Privacy Policy

Introduction

This Privacy Policy describes how OpenPolicy ("we", "us", or "our") collects, uses, and shares information about you when you use our services. Effective Date: 2026-01-01.

If you have questions about this policy, please contact us at privacy@openpolicy.sh.

Information We Collect

We collect the following categories of information:

• account
  • email address
  • name
  • password hash
• usage
  • pages visited
  • features used
  • API call metadata
  • timestamps
• consentRecords
  • external user ID
  • IP address
  • browser user agent
  • jurisdiction
  • policy version accepted

Legal Basis for Processing

Contract performance for account data; legitimate interest for usage analytics; legal obligation for consent records

Data Retention

We retain your data for the following periods:

• account: Duration of account plus 90 days after deletion
• usage: 12 months
• consentRecords: 7 years to satisfy legal and regulatory obligations

Cookies and Tracking

We use the following types of cookies and tracking technologies:

• Essential cookies — required for the service to function
• Analytics cookies — help us understand how the service is used

Third-Party Services

We share data with the following third-party services:

• Resend — Transactional email (invitations, notifications)
• Databuddy — Product analytics
• Stripe — Payment processing

Your Rights

You have the following rights regarding your personal data:

• Right to access your personal data
• Right to correct inaccurate data
• Right to request deletion of your data
• Right to receive your data in a portable format
• Right to object to processing
• Right to restrict how we process your data

GDPR Supplemental Disclosures

This section applies to individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

Data Controller: Terms Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom

In addition to the rights listed above, you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.

If we transfer your personal data outside the EEA, we ensure adequate safeguards are in place in accordance with GDPR requirements.

California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights:

• Right to Know — You may request disclosure of the personal information we collect, use, and share about you.
• Right to Delete — You may request deletion of personal information we have collected about you.
• Right to Opt-Out — You may opt out of the sale of your personal information.
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

Contact Us

Contact us:

• Legal Name: Terms Ltd
• Address: 86-90 Paul Street, London, EC2A 4NE, United Kingdom
• Email: privacy@openpolicy.sh