Privacy Policy
Protecting your data with transparency and care.
OpenAnalyst Inc. ("OpenAnalyst", "we", "our" or "us") values your privacy and is committed to protecting your personal information. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your information when you access or use our website, mobile application, platform, and all related services (collectively, the "Services").
This Privacy Policy is incorporated by reference into our Terms of Service, available at openanalyst.com/terms-of-use (the "Terms"). By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and the Terms. If you do not agree with this Privacy Policy, you must not access or use the Services.
IMPORTANT: Please read this Privacy Policy carefully. Any terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service. By accessing or using the Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide to Us
We collect Personal Information that you voluntarily provide to us when you:
Register for an Account or create a user profile
Subscribe to our Services or newsletters
Make a purchase or provide payment information
Upload data, files, or content to the Services
Contact our customer support team
Participate in surveys, promotions, or events
Connect third-party services or accounts to your Account
Communicate with us via email, chat, or other channels
The types of Personal Information we may collect include:
Account Information: Name, email address, username, password, phone number, job title, company name, and profile information
Payment Information: Credit card number, billing address, and other payment details (processed securely by our third-party payment processors)
User Generated Content: Data files, spreadsheets, databases, text, images, and any other content you upload or input into the Services
Communication Data: Messages, inquiries, feedback, and correspondence with our support team
Third-Party Integration Data: Information from connected accounts such as Google, Facebook, LinkedIn, or other third-party services you authorize us to access
Important: Please do not provide us with sensitive personal information such as Social Security numbers, financial account information (other than payment information), government-issued identification numbers, health information, biometric data, racial or ethnic origin, political opinions, religious beliefs, or criminal history unless specifically requested or required for the Services.
1.2 Information Collected Automatically
When you access or use the Services, we automatically collect certain information about your device and usage patterns, including:
Device Information: IP address, device type, operating system, browser type and version, device identifiers, and mobile network information
Usage Information: Pages visited, features used, time spent on pages, links clicked, search queries, date and time of access, referring URLs, and browsing behavior
Location Information: General geographic location based on IP address or more precise location data if you grant permission through your device settings
Log Data: Server logs, error reports, system activity, performance metrics, and diagnostic information
Interaction Data: Information about how you interact with the AI Functions, including prompts, queries, inputs provided, outputs generated, and usage patterns
1.3 Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities and preferences. A cookie is a small text file stored on your device that helps us recognize you, remember your preferences, and improve your experience.
Types of cookies we use:
Essential Cookies: Required for the Services to function properly, including authentication, security, and core functionality
Performance Cookies: Collect information about how you use the Services to help us improve performance and user experience
Functionality Cookies: Remember your preferences, settings, and choices to personalize your experience
Analytics Cookies: Help us understand user behavior, measure the effectiveness of our Services, and generate statistical reports
Advertising Cookies: Track your browsing activity to deliver relevant advertisements and measure advertising campaign effectiveness
You can control cookies through your browser settings and choose to accept or reject cookies. However, disabling certain cookies may limit your ability to use some features of the Services. For more information about managing cookies.
1.4 Analytics Services
We use third-party analytics services, such as Google Analytics, to collect and analyze information about how users interact with the Services. These services use cookies and similar technologies to track user activity and generate reports on website traffic, user behavior, and demographic information.
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.
1.5 Information from Third-Party Sources
We may receive information about you from third-party sources, such as:
Third-party services you connect to your Account (e.g., Google Drive, Salesforce, databases)
Business partners, vendors, or affiliates
Publicly available sources (e.g., social media profiles, public databases)
Marketing and advertising partners
2. How We Use Your Information
We use the Personal Information we collect for the following purposes:
2.1 To Provide and Improve the Services
Create and manage your Account
Authenticate your identity and provide secure access
Process payments and manage billing
Deliver the AI-powered analytics, visualizations, and reports you request
Provide customer support and respond to your inquiries
Personalize your experience and tailor content to your preferences
Develop, test, and improve our Services, features, and AI Functions
Monitor and analyze usage patterns, trends, and effectiveness of the Services
2.2 To Communicate with You
Send service-related notifications, updates, and announcements
Respond to your questions, comments, and requests
Send administrative messages about your Account or subscription
Provide technical support and troubleshooting assistance
Send marketing communications, promotional offers, newsletters, and product updates (with your consent where required)
2.3 For Business Operations and Analytics
Conduct data analysis, research, and statistical studies
Monitor and improve the performance, security, and reliability of the Services
Detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities
Debug and fix technical issues
Create aggregated, anonymized, or de-identified data for analytics and business intelligence
2.4 For Legal and Compliance Purposes
Comply with applicable laws, regulations, and legal processes
Enforce our Terms of Service and other agreements
Protect our rights, property, and safety, and the rights, property, and safety of our users and the public
Respond to lawful requests from government authorities, law enforcement, or legal proceedings
Investigate and prevent illegal activities, violations of our policies, or other misconduct
2.5 AI Functions and Model Improvement
IMPORTANT: We may use aggregated, anonymized, or de-identified data derived from your use of the AI Functions to improve the Services, develop new features, and enhance the quality of our AI models. However, we do NOT use your User Generated Content (including your uploaded data, files, or proprietary information) to train AI models for general use by other parties or to improve third-party AI services. Your data remains yours, and we process it solely to provide the Services to you.
2.6 Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your Personal Information based on the following legal grounds:
Consent: When you have given us explicit consent to process your Personal Information for specific purposes (e.g., marketing communications)
Contractual Necessity: When processing is necessary to perform our contract with you (e.g., providing the Services you requested)
Legal Obligation: When we are required to process your Personal Information to comply with applicable laws or regulations
Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., improving the Services, preventing fraud, ensuring security) and does not override your rights and freedoms
3. How We Share Your Information
We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes. However, we may share your Personal Information with third parties in the following circumstances:
3.1 Service Providers and Business Partners
We may share your Personal Information with trusted third-party service providers who perform services on our behalf, including:
Cloud hosting and data storage providers
Payment processors (e.g., Stripe, PayPal)
AI service providers (e.g., OpenAI, Anthropic, Google)
Analytics and performance monitoring services
Customer support and communication platforms
Marketing and advertising partners
Email delivery and newsletter services
These service providers are contractually obligated to use your Personal Information only to provide services to us and to protect your information in accordance with applicable data protection laws.
3.2 Legal Requirements and Protection of Rights
We may disclose your Personal Information if required by law or if we believe in good faith that such disclosure is necessary to:
Comply with legal obligations, court orders, subpoenas, or government requests
Enforce our Terms of Service or other agreements
Protect and defend our rights, property, or safety, or the rights, property, and safety of our users or the public
Detect, prevent, or respond to fraud, security breaches, or illegal activities
Investigate violations of our policies or applicable laws
3.3 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, we may transfer or share your Personal Information with the acquiring or successor entity. We will provide notice before your Personal Information is transferred and becomes subject to a different privacy policy.
3.4 With Your Consent
We may share your Personal Information with third parties when you provide your explicit consent or direct us to do so.
3.5 Aggregated or De-Identified Information
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other business purposes. This information does not constitute Personal Information.
4. Data Security
We take the security of your Personal Information seriously and implement a variety of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. Our security measures include:
Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms
Access Controls: Role-based access controls, multi-factor authentication (MFA), and principle of least privilege
Environment Segregation: Separate production, development, and testing environments
Monitoring and Logging: Continuous security monitoring, audit logging, and intrusion detection systems
Vulnerability Management: Regular security assessments, penetration testing, and vulnerability scanning
Vendor Management: Due diligence and security assessments of third-party service providers
Employee Training: Regular security awareness training for all employees with access to Personal Information
Backup and Recovery: Encrypted backups with secure storage and disaster recovery procedures
Important: While we strive to protect your Personal Information using industry best practices, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide your information at your own risk. If you have reason to believe that your Account or Personal Information has been compromised, please contact us immediately at info@openanalyst.com.
4.1 Security Incident Response and Breach Notification
In the event of a security incident that affects your Personal Information, we will:
Promptly investigate the incident and take steps to mitigate the impact
Notify affected users and, where required by law, relevant authorities without undue delay
Provide information about the nature of the breach, the types of information affected, and steps you can take to protect yourself
Implement measures to prevent future incidents
5. Data Retention
We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on the type of information and the purposes for which it is used:
Account and Profile Data: Retained while your Account is active and for up to 24 months after Account closure, unless you request earlier deletion or longer retention is required by law
User Generated Content: Retained while your Account is active and deleted or de-identified within 24 months of Account closure
Billing and Transaction Records: Retained for 7 years for tax, accounting, and legal compliance purposes
Service and Security Logs: Retained for up to 12 months for security monitoring, troubleshooting, and performance analysis
Backup Data: Encrypted backups retained on a rolling basis (typically up to 35 days)
Marketing Communications Data: Suppression records (to honor opt-out requests) retained indefinitely; associated marketing profile data deleted within 30 days of unsubscribe
Important: When you request deletion of your Account or Personal Information, we will delete or de-identify your information as described above, except where we are required or permitted by law to retain certain information (e.g., for legal compliance, dispute resolution, or fraud prevention).
To request deletion of your Account or Personal Information, please contact us at info@openanalyst.com. Deleted data cannot be recovered.
6. Your Privacy Rights and Choices
Depending on your location and applicable laws, you may have certain rights regarding your Personal Information. These rights may include:
6.1 General Privacy Rights
Right to Access: You have the right to request access to the Personal Information we hold about you and to receive a copy of such information
Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Information
Right to Deletion: You have the right to request deletion of your Personal Information, subject to certain exceptions
Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit it to another controller
Right to Object: You have the right to object to our processing of your Personal Information for certain purposes, including direct marketing
Right to Restriction: You have the right to request restriction of processing of your Personal Information in certain circumstances
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal
6.2 Managing Your Preferences
You can manage your privacy preferences through the following methods:
Account Settings: Update your Account information, communication preferences, and privacy settings through your Account dashboard
Email Communications: Unsubscribe from marketing emails by clicking the "unsubscribe" link in any email we send or by contacting us at info@openanalyst.com.
Cookie Settings: Manage cookies through your browser settings or our cookie preference center
Third-Party Access: Revoke access to connected third-party services (e.g., Google, Facebook) through your Account settings or the respective third-party platform
6.3 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Right to Know: You have the right to request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share your information
Right to Delete: You have the right to request deletion of your Personal Information, subject to certain exceptions
Right to Correct: You have the right to request correction of inaccurate Personal Information
Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your Personal Information. We do not sell your Personal Information and have not done so in the past 12 months.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights
To exercise your California privacy rights, please submit a request via email at info@openanalyst.com or through our online form at info@openanalyst.com.
6.4 European Economic Area (EEA) and UK Rights (GDPR)
If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
Right of Access: You have the right to obtain confirmation of whether we process your Personal Information and to receive a copy of such information
Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Information
Right to Erasure: You have the right to request deletion of your Personal Information under certain circumstances
Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used format and transmit it to another controller
Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes
Right to Restriction: You have the right to request restriction of processing in certain circumstances
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing violates applicable law
To exercise your EEA or UK privacy rights, please contact us at info@openanalyst.com or through our designated EU/UK representative (contact information provided in Section 10 below).
6.5 How to Submit Privacy Requests
You may submit privacy requests through the following channels:
Email: info@openanalyst.com
Mail: info@openanalyst.com
We will acknowledge receipt of your request within 2 business days and respond within 30 days (or as otherwise required by applicable law). To protect your privacy and security, we may verify your identity before fulfilling your request.
7. International Data Transfers
OpenAnalyst is headquartered in the United States, and we process and store Personal Information in the United States and other countries. If you are located outside the United States, your Personal Information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.
For users located in the EEA, UK, or Switzerland, we implement appropriate safeguards to ensure that your Personal Information is adequately protected when transferred internationally, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements (DPAs) with third-party processors
Adequacy decisions where transfers are to countries deemed to provide adequate protection
Supplementary measures to ensure data protection in accordance with GDPR requirements
You may request a copy of the safeguards we have in place for international data transfers by contacting us at info@openanalyst.com.
8. Third-Party Services and Links
The Services may contain links to third-party websites, applications, or services that are not owned or controlled by OpenAnalyst. This Privacy Policy does not apply to such third-party services, and we are not responsible for the privacy practices or content of third parties.
When you access third-party services through the Services or when you connect third-party accounts to your OpenAnalyst Account (e.g., Google Drive, Salesforce), you do so at your own risk. We encourage you to review the privacy policies of any third-party services before providing them with your Personal Information or granting them access to your data.
Important: Third-party services may collect, use, and share your information in accordance with their own privacy policies. OpenAnalyst is not responsible for the privacy practices of third parties, and we recommend that you carefully review their terms and policies before using their services.
9. Children's Privacy
The Services are not intended for individuals under the age of 18, and we do not knowingly collect Personal Information from children under 18. If you are under 18, please do not use the Services or provide any Personal Information to us.
If we become aware that we have collected Personal Information from a child under 18 without parental consent, we will take steps to delete such information as quickly as possible. If you believe we may have collected information from a child under 18, please contact us immediately at info@openanalyst.com.
10. Contact Information and Data Protection Representatives
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
OpenAnalyst Inc.
447 Sutter St.
Ste 506 - 1372, San Francisco, CA 94108
Email: info@openanalyst.com
Support: info@openanalyst.com
Phone: +1 9294840718
11. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you visit that you do not want to have your online activity tracked. Currently, there is no uniform standard for recognizing and responding to DNT signals. As such, the Services do not currently respond to DNT signals. For more information about Do Not Track, please visit www.allaboutdnt.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:
Posting the updated Privacy Policy on our website with a revised "Last Updated" date
Sending you an email notification (if you have provided your email address)
Displaying a prominent notice on the Services
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated Policy.
If you do not agree to the revised Privacy Policy, you must stop using the Services and terminate your Account.
13. Additional Information for Specific Jurisdictions
13.1 Nevada Residents
Nevada law permits Nevada residents to opt out of the sale of certain types of Personal Information. We do not sell your Personal Information as defined under Nevada law. If you are a Nevada resident and have questions about our practices, please contact us at info@openanalyst.com.
13.2 Australia Residents
If you are located in Australia, you have rights under the Australian Privacy Act 1988 (Cth), including the right to access and correct your Personal Information, to make a complaint about our handling of your Personal Information, and to opt out of direct marketing. To exercise these rights, please contact us at info@openanalyst.com.
13.3 Brazil Residents
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, delete, and port your Personal Information, as well as the right to object to certain processing activities. To exercise these rights, please contact us at info@openanalyst.com.
14. Response Times and Grievance Redressal
We are committed to responding to your privacy requests and concerns in a timely manner:
Acknowledgment: We will acknowledge receipt of your privacy request within 2 business days
Response: We will respond to your request within 30 days (or as otherwise required by applicable law)
Extensions: If we require additional time (up to 90 days total), we will inform you of the reason and extension period in writing
For privacy-related inquiries, complaints, or concerns, please contact:
Account support: info@openanalyst.com