| OPENOSINT CLOUD | Privacy Policy | 2026-06-13 |
PRIVACY POLICY
Effective date: 2026-06-13
Data controller: Tommaso Bertocchi, contact openosint@yahoo.com.
This policy explains how we process personal data when you use OpenOSINT Cloud (the “Service”).
1. DATA WE PROCESS
- Account & billing data: your email and billing details, handled by our payment provider Polar (acting as Merchant of Record). We receive limited customer and order data from Polar; we do not store full card details.
- Credentials you store (BYOK): API keys you add for third-party providers. These are encrypted at rest and used only to perform the lookups you request.
- Usage data: API requests, timestamps, credit balances, and limited technical logs (e.g. request metadata) for operating, securing, and metering the Service.
- Query inputs/outputs: the targets you submit and the results returned. We aim to minimize retention of query content; see §4.
2. COOKIES AND TRACKING
This website (openosint.tech) sets no cookies and loads no analytics, advertising, or fingerprinting scripts. There is no Google Analytics, Google Tag Manager, Meta pixel, Hotjar, or any other third-party tracker on any page.
No cookie consent banner is shown because none is required — there are no non-essential cookies or trackers to consent to. If that changes, this policy and the site will be updated before any tracking is introduced.
3. PURPOSES AND LEGAL BASES (GDPR ART. 6)
| Purpose | Legal basis |
|---|---|
| Providing the Service and processing payments | Performance of a contract |
| Security, abuse prevention, and metering | Legitimate interests |
| Legal and tax compliance | Legal obligation |
4. DATA ABOUT THIRD PARTIES IN QUERIES
Results may include personal data about third parties. For such data you are the data controller and are responsible for your lawful basis and for honoring data-subject rights. We process it on your behalf transiently to return the result.
5. RETENTION
We retain account and billing records as required for legal/tax purposes. Usage logs are kept for 12 months and then deleted or anonymized. Stored credentials are deleted when you remove them or close your account.
6. SUB-PROCESSORS
We use: Polar (payments / Merchant of Record), Heroku (hosting/infrastructure, USA), IP2Location and other OSINT data providers for lookups. A current list is available at openosint.tech/subprocessors. Where data is transferred outside the EEA (e.g. US providers), we rely on appropriate safeguards such as Standard Contractual Clauses.
7. YOUR RIGHTS
Under the GDPR you have rights of access, rectification, erasure, restriction, portability, and objection. To exercise them, contact openosint@yahoo.com. You may lodge a complaint with your supervisory authority — in Italy, the Garante per la protezione dei dati personali.
8. SECURITY
We apply reasonable technical and organizational measures, including encryption at rest for stored credentials and TLS in transit. No system is perfectly secure.
9. CHANGES
We may update this policy; material changes will be posted at openosint.tech/privacy with a revised effective date.