Opera Neon Privacy Statement

Opera Neon has been built with user privacy in mind from the get-go. Opera Neon can work with you, or for you, by understanding your goals, taking direct action on your behalf, and deploying AI agents to accomplish tasks. To do this, it has to be able to understand certain things about you and your needs, and have certain data in hand. This privacy statement aims to give you clarity on what kind of data we process in Opera Neon (including but not limited to personal data) and for which purposes, as well as inform you about your rights and options under applicable laws.

First, let’s define some key terms. Many of these definitions are adapted from the General Data Protection Regulation (or “GDPR”), the data privacy law which applies in the European Union as well as in Norway. We use the GDPR as a guidepost because it applies directly to us as a European company and because we believe it sets the highest legal standards for our user privacy. In some cases we have simplified definitions here in order to make them easier to understand.

Personal data: Any information relating to an identified or identified natural person, as outlined in the GDPR.

Data controller: The person or company that decides whether and how to process personal data. For the purposes of this privacy statement, this is Opera Norway AS (“Opera”, “we,” “us” and “our”).

Data processor: Someone who processes personal data on behalf of a data controller.

Legal basis: The specific legal reason that allows us to process personal data. The GDPR sets out six specific grounds for processing personal data. The ones most relevant to Opera Neon are as follows:

• Consent: When we process personal data based on your consent, meaning we have asked for your permission to do so and you’ve expressly given it to us.
• Contractual grounds: When we process personal data because it is necessary to perform a contract, for example to provide you with a service as described in our Terms of Service or some other agreement.
• Legitimate interest: When we process personal data based on legitimate interest, meaning we have a legitimate reason to use the personal data (such as to ensure that products work properly, or to alert users about promotions and updates), which is in balance with your right to privacy.
• Legal compliance: When it is necessary for us to process personal data in order to fulfill other obligations under the law, for example detecting fraud, making sure you are who you say you are, etc.

Purpose: The specific reason or reasons we have for processing data, including personal data.

Process or processing: Collecting or using personal data. As defined in the GDPR, the word “processing” can mean doing almost anything with personal data. However, it never means selling such data or making it available to anyone in ways that are not covered by the GDPR. Below we have used it in this general sense when we have a general meaning in mind, and used more specific terms (like “store” or “share”) where appropriate.

Retention / retain: The time period for which we will continue to store data. In general, we do not process or store personal data longer than needed and therefore delete it after a certain period of time. Below we have included some more specific details on retention periods, which vary depending on the type of personal data and the purpose for which it is processed.

Transfer: Personal data is “transferred” when it is sent or made available to someone or some other company outside the European Economic Area (or EEA - that is the European Union plus Norway, Iceland, and Liechtenstein).

Opera Group: Our affiliated group of companies, including Opera Norway AS (a Norwegian company) which develops and publishes the Opera browsers, as well as other subsidiaries and affiliated companies around the world. For more information, see below.

In order to gain access to and start using Opera Neon you need to create and/or sign into an Opera account. Note that when you create an Opera account, your account and its associated data is not associated with the random ID of your browser installation, which remains separate.

When you create an Opera account, we ask for a preferred username and an email address. The email address will be used to identify you as a user and for password recovery. Alternatively, you can use other accounts (like Google, Facebook, Twitter/X, etc.) to sign into an Opera account and access our services with the same profile. If you use one of these other accounts to sign in, we may collect information such as your name, profile picture, and email address from them.

You can modify your Opera account, delete it, or request a copy of your data on your profile page. We retain your data for seven days after you’ve decided to discontinue your Opera account in case you choose to change your mind. After this seven-day period, your account and data are permanently deleted. Your Opera account with a verified email address will be deleted automatically if you don’t sign in for two years. Accounts with unverified email addresses will be deleted after six months of inactivity.

Purpose: To enable you to access and use Opera Neon

Legal basis: Contractual grounds

Opera Neon is a paid service. When you pay for Opera Neon, payment for your subscription will be handled by a third-party payment service provider, who will need to collect data like your card number, expiration data, and security code. However, the payment service provider does not share your card information with Opera. Instead, all they share is a customer ID, and some other relevant data, including a confirmation that you paid, and the subscription length. This purchase-confirmation data is shared with the companies that sell subscriptions to Opera Neon on our behalf, which may vary depending on where you live. If you live in the EU or the US, this will be another Opera Group company located in those territories; if you live outside the EU or US, the merchant of record is a third party, Nexway SASU.

Due to legal and regulatory requirements (e.g. accounting, taxes, civil claims), your subscription data will be retained for a period of up to five years from the time it was collected.

Purpose: To provide the service; To comply with legal obligations

Legal basis: Contractual grounds; Legal compliance

Opera Neon’s agentic capabilities are based on your input - any prompts, questions, chats, and any information or data you choose to provide to Opera Neon (“Input”). Your Input is shared with OpenAI or Google (both US-based companies) in order to process your request, carry out your instructions, and provide you with a result (“Output”). Opera Neon itself also automatically processes your Input to give you more precise or meaningful Output.

Your Input data is only retained for a short time by OpenAI and Google in order to provide you with more accurate and faster responses, and for abuse monitoring purposes. The data is permanently deleted after 30 days (for OpenAI) or 24 hours (for Google), and it is not used by OpenAI or Google for training AI models.

Depending on the nature of your Input, Opera Neon may need to gather additional data. For example, if you tell Opera Neon to research a topic online, or shop for you on an e-commerce website, Opera Neon will navigate to various webpages in order to carry out your instructions. As a result, Opera Neon will need to read and process the content of any websites that it visits in order to generate your requested Output. This information will also be shared with OpenAI or Google in order to process your request and provide you with Output, as described above.

Moreover, depending on your Input, Opera Neon identifies categories of prompts to be shared with Google for the purpose of generating Google Search Suggestions to enrich the Output. These searches are masked so as not to be associated with your Google account or your Neon/Opera account.

Your Input and most Output will be saved on your own device indefinitely, unless you choose to delete it yourself. Your Input and Output will also be stored on Opera’s servers, and will be automatically deleted after a short time, usually 30 days. In the case of your creations with Opera Neon, such as original websites, games, apps, and more, they are automatically removed from Opera’s servers and your device after 6 months. Opera does not train AI models on your data, and your data is not used for advertising or personalization purposes.

Purpose: To provide the serviceLegal basis: Contractual grounds

Opera has implemented a lot of features that increase the safety of Opera Neon. For example, we have configured it to not complete certain actions without your final approval. It will also block access to certain sensitive websites, like banking pages. Notwithstanding that, we strongly recommend that you stay mindful of where you browse and what kind of personal data you share in your Inputs.

Opera Neon is equipped with features that allow you to oversee the thought process of each action it undertakes, and let you take control at any moment. We recommend that you use this option when personal data is required, such as entering a username or a password.

Please note that Opera Neon aims to complete the tasks you ask of it, and, depending on the task, may be able to do so without further intervention from you. Do not use it for any harmful purposes (to third parties or yourself), especially where personal data is involved. It is strongly recommended that you do not rely on Neon for medical, legal or financial advice.

When it comes to your creations with Neon, you have the option to share the Output you received. It is recommended that you are mindful about where and with whom you share any Output, especially if it includes any personal data.

Depending on where you live, you may be able to purchase a premium VPN service called ‘VPN Pro’ through a subscription.

• VPN Pro is provided by a third-party service provider which owns, operates, and maintains the infrastructure which provides the Service. Data communicated through VPN Pro is encrypted and routed through one of thousands of servers around the world. However, we do not promise that the service is absolutely secure.
• VPN Pro is a no-log service. Neither we nor our third-party service provider collect or store records of web pages you visit or links you click on in the servers dedicated to this Service.
• In some cases, to use VPN Pro you need to create and sign into an Opera account. We use your Opera account to identify you as a valid subscriber to the VPN Pro service. We only share information required to identify you as a subscriber with our third-party service provider, including a random ID number that is not associated with any of your real-life personal information. We do not share other data or personal data such as your email or name with our third-party service provider.

Purpose: To provide the service
Legal basis: Contractual grounds

When you install an Opera application, a random installation ID is generated. We collect this identifier, as well as Machine ID, hardware specifications (model, release date, etc.), operating system, environment configuration, and feature usage data to improve our products and services. For example, we may use it to analyze how our users interact with our applications, or to determine the effectiveness of promotional campaigns, or to detect and debug problems. We have no practical way of using any of this data to identify you personally. We retain this usage data for up to three years. You can opt out of reporting extended statistics through the Settings menu under ‘Privacy and Security’, by disabling ‘Help improve Opera by sending feature usage information’.

Purpose: Improving our products
Legal basis: Legitimate interest (debugging and improving products and services)

If an Opera application crashes, we collect a log that includes some information about your browser’s version, your operating system, platform and some memory data related to the crash. We collect this data with the sole purpose of improving our products and services. Crash logs are kept for up to five months. You can opt out of reporting this data to us through the Settings menu under ‘Privacy and security’, by disabling ‘Automatically send crash reports to Opera’.

If you visit our websites, we may collect your IP address to help diagnose problems with our servers and to administer our websites. We use IP addresses of website visitors solely for this purpose and may keep these website access logs for up to six months.

Opera for computers on Windows includes a component called Browser Assistant that displays notifications promoting the browser’s features or the browser itself. Browser Assistant checks if any notifications are pending on a scheduled basis and may report occurrences of certain system events (such as low battery, low hard disk space, new Wi-Fi network connected, another browser installed). Browser Assistant collects this data, as well as a randomly generated Opera ID so that we can determine and evaluate the effectiveness and performance of the notifications that we display to users. We may retain this data for up to four years. You can opt out of this data collection through the Settings menu under ‘Privacy and Security’, by disabling ‘Display promotional notifications’.

Purpose: Improving our products

Legal basis: Legitimate interest (improving our products by understanding effectiveness of notifications to users)

We use a fraud prevention framework (which includes Google Safe Browsing) to check the primary domain name of the website you visit against lists of known malicious websites to protect you online. We do not collect full URLs of pages you visit for this purpose. We do not process any personal data in this context. You can disable this feature by heading to your browser Settings under ‘Privacy and security’, ‘Security’, and disabling ‘Protect me from malicious sites’.

Like other Opera browsers, Opera Neon allows you to customize the search engine used in the browser address bar. You can always change your default provider in the settings menu. Opera does not share personal data with search engine providers to enable search within Opera browsers.

Just like any other third-party website you might access, use of any search engine is subject to the terms of service and privacy policy offered by the specific search engine provider. For information on the web search services data collection, please check the search provider’s privacy policy.

On occasion, we may conduct promotional activities in order to acquire more users, improve our products and services, or let more people hear about us. Such activities include, but are not limited to, contests, surveys, giveaways, and marketing campaigns. To support such activities, we need to process some data. You provide some of this data yourself when you submit it to us for some specific purpose. For example, if you decide to provide feedback to Opera, or participate in a promotional campaign, contest, or survey organized by Opera or our partners on behalf of Opera, we may ask you to provide relevant information applicable to the specific activity. Examples can include: your name, age, phone number, email, postal address, or proof of identity. Depending on the nature of the campaign or contest, it may be necessary to share such data relevant to the campaign or contest with third parties. When that applies, we will make it clear in the terms applicable to the campaign.

If you agree to receive marketing information from Opera via email, SMS, or push notifications, we may use third party technology providers to deliver such messages to you. You can opt out from marketing communications at any time in your Opera account profile settings or directly from a marketing email you received. If you submit your phone number or email address on an application download page, we may send you a download link via SMS or email for your convenience.

In Opera Neon, we may use the Browser Assistant component to promote the browser and its features to you. Browser Assistant comes as part of Opera browsers for Windows, and may be manually removed from the system’s startup list, or via the browser settings. To learn more about Browser Assistant, please read our dedicated section on it in this statement.

In general, when we process your personal data in the context of a promotional campaign, contest, or survey, we do so on the basis that such processing is necessary to enable you to participate in the campaign. In some cases, we process data for marketing purposes based on your consent.

In any case, we do not retain your data for longer than necessary to fulfill the specific purpose for which the data was initially collected. You can always control your preferences via your browser settings or through your Opera account, and if you have other concerns you can reach out to us through this form.

Purpose: To promote our products and services

Legal basis: Varies by context as explained above - may include contractual grounds, legitimate interest, or consent (in some cases)

Our applications and services include third-party technology or code, some of which may use your data in different ways. When such third-party technologies use previously collected data, they typically act as data processors for us. When they collect data on their own, they typically act as independent data controllers. For convenience, we have included links to their privacy policies below. Data controllers are marked with an asterisk.

• Third-party features:
  • Google Geolocation API (Windows only)*
  • Google Safe Browsing
  • Google Ads
  • Firebase Analytics
• Payment service providers:
  • NexWay SASU
  • Stripe
• Technology providers:
  • Brevo
  • Freshdesk
  • OpenAI
  • Google
  • Mixpanel
  • Xenforo

Please note that this list of third-party entities applies only to the currently supported versions of our applications and services.

Data Controller & Internal Processing

Opera browsers are developed and published by Opera Norway AS, a company registered under the laws of Norway. Therefore Opera Norway AS acts as the primary data controller for Opera browsers and services.

Children’s Privacy

Opera Neon is not intended for use by children. As provided in our Terms of Service for Opera Neon, we require users to be at least 18 years old and have full legal capacity. Parents who wish to allow their children to use Opera Neon are responsible for reading this privacy statement and related terms before doing so.

International Data Transfers

As noted above, depending on where you live, appointed entities from Opera Group sell subscriptions to Opera Neon on our behalf and therefore we may share data (including personal data) with them in order to make Opera Neon available to you. If you share personal information in your Inputs, our AI model providing partners (Google and OpenAI) may also receive such information, although such information will not be used for any purpose other than providing you with an Output, as outlined in the Input & Output section of this privacy statement. Where applicable, we insist that a valid legal mechanism is used to protect such transfer, including, for example, the European Union’s model contracts for the transfer of personal data to third countries (also known as the “standard contractual clauses”) to ensure adequate protection of your personal data.

Your Rights And Statement Updates

You have the right to make a request to access or delete any of your personal data that we might possess. You can make a request via this online request form or by contacting our Data Protection Officer at the address below. You may be required to provide additional information to authenticate your request. You also have the right to lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority, which can be contacted through their webpage.

When we post changes to this privacy statement, we will include the date when the statement was last updated. If we significantly change this statement, we will notify you about the upcoming change via our website or using in-app notifications. We encourage you to review this statement periodically.

Contact

If you have any questions about this statement or any privacy issues in our applications or services, feel free to contact our Data Protection Officer via this online request form or by post:

Opera Norway ASP.O. Box 4214,Nydalen 0401,Oslo,Norway