Security & Data Handling Architecture

Data Protection GDPR & Hosting Specs

Security Summary

OPAL protects your agricultural boundaries and personal information using industry-standard serverless security. User accounts are isolated using strict Firebase database rules, database archives reside exclusively within the European Union (EU) to meet GDPR regulations, and coordinates are processed transiently without long-term location logging. Users maintain complete ownership and can export or delete their entire account instantly with a single button.

1. User Authentication & Credential Security

OPAL implements Google Firebase Authentication to manage user login profiles and access credentials. Because authentication is delegated to Google’s identity servers, OPAL never handles, processes, or stores your raw passwords. All connections use Transport Layer Security (TLS 1.3) to encrypt data in transit between your mobile device and the Google database cloud.

2. Database Residency & Regional Isolation

OPAL structures its database layout to prevent data leakage and ensure sovereign protection for EU growers:

3. Permanent Deletion & Data Ownership

OPAL believes that you own your agricultural data. Consistent with GDPR data portability and erasure mandates, the platform provides direct self-service options in your Settings console:

Right Self-Service Action in OPAL Technical Effect
Portability Settings → Privacy → Download my data Exports your entire Firestore profile, field coordinates, and historical analysis records into a standard JSON file instantly.
Erasure Settings → Privacy → Delete my account Triggers a cascading delete script. All coordinates, calibrations, settings, and reports are permanently deleted. No offline backups are maintained.

4. Weather & Satellite API Ingestion Security

When fetching crop weather and satellite profiles, OPAL minimizes the data shared with external APIs: