PRIVACY

Privacy Policy

Last updated: 2026-05-10

What we collect

• Account data: email + scrypt-hashed password
• Agent data: Ed25519 public keys, owner labels you set, wallet balances + audit log
• Usage data: API request logs, billing meters, audit chain
• Payment data: handled by Stripe; we never see card numbers

What we don't collect

• No advertising trackers, no third-party analytics SDKs
• No keystroke / session recordings
• No cross-site cookies

Your GDPR + CCPA rights

• Export everything: GET /v1/gdpr/export (when authenticated)
• Delete everything: POST /v1/gdpr/delete (irreversible)
• Opt out of any AI training (we don't train on your data anyway)

Data residency

Hosted plan: US (Virginia) by default; EU (Frankfurt) on request. Sovereign plan: customer-chosen region.

Subprocessors

• Stripe (payments)
• Cloudflare (DNS + edge)
• Hetzner / DigitalOcean (compute)

Contact

privacy@openheab.com · DPO inquiries welcome