Privacy Policy

Last updated: February 25, 2026

Our Privacy Commitment

Open-Accord is built on the principle that privacy is a fundamental right, not a premium feature. We collect only what we need, never sell your data, and give you full control over your information.

Key Principles:

  • We never sell your personal data
  • We don't track you across the web
  • We don't use your data for targeted advertising
  • You can export or delete your data at any time

1. Information We Collect

Information You Provide

  • Account Information: Email address, display name, password (hashed)
  • Profile Information: Bio, profile picture (optional)
  • Content: Posts, comments, likes, follows
  • Communications: Feedback, support requests
  • Payment Information: Processed by Stripe; we don't store card details

Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address (anonymized after 30 days), timestamps

Information We Do NOT Collect

  • Location data (GPS, precise location)
  • Contact lists or address books
  • Browsing history outside our platform
  • Biometric data

2. How We Use Your Information

  • Provide Services: Display your content, enable social features
  • Account Management: Authentication, password resets, notifications
  • Safety & Moderation: Enforce Community Guidelines, prevent abuse
  • Improve Platform: Analyze usage patterns, fix bugs, develop features
  • Communications: Service updates, security alerts (you can opt out of non-essential emails)

3. How We Share Your Information

We share your information only in these limited circumstances:

  • Public Content: Posts and profile information you choose to make public
  • Service Providers: Hosting (Vercel), database (Supabase), email (Resend), payments (Stripe), images (Cloudflare), AI moderation (OpenAI)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In case of merger or acquisition (with notice)

We NEVER share your data with:

  • Advertisers or ad networks
  • Data brokers
  • Third parties for their marketing purposes

4. Data Retention

  • Account Data: Retained while your account is active
  • Deleted Content: Removed from public view immediately; purged from backups within 30 days
  • Deleted Accounts: Data deleted within 30 days of account deletion request
  • Log Data: IP addresses anonymized after 30 days; logs retained for 90 days
  • Moderation Records: Retained for 2 years for safety and legal purposes

5. Your Rights & Choices

You have the right to:

  • Access: Download a copy of your data (Settings → Export Data)
  • Correction: Update your profile information at any time
  • Deletion: Delete your account and all associated data
  • Portability: Export your data in JSON format
  • Opt-Out: Unsubscribe from non-essential emails
  • Object: Object to certain processing (contact us)

To exercise these rights, visit Settings or reach us via our contact form.

6. Security

We protect your data with:

  • HTTPS encryption for all connections (TLS 1.3)
  • Passwords hashed with bcrypt (12 rounds)
  • Database encryption at rest
  • Regular security audits
  • Access controls and audit logging

No system is 100% secure. If you discover a vulnerability, please report it via our contact form.

7. Cookies & Tracking

We use minimal cookies:

  • Essential Cookies: Session management, authentication (required)
  • Preference Cookies: Theme settings, language (optional)

We do NOT use third-party tracking cookies, advertising cookies, or cross-site tracking.

8. International Data Transfers

Your data may be processed in countries outside your residence. We use service providers that comply with GDPR and maintain appropriate safeguards (Standard Contractual Clauses).

9. Children's Privacy

Open-Accord is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, contact us immediately.

10. GDPR & CCPA Compliance

For EU/EEA Users (GDPR):

  • Legal basis: Consent, contract performance, legitimate interests
  • Data controller: OpenAccord.org
  • You may lodge complaints with your local supervisory authority

For California Users (CCPA):

  • We do not sell personal information
  • You have the right to know, delete, and opt-out
  • We will not discriminate against you for exercising your rights

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or platform notification. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or concerns, please use our contact form.