| OPENOSINT DEMO | Privacy & Cookie Notice | 2026-06-26 |
⚠ DRAFT — This document has not been reviewed by legal counsel. It is provided as a good-faith description of actual data flows and must be reviewed before treating it as a final legal disclosure.
PRIVACY & COOKIE NOTICE — OPENOSINT DEMO
Applies to: the interactive BYOK demo at demo.openosint.tech.
Does not apply to: OpenOSINT Cloud (the authenticated paid service) — see openosint.tech/privacy for that service.
Contact: openosint@yahoo.com
1. BROWSER STORAGE — COMPLETE INVENTORY
The demo uses only functional browser storage. There are no cookies. All items listed below are set and read exclusively by client-side JavaScript; nothing is transmitted to our servers except the in-flight API calls described in §2.
| Storage type | Key | What it holds | When cleared |
|---|---|---|---|
sessionStorage |
openosint_byok |
Your chosen LLM provider name, API key, base URL, and model. Set when you enter credentials in Settings. | Automatically when the browser tab is closed or the session ends. |
sessionStorage |
openosint_tool_keys |
Optional tool API keys you supply (e.g. Shodan, VirusTotal). Set when you enter them in Settings. | Automatically when the browser tab is closed or the session ends. |
localStorage |
openosint-theme |
“light” or “dark” — your
preferred colour scheme. Set when you toggle the theme button. |
Persists until you clear site data or the browser clears storage. Contains no personal data. |
localStorage |
openosint_settings |
Miscellaneous UI preferences (selected provider, Ollama host URL, etc.). Does not hold API keys under normal use. | Persists until you clear site data. Contains no personal data under normal use. |
localStorage |
openosint-ack |
A flag (“1”) recording that you accepted the authorization
gate. Prevents the gate from re-appearing on subsequent visits to the same browser. |
Persists until you clear site data. Contains no personal data. |
localStorage |
openosint-notice |
A flag (“1”) recording that you dismissed this notice bar.
Prevents the bar from reappearing. |
Persists until you clear site data. Contains no personal data. |
2. YOUR API KEYS — HOW THEY ARE USED
This is a Bring Your Own Key (BYOK) demo. If you enter an API key (Anthropic,
OpenRouter, Shodan, etc.) it is stored in your browser session only
(sessionStorage). It is transmitted exclusively in outbound HTTP
requests that perform the OSINT lookup you requested — directly to the LLM provider or
through the proxy you configured. We do not log, copy, or store your key server-side.
When you close the tab, your session storage is cleared and your key is gone from the browser. No copy remains on our infrastructure.
3. THIRD-PARTY SCRIPT CONNECTIONS
The demo page loads the following resources from third-party CDNs on every page load. None of these services set cookies or track users on this page; they deliver script and font files. Your IP address reaches their servers as a byproduct of the HTTP requests.
- Google Fonts (fonts.googleapis.com, fonts.gstatic.com) — Inter and JetBrains Mono typefaces.
- Tailwind CSS CDN (cdn.tailwindcss.com) — CSS utility framework.
- Cytoscape.js (cdnjs.cloudflare.com) — graph visualization library.
- Alpine.js, cytoscape-fcose (cdn.jsdelivr.net) — UI reactivity and graph layout plugin.
There are no analytics scripts, no advertising scripts, no fingerprinting scripts on this page. No Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, Plausible, or equivalent service is loaded.
4. COOKIES
The demo sets no HTTP cookies. All persistence uses localStorage and
sessionStorage as described in §1. Because there are no non-essential cookies
or trackers, no cookie consent wall is required or shown — only an informational
notice bar.
5. THIRD-PARTY DATA SOURCES
When you run an investigation the demo calls external OSINT data APIs (WHOIS registrars, IP geolocation providers, HaveIBeenPwned, Shodan, VirusTotal, etc.) on your behalf. Each provider has its own privacy policy. Results may include personal data about third parties; you are responsible for having a lawful basis to investigate any target you submit.