Privacy Infrastructure at Scale

Legal documents that live in your repo, stay in sync with your code, and prove compliance on demand. Built on the open-source OpenPolicy framework — cloud-backed consent tracking, versioning, and audit trail from day one.

Book a demo

GDPR (EU)

CCPA / CPRA

LGPD (Brazil)

PIPEDA (Canada)

APPI (Japan)

PDPA (Singapore)

Privacy Act (AU)

DPDP (India)

POPIA (South Africa)

Everything you need for policy compliance

Write once in TypeScript, get correctly-worded policies in every language and jurisdiction — with consent tracking built in.

TypeScript-first policies

Define your privacy policy, terms, and cookie policy in code. Version-controlled, diffable, and reviewable like any other source file.

Multi-jurisdiction support

GDPR, CCPA, UK GDPR, LGPD, and more. OpenPolicy generates the right language for each region automatically — no manual copy-paste.

User consent tracking

Know which users have accepted which version of each policy. Surface compliance gaps before they become audit findings.

Auto-versioning & rollout

Every policy change creates a new version. Roll out updates progressively, prompt only affected users, and track acceptance in real time.

Always in sync

Policies are regenerated on every build by the Vite plugin. Your privacy policy can never drift out of date with your actual data practices — enforced by the build pipeline.

Drop-in integrations

PostHog, Linear, GitHub, and more. Pipe compliance signals directly into the tools your team already uses.

From config to compliance in minutes

Define your policy

Add an OpenPolicy config to your project. Describe your data practices, jurisdictions, and service details in TypeScript.

Connect to OpenPolicy+

Push your config. We generate legally-worded documents as build-time artifacts and give you a typed client and consent API to embed in your app.

Track consent automatically

Every user acceptance is recorded. Dashboards show compliance rates by policy, version, and jurisdiction at a glance.

src/lib/consent.ts

import config from "#/lib/openpolicy";
import { createClient } from "@openpolicy/plus";

const client = createClient(config);

// Record consent when a user accepts your policies
await client.consent({
  user: { id: user.id, email: user.email, plan: user.plan },
});

// Check if policies changed since the user last consented
const changes = await client.changes(user.id);
if (changes.length > 0) {
  // Prompt the user to review and re-accept
}

// Check the current user's jurisdiction
const jurisdiction = await client.jurisdiction(user.id);
if (jurisdiction === "gdpr") {
  // Show cookie banner
}

Consent tracking

Know exactly who has accepted what, and when.

Every policy acceptance is timestamped and tied to a specific document version. Filter by policy, jurisdiction, or cohort — and export a full audit trail whenever compliance or legal asks for it.

Per-user acceptance history across all policy types
Version-aware: know if a user is on v3 or still on v1
Jurisdiction-level compliance rates at a glance
Export to CSV for legal and audit workflows

Compliance overview — last 30 days

98.2%

GDPR consent rate

847

Users on latest version

Pending re-consent (v3.1)

Jurisdictions tracked

Active rollout

72% complete

GDPR89% · 412 / 463

CCPA / CPRA71% · 198 / 279

UK GDPR68% · 80 / 117

Grace period ends in 4 days

Update management

Roll out policy changes without the scramble.

When your legal team updates your privacy policy, OpenPolicy+ creates a new version, surfaces a re-consent prompt to affected users, and tracks rollout progress in real time — so you're never left guessing who still needs to sign.

Automatic versioning on every policy change
Targeted re-consent: only prompt users who need to re-accept
Live rollout progress by segment and jurisdiction
Configurable grace periods before enforcement

PR bot

Catch compliance drift before it merges.

The OpenPolicy+ GitHub bot reviews pull requests that touch your policy config. It summarises what changed in plain English, flags jurisdiction gaps, and posts a diff of the generated document — keeping your legal team in the loop without pulling them into every code review.

Automatic PR comments on policy config changes
Plain-English summary of what changed legally
Rendered document diff so reviewers see the real impact
Optional approval gate before merging policy changes

openpolicy.config.ts

thirdParties: [

{ name: 'Stripe', purpose: 'payments' },

+ { name: 'Meta Pixel', purpose: 'advertising' },

dataTypes: [

+ 'behavioral_targeting',

openpolicy-botflagged 2 issues

⚠

Meta Pixel requires explicit opt-in under GDPR

Advertising processors must be listed in your cookie policy with a consent gate — currently missing.

behavioral_targeting not disclosed under CCPA

This data type requires a "Do Not Sell" opt-out link. Merge blocked until resolved.

openpolicy.config.ts

import { defineConfig } from "@openpolicy/sdk";
import { dataCollected, thirdParties } from "@openpolicy/sdk";

export default defineConfig({
  company: {
    name: "OpenPolicy",
  },
  effectiveDate: "2026-01-01",
  jurisdictions: ["eu", "us"],
  dataCollected,
  thirdParties,
});

Built for developers

Policies that live in your repo, not a dashboard.

Define everything in TypeScript — fully typed, diff-friendly, and reviewable in your normal code review flow. OpenPolicy+ takes care of the legal rendering, consent tracking, and compliance reporting so your team stays in their IDE, not a legal portal.

Fully typed config — autocomplete for jurisdictions, data types, and third parties
Vite plugin — generates documents as part of your existing build pipeline
Typed client — consume your policy metadata from any TypeScript app
Open source core — the OpenPolicy framework is open-source and GPL3 licensed

See OpenPolicy+ in action

Book a 20-minute walkthrough and we'll show you how teams ship compliant products with OpenPolicy+.

Book a demo