Privacy Policy

Last Updated May 2nd, 2019


OpenlyOperated.org is certified as Openly Operated, so it is able to provide proof of the privacy claims in this Privacy Policy by using references from OpenlyOperated.org's Audit Kit. Learn more about the Openly Operated Certification.

OpenlyOperated.org is operated by Confirmed, Inc (also “Confirmed”, “the company”, “we”, and “us”) and collects the minimum data possible to ensure your data and privacy is protected.

OpenlyOperated.org complies with the European Union’s General Data Protection Regulation (GDPR) for all users, regardless of location. In addition, we collect the minimum personal information required to provide OpenlyOperated.org service.

We do not sell or provide data to advertising services, and there are zero third party frameworks for marketing or re-marketing purposes. This includes any direct or indirect advertising frameworks by Facebook, Twitter, and Google, including Crashlytics, Fabric, Google Analytics, Facebook SDK, Firebase, and Twitter SDK.

Although this Privacy Policy is a legal document that OpenlyOperated.org is required to follow, we also prove that OpenlyOperated.org's operations and services conform to this Privacy Policy by engaging independent 3rd parties to audit us. The materials provided to auditors are also available publicly as an "Audit Kit".

Information We Collect

Information From Website Browsers

If you are just browsing the OpenlyOperated website, we do not store or log your IP address or use a cookie to track you.

Personal Information From Newsletter Subscribers

To subscribe to our email newsletter, we require your email address. We record an encrypted form of your email address, which we cannot decrypt because we do not have direct access to the encryption keys, nor do we have direct, unaudited access to the database where this encrypted email resides. We also record a hashed form of your email address, which we also cannot directly access. We record the time you subscribed to the newsletter (creation date), but we do not have direct access to this. We do not record any other information for newsletter subscribers.

Website Traffic

We do not log or track any usage of our website, except for error messages on our server (such as accessing a page that does not exist). For these cases, we log the error (i.e., the URL attempted) and the time that it happened, but no personally identifying information such as a user’s IP address is logged.

Privacy Practices

We store and process the information that we collect in the United States in accordance with this Privacy Policy.

However, OpenlyOperated.org understands that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries.

We provide the same standard of privacy protection — as described in this Privacy Policy — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide.

Openly Operated Principles

Data transmitted by Openly Operated is at the minimum encrypted using HTTPS and SSL/TLS. The limited data we collect on our servers is encrypted with a key that we cannot access without automatically sending the user an alert to the user that we are accessing this data. By being an Openly Operated product, our architecture is open source and available for public audit to prove that we cannot access any personal data. For proof of these claims, see our Audit Kit's Open Infrastructure and Open Source sections.

In the event of a data breach that affects your personal information, we will act promptly to mitigate the impact of the breach and notify any affected users without undue delay.

Compelled Disclosure

OpenlyOperated.org may be legally required to disclose information to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large. In complying with court orders and similar legal processes, OpenlyOperated.org strives for transparency and protection of user data. We will notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

Right to Erasure

If you are subscribed to the email newsletter, Openly Operated will retain encrypted and hashed versions of your email address in order to send you the email newsletter.

If you would like to delete the encrypted version of your email address, you may do so using the "do not email" or unsubscribe links in the email newsletter. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your email address (within reason) within 90 days of your request. To see proof of this claim, see the Open Source section of the Openly Operated Audit Kit.

If you have any questions or concerns regarding our Privacy Policy, please contact us at privacy@openlyoperated.org and we will respond as quickly as we can.