Legal

Privacy Policy

Last updated: April 30, 2026

1. INTRODUCTION

OpenSERP ("we", "us", "our") operates the website openserp.org and the OpenSERP API. This Privacy Policy explains how we collect, use, and protect your information.

2. DATA WE COLLECT

2.1 Account Data

  • Email address (provided at registration)
  • Hashed password (we never store plaintext passwords)

2.2 Billing Data

  • Transaction records (amounts, dates, payment references)
  • We do NOT store payment card details or cryptocurrency wallet addresses - payments are processed entirely by our third-party payment provider

2.3 Usage Data

  • API request logs: timestamp, endpoint called, API key used, response status
  • Purpose: billing calculation, rate limiting, abuse prevention
  • We do NOT store the content of your search queries or search results

2.4 Technical Data

  • IP address (used for rate limiting and security; not linked to your profile)
  • Browser user agent (when accessing the website)

2.5 Waitlist Data

If you join the OpenSERP Cloud waitlist, we may email you about early access, onboarding, product availability, and related launch updates.

  • Email address and optional use case description (if you signed up for early access)
  • UTM parameters and referrer, when present, to understand how people found the waitlist
  • Cloudflare Turnstile verification data used to prevent automated or abusive submissions

3. HOW WE USE YOUR DATA

  • To provide and maintain the Service
  • To process payments and maintain your account balance
  • To enforce rate limits and prevent abuse
  • To communicate service updates and important notices
  • To manage the OpenSERP Cloud waitlist, early-access onboarding, and launch planning
  • To comply with legal obligations

4. DATA SHARING

We do NOT sell, rent, or trade your personal data. We share data only with:

  • Hosting provider (Cloudflare) - to serve our website and API
  • Payment provider - to process top-up payments
  • Law enforcement - only when required by valid legal process

5. DATA RETENTION

  • Account data: retained while your account is active, deleted upon request
  • Usage/billing logs: retained for up to 12 months for billing accuracy and dispute resolution
  • Waitlist data: retained until the waitlist program ends, unless you request deletion earlier

6. COOKIES AND TRACKING

  • We use only essential cookies required for the Service to function (authentication session)
  • We use Cloudflare Turnstile for bot protection, which may set its own cookies
  • We do NOT use advertising or third-party tracking cookies
  • See our Cookie Policy for details

7. YOUR RIGHTS (GDPR & SIMILAR LAWS)

If you are in the EU/EEA or a jurisdiction with similar data protection laws, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Port your data to another service
  • Restrict or object to certain processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at [email protected] . We will respond within 30 days.

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and secure API key storage.

9. INTERNATIONAL TRANSFERS

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place in accordance with applicable data protection law.

10. CHILDREN

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on our website.

12. CONTACT

For privacy-related questions or requests: