Openturn
Sign up

Privacy Policy

What we collect when you use Openturn, how we use it, and the choices you have.

This Privacy Policy describes how Openturn collects and uses information about you when you use the Service. By using Openturn, you agree to this Policy.

We're a small team and we've tried to keep this readable. Short version: we collect what we need to run the Service and prevent abuse, we don't sell your data, and we don't use your deployment content to train ML models.

1. What we collect

Account info. When you sign up, our authentication provider handles sign-in for us. We receive the basic profile fields you authorize — typically your name, email address, and an opaque user ID. We don't see or store your password.

Deployment data. When you create a project or deploy a game, we store the project name, slug, version history, the code and assets you upload, and configuration like environment variables and API token metadata. API tokens are stored only as a hash; we can't recover the original value once it's been shown to you.

Usage logs. We log basic information about requests — IP address, user-agent, path, response status, timestamp, request ID — so we can operate the Service, prevent abuse, and debug issues.

Cookies. A small number, mostly a session cookie to keep you signed in and a theme-preference cookie. No third-party advertising cookies.

Product analytics. We use PostHog to understand how the Service is used in aggregate so we can improve it. PostHog sets a small ph_* cookie with an opaque device identifier, and records anonymous pageviews plus a curated set of product events (button clicks, form submissions, deploy and token actions). When you're signed in, those events are associated with your account so we can build product funnels — we send your account ID, email, name, and public handle to PostHog for that purpose. We don't enable PostHog session replay. PostHog requests are proxied through our own domain (/ingest) so they keep working with ad-blockers, but the data still ends up at PostHog under their privacy policy.

Communications. If you contact us, we keep a copy of the conversation so we can respond and follow up.

2. How we use it

We use the information we collect to:

  • run the Service — authenticate you, host your deployments, and serve them to end-users;
  • review deployment content as described in our Terms of Service. Review may be automated, manual, or both, and helps us enforce our content guidelines and detect abuse;
  • prevent fraud, abuse, and security incidents;
  • send account, security, and service-related messages, and product updates only if you opt in;
  • understand, in aggregate, how the Service is used so we can improve it;
  • meet legal obligations.

We don't sell your personal information, and we don't use your deployment content to train machine-learning models without your explicit permission.

3. Sharing

We share information only with:

  • Sub-processors that help us run the Service — for example, our hosting provider, authentication provider, and email provider. They're contractually required to protect your information.
  • End-users of your deployments, who see whatever your deployment exposes to them.
  • Authorities, when we believe in good faith that disclosure is required by law, necessary to protect our rights, or necessary to prevent imminent harm.
  • A future successor, in the event of a merger, acquisition, or asset sale, subject to this Policy.

4. Retention

We keep account and deployment data while your account is active. Request logs are kept for a limited time and then deleted or aggregated. When you delete a project or close your account, we remove the associated content from production within a reasonable period; backups may persist a little longer before being overwritten.

5. Your choices

Depending on where you live, you may have rights to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. You can do most of this from the dashboard, or by contacting us. We'll respond within whatever period the law requires.

6. Children

Openturn isn't directed at children under 13 (or the minimum digital-consent age where you live). We don't knowingly collect information from them. If you think a child has given us information, contact us and we'll delete it.

7. International transfers

If you use Openturn from outside the country where we operate, your information will be transferred to and processed elsewhere. Where the law requires, we use appropriate safeguards for international transfers.

8. Security

We use standard practices to protect your information — TLS in transit, hashed credentials and API tokens, and access controls on production systems. No system is perfectly secure, so we can't guarantee that information will never be accessed in a way inconsistent with this Policy.

9. Changes to this Policy

We may update this Policy from time to time. If we make a meaningful change, we'll let you know through the Service or by email before it takes effect.

10. Contact

If you have questions about this Policy or the information we hold about you, email us at support@openturn.io.