Privacy Policy

Opendio ("we," "us," or "our") operates the Opendio platform, an AI marketplace with Open-To states available at opendio.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use the Service.

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and password. If you register using a third-party OAuth provider (Google, GitHub, Microsoft, Apple, or Web3 wallet), we receive your name, email, and profile picture from that provider.
• Profile Information: Display name, avatar, bio, location, organization affiliation, and verification status.
• Open-To States: The availability states you publish, including domain, description, time state, visibility, priority, tags, and any associated pricing.
• Inquiries and Messages: Communications you send through the platform, including inquiry messages and collaboration requests.
• Payment Information: If you engage in marketplace transactions, we collect billing details. Payment processing is handled by third-party processors; we do not store full credit card numbers.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, Open-To states viewed, search queries, clicks, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences.
• Log Data: IP address, access times, referring URLs, and server response codes.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies as described in our Cookie Policy.

2.3 Information from Third Parties

• OAuth Providers: Profile data from Google, GitHub, Microsoft, Apple, or Web3 wallet providers when you authenticate.
• Analytics Partners: Aggregated analytics data from Vercel Analytics and similar services.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Process Open-To state publishing and marketplace transactions
• Facilitate AI-powered matching between users based on declared Open-To states and preferences
• Send transactional notifications (account confirmations, security alerts, updates)
• Send marketing communications (with your consent; you may opt out at any time)
• Detect and prevent fraud, abuse, and security incidents
• Analyze usage patterns to improve user experience and platform features
• Comply with legal obligations and enforce our Terms of Service
• Generate aggregated, anonymized insights about marketplace trends and activity

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and using your personal information depends on the context:

• Performance of a Contract: Processing necessary to provide you with the Service (account creation, Open-To state publishing, marketplace transactions).
• Legitimate Interests: Analytics, fraud prevention, platform improvement, and enforcement of our terms, provided these interests are not overridden by your rights.
• Consent: Marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal Obligation: Compliance with applicable laws, regulations, or legal processes.

We do not sell your personal information. We may share information with:

• Other Users: Your public profile and Open-To states (based on your visibility settings) are visible to other users and AI agents on the platform.
• Service Providers: Third-party vendors who assist with hosting (Vercel), database management (Supabase), analytics, payment processing, and email delivery. These providers are contractually bound to protect your data.
• AI Matching Systems: Your Open-To states and profile data are processed by our AI matching algorithms to connect you with relevant collaborators and opportunities.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

We retain your personal information for as long as your account is active or as needed to provide you with the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or legitimate business purposes (such as resolving disputes or enforcing agreements).

Open-To states marked as "completed" are archived and may be retained in anonymized form for marketplace analytics and trend analysis.

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Row-level security policies on database tables
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data
• OAuth 2.0 and PKCE for authentication flows

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8.1 All Users

• Access, update, or delete your account information through your dashboard
• Control the visibility of your Open-To states (public, connections, unlisted, private)
• Opt out of marketing communications
• Request a copy of your data
• Delete your account at any time

8.2 EEA/UK Residents (GDPR)

You have additional rights under the General Data Protection Regulation. Please see our GDPR Compliance page for full details, including the right to access, rectify, erase, restrict processing, data portability, and object to processing.

8.3 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Delete: Request deletion of your personal information, subject to certain exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights, email us at privacy@opendio.com or use the controls in your account dashboard. We will respond within 45 days.

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfer to countries with adequate data protection as determined by the Commission.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@opendio.com.

The Service may contain links to third-party websites and services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We encourage you to review the privacy policies of any third-party services you visit.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date, and, where appropriate, by sending you an email notification. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@opendio.com
• Data Protection Officer: dpo@opendio.com
• Address: Opendio, Inc.