OpenPolicy Plus
Privacy Policy
Introduction
This Privacy Policy describes how OpenPolicy ("we", "us", or "our") collects, uses, and shares information about you when you use our services. Effective Date: 2026-01-01.
If you have questions about this policy, please contact us at jamie@openpolicy.sh.
Information We Collect
We collect the following categories of personal data for the purposes described below. Under GDPR Article 6, we rely on the lawful bases shown for each processing purpose:
| Category | Fields collected | Purpose | Lawful basis |
|---|---|---|---|
| Personal Information | Full Name, Email Address | Account creation and management | Performance of a contract (Article 6(1)(b)) |
| Usage Data | Location, IP Address | Analytics and performance monitoring | Performance of a contract (Article 6(1)(b)) |
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Article 22.
Data Retention
We retain your data for the following periods:
| Category | Retention period |
|---|---|
| Personal Information | Duration of account plus 90 days after deletion |
| Usage Data | 30 days after usage |
Whether You Are Required to Provide This Data
For each category of personal data we collect, we set out below whether you are required to provide it — by law, under our contract with you, or as a precondition to entering into a contract — or whether provision is voluntary, together with the consequences of failing to provide it.
| Category | Requirement | Consequences |
|---|---|---|
| Personal Information | Required under our contract with you | Users cannot use the service without providing this information |
| Usage Data | Required under our contract with you | Users cannot use the service without providing this information |
Third-Party Services
We share data with the following third-party services:
| Service | Purpose | Privacy policy |
|---|---|---|
| Databuddy | Analytics | View |
| Railway | Hosting Infrastructure | View |
Your Rights
You have the following rights regarding your personal data:
- Right to access your personal data
- Right to correct inaccurate data
- Right to request deletion of your data
- Right to receive your data in a portable format
- Right to restrict how we process your data
- Right to object to processing
- Right to opt out of the sale of your personal information
- Right to non-discriminatory treatment for exercising your rights
GDPR Supplemental Disclosures
This section applies to individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).
Data Controller: PolicyStack Ltd, 36a Staines Road, Twickenham, TW2 5AH
We have not appointed a Data Protection Officer. Our processing activities do not meet the thresholds in GDPR Article 37(1) that would require one.
You have the right to lodge a complaint with the data protection supervisory authority in your country of residence, place of work, or place of the alleged infringement. A list of EEA supervisory authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en.
Where we transfer your personal data outside the EEA, we rely on one or more of the safeguards permitted under Chapter V of the GDPR: (a) transfers to countries the European Commission has determined provide an adequate level of data protection (the current list is published at commission.europa.eu/.../adequacy-decisions_en); (b) Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46(2)(c); and (c) Binding Corporate Rules approved under Article 47 where applicable. You may request further information about the specific safeguards applied to a particular transfer by contacting us at jamie@openpolicy.sh.
UK Privacy Rights (UK-GDPR)
This section applies to individuals in the United Kingdom under the UK General Data Protection Regulation (UK-GDPR), as tailored by the Data Protection Act 2018.
Data Controller: PolicyStack Ltd, 36a Staines Road, Twickenham, TW2 5AH
We have not appointed a Data Protection Officer. Our processing activities do not meet the thresholds in GDPR Article 37(1) that would require one.
The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). If you believe we have not handled your data in accordance with UK data protection law, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint.
If we transfer your personal data outside the United Kingdom, we ensure appropriate safeguards are in place in accordance with the UK-GDPR, including the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses where applicable.
California Privacy Rights (CCPA)
If you are a California resident, you have the following additional rights:
- Right to Know — You may request disclosure of the personal information we collect, use, and share about you.
- Right to Delete — You may request deletion of personal information we have collected about you.
- Right to Opt-Out — You may opt out of the sale of your personal information.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
Submitting requests. To exercise any of these rights, contact us using one of the methods below. We will respond within the timeframes required by CCPA §1798.130.
- Email: jamie@openpolicy.sh
Contact Us
Contact us:
- Legal Name: PolicyStack Ltd
- Address: 36a Staines Road, Twickenham, TW2 5AH
- Email: jamie@openpolicy.sh