Privacy Policy

Dream Therapeutics LLC dba OpFlow5  ·  Last Updated: May 2026

Introduction

Dream Therapeutics LLC, a Texas limited liability company doing business as OpFlow5 ("OpFlow5," "we," "our," or "us"), is committed to protecting the privacy of the businesses and individuals who use the OpFlow5 manufacturing operations management platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, store, and protect information in connection with your access to and use of the Platform.

This Policy applies to information about Users of the Platform, including company administrators, managers, and employees. This Policy does not apply to Customer Data — the operational information that customers input into the Platform, such as work orders, inventory, and production data. Customer Data is owned and controlled by the Customer and is processed by OpFlow5 solely as a data processor under the Customer's direction.

BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS POLICY, DO NOT USE THE PLATFORM.

Section 1 — Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you register for an account (name, business email address, company name, job title, phone number, and billing address); create or update your user profile; complete a subscription agreement; contact us for customer support; submit feedback or feature requests; or participate in the Pilot Program.

1.2 Payment Information

When you purchase a Subscription, we collect billing information including billing contact name, billing address, and payment method details. OpFlow5 does not store full credit card numbers on its servers. Payment processing is handled by secure, PCI-compliant third-party payment processors. We retain limited billing information (such as last four digits of card number and billing address) for billing administration and fraud prevention.

1.3 Information Collected Automatically

When you access or use the Platform, we automatically collect:

1.4 Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies to maintain session state, authenticate Users, remember preferences, and analyze usage patterns. We use strictly necessary cookies required for the Platform to function; functional cookies that remember your settings; and analytics cookies that help us understand how Users interact with the Platform. We do not use advertising cookies or sell your data for advertising purposes.

1.5 PWA Installation Data

If you install the Platform as a Progressive Web Application (PWA) on a device, the Platform may store data locally on that device, including cached copies of Platform content for offline use. You are responsible for securing devices on which the PWA is installed. See Section 6 of this Policy for PWA-specific privacy considerations.

1.6 Information from Third Parties

We may receive information about you from third parties, including your employer or organization (if your User account is provisioned by a company administrator), referral partners, and publicly available business information sources.

Section 2 — How We Use Information

2.1 Providing and Improving the Platform

We use the information we collect to create, maintain, and manage User accounts and Subscriptions; provide, operate, and improve the Platform and its features; authenticate Users and maintain Platform security; process payments and manage billing; provide customer support; diagnose and fix technical issues; analyze usage patterns to improve Platform design; develop new features; and ensure Platform performance and security.

2.2 Communications

We use contact information to send transactional communications (account confirmations, billing statements, renewal notices, and security alerts); service announcements regarding material changes to the Platform or Terms; customer support responses; product updates and feature announcements; and educational content with your consent or as permitted by applicable law. You may opt out of non-essential marketing communications at any time using the unsubscribe link in any marketing email or by contacting us at privacy@opflow5.com.

2.3 Security and Fraud Prevention

We use information to detect, prevent, investigate, and respond to security incidents, fraud, unauthorized access, and misuse of the Platform.

2.4 Legal and Compliance

We may use information to comply with applicable law, respond to legal process, enforce our Terms of Service, and protect the rights and safety of OpFlow5, its Users, and the public.

2.5 Aggregated Analytics

We may use de-identified, aggregated data derived from Platform usage — data that cannot identify any individual User or Customer — for benchmarking, product development, and industry analysis purposes.

Section 3 — How We Share Information

3.1 Service Providers

We share information with third-party service providers that perform services on our behalf, including cloud infrastructure hosting, payment processing, email delivery, customer support tools, analytics platforms, and security monitoring. All service providers are contractually bound to use information only as directed by OpFlow5 and in compliance with applicable law.

3.2 Company Administrators

If your User account is administered by a company (your employer), that organization's designated administrators may have access to your account information, usage data, and the Customer Data you create within the Platform. Your organization controls the data associated with its OpFlow5 account.

3.3 Legal Obligations

We may disclose information when required by applicable law, court order, subpoena, or governmental authority. Where legally permissible, we will attempt to provide reasonable advance notice before disclosing information to governmental authorities.

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or substantially all of OpFlow5's assets, information held by OpFlow5 may be transferred to the successor entity. We will provide notice to affected Users before any such transfer becomes effective.

3.5 With Your Consent

We may share your information with third parties for other purposes with your prior written consent.

3.6 What We Do Not Do

OpFlow5 does not and will never:

Section 4 — Data Security

4.1 Security Measures

OpFlow5 implements commercially reasonable administrative, technical, and physical safeguards to protect information against unauthorized access, disclosure, alteration, and destruction. These measures include encrypted data transmission using TLS/HTTPS; encryption of sensitive data at rest; role-based access controls limiting employee access to Customer Data; regular security assessments and vulnerability testing; incident response procedures; and employee security training.

4.2 Limitations of Security

No security system is impenetrable, and no method of data transmission over the internet is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for the security of devices used to access the Platform, including devices on which the PWA is installed.

4.3 Security Breach Notification

In the event of a confirmed breach of security affecting personal information, we will notify affected Customers and, where required by applicable law, the relevant regulatory authorities, within the timeframes required by law.

Section 5 — Data Retention

5.1 Account Information

We retain User account information for as long as an account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

5.2 Customer Data

Customer Data is retained in accordance with Section 8.5 of the Terms of Service — for the duration of the active Subscription or Pilot Period and for a thirty (30) day Retention Period following termination, after which it is permanently deleted.

5.3 Technical Logs

Technical logs, access records, and diagnostic data are retained for the period necessary to maintain Platform security and fulfill legal obligations, typically between thirty (30) days and two (2) years.

5.4 Financial Records

Billing and payment records are retained for as long as required by applicable tax and accounting laws, typically a minimum of seven (7) years.

5.5 Marketing Communications

If you have consented to receive marketing communications, we retain your contact information for this purpose until you opt out or until we no longer have a legitimate need to retain it.

Section 6 — Progressive Web Application and Offline Data Privacy

6.1 Local Device Storage

When you install and use the Platform as a PWA, the Platform may store data locally on your device, including cached copies of Platform content for offline access. This locally stored data may include Customer Data such as work orders, production schedules, and inventory information. You are solely responsible for securing all devices on which the PWA is installed; ensuring unauthorized individuals cannot access locally cached data; implementing appropriate device security measures (screen lock, password protection, device encryption); promptly reporting any lost or stolen devices with the PWA installed; and removing the PWA and clearing cached data from devices when a User's employment or authorization ends.

6.2 Shared and Factory Floor Devices

If the Platform is accessed on shared devices — including shared factory floor computers or tablets — Customer is responsible for ensuring that Users properly log out of their sessions and that session data is not accessible to unauthorized individuals.

6.3 Offline Data Risks

Data cached locally on a device for offline use may persist on the device after the User logs out or after the Subscription ends. Customer is responsible for clearing cached data from devices when appropriate.

Section 7 — Your Rights and Choices

7.1 Access and Correction

Users may access and update their personal profile information through the Platform's account settings. If you believe we hold inaccurate information that you cannot correct through the Platform, contact us at privacy@opflow5.com.

7.2 Account Deletion

Users may request deletion of their individual User account by contacting us at privacy@opflow5.com. Customer administrators may delete the entire Customer account through the Platform's account management interface, subject to the Terms of Service.

7.3 Data Export

Customers may export Customer Data during an active Subscription using the Platform's export functionality as described in Section 22 of the Terms of Service.

7.4 Marketing Opt-Out

You may opt out of non-essential marketing communications at any time by clicking the unsubscribe link in any marketing email, updating your communication preferences in account settings, or contacting us at privacy@opflow5.com.

Section 8 — Children's Privacy

The Platform is not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). If we become aware that we have collected personal information from a minor, we will take prompt steps to delete such information. Contact us at privacy@opflow5.com if you believe we have inadvertently collected information from a minor.

Section 9 — Regional Privacy Disclosures

9.1 Texas Residents

The Platform is operated by a Texas limited liability company, and Texas law governs this Policy. Texas residents may have certain rights under the Texas Data Privacy and Security Act (TDPSA), including the right to access, correct, delete, and obtain a portable copy of your personal data, and the right to opt out of targeted advertising or profiling. To exercise these rights, contact us at privacy@opflow5.com. We will respond within forty-five (45) days.

9.2 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with additional rights. OpFlow5 does not sell personal information and does not share personal information for cross-context behavioral advertising purposes. To submit a privacy request under the CCPA, contact us at privacy@opflow5.com. We will not discriminate against you for exercising your CCPA rights.

9.3 European Economic Area and United Kingdom

If you are located in the EEA or UK, you may have rights under the GDPR or UK GDPR, including the right to access, rectify, erase, restrict processing of, and port your personal data, and the right to lodge a complaint with your local data protection authority. For GDPR-related inquiries, contact us at privacy@opflow5.com.

9.4 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions in which we operate. Contact us at privacy@opflow5.com with questions about your rights in any jurisdiction not addressed above.

Section 10 — Third-Party Links and Services

The Platform may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing them with personal information.

Section 11 — Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting a notice within the Platform or by email at least thirty (30) days before the changes take effect. Your continued use of the Platform after the effective date of a revised Policy constitutes your acceptance of the revised Policy.

Section 12 — How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or OpFlow5's data practices, please contact us:

Dream Therapeutics LLC dba OpFlow5
Attn: Privacy Officer
Texas, United States
Email: privacy@opflow5.com
Website: opflow5.com/privacy

We will respond to all privacy-related inquiries within a reasonable time and no later than required by applicable law.

— End of Privacy Policy —
Dream Therapeutics LLC dba OpFlow5  ·  privacy@opflow5.com  ·  opflow5.com/privacy