-response measures.

No infrastructure, cloud provider, AI provider, synchronization framework, authentication system, workflow system, API ecosystem, marketplace integration, enterprise environment, or operational system can guarantee prevention of all incidents, unauthorized access, abuse, outages, or security events.

Incident detection, investigation, mitigation, remediation, containment, recovery, notification, disclosure, and operational-response timing may vary depending on:

• operational circumstances;
• provider dependencies;
• infrastructure limitations;
• legal requirements;
• evidentiary considerations;
• regulatory considerations;
• enterprise environments;
• synchronization dependencies;
• provider cooperation;
• operational visibility;
• threat severity;
• and security or governance considerations.

Notifications regarding incidents may be delayed, limited, restricted, or withheld where permitted by applicable law or where reasonably necessary to:

• preserve investigations;
• maintain operational security;
• prevent additional harm;
• preserve evidentiary integrity;
• comply with law-enforcement requests;
• comply with regulatory obligations;
• protect operational infrastructure;
• or protect affected users, providers, marketplaces, or enterprise environments.

Provider-related incidents, marketplace incidents, API failures, cloud-provider outages, synchronization failures, infrastructure attacks, authentication-provider incidents, or third-party operational disruptions may affect OppAction’s visibility into operational conditions, incident scope, operational timelines, available records, remediation capabilities, synchronization integrity, or response timing.

Third-party providers, marketplaces, cloud providers, AI providers, authentication providers, synchronization systems, APIs, infrastructure vendors, and enterprise systems may independently investigate, manage, disclose, mitigate, contain, or respond to incidents pursuant to their own policies, obligations, governance systems, and operational procedures.

OppAction may preserve, retain, reproduce, archive, analyze, disclose, or rely upon:

• logs;
• audit records;
• synchronization records;
• workflow records;
• API records;
• operational telemetry;
• backups;
• authentication records;
• browser metadata;
• device metadata;
• clickstream records;
• enterprise activity logs;
• AI interaction records;
• and related operational or evidentiary information

for purposes including:

• incident response;
• abuse prevention;
• fraud prevention;
• operational governance;
• security analysis;
• dispute resolution;
• arbitration;
• litigation;
• evidentiary preservation;
• regulatory cooperation;
• compliance review;
• and operational or legal defense.

19. Children’s Privacy

The Services are not directed to children.

Users must be legally authorized to use the Services under applicable law.

20. Changes to this Privacy Policy

OppAction may modify this Privacy Policy at any time.

Changes may result from:

• operational changes;
• legal requirements;
• provider requirements;
• marketplace requirements;
• AI-system changes;
• infrastructure changes;
• feature updates;
• synchronization changes;
• workflow changes;
• security requirements;
• or commercial considerations.

Material changes may require affirmative re-assent where required by law.

Continued use of the Services following updates may constitute acceptance where legally permitted.

21. Governing Terms

This Privacy Policy supplements and forms part of the OppAction Terms of Service.

The Terms of Service, arbitration provisions, dispute-resolution provisions, liability limitations, AI disclaimers, automation disclaimers, marketplace disclaimers, API terms, beta terms, enterprise agreements, operational policies, and supplemental feature disclosures apply fully to this Privacy Policy.

To the maximum extent permitted by applicable law, in the event of conflict, the provision providing the greatest protection to Mugpire, LLC and OppAction shall control.

Any expressly negotiated written agreement signed by Mugpire, LLC may supersede portions of this Privacy Policy solely to the extent expressly stated.

22. Contact Information

Mugpire, LLC d/b/a OppAction

PO Box 2869

Jackson, WY 83001

Email: legal@oppaction.com

Website: www.oppaction.com