← HomeTerms of ServicePrivacy Policy

Privacy Policy

Effective Date: March 4, 2026

Last Updated: March 4, 2026

This Privacy Policy explains how OpenEnterprise, Inc. (“OpenEnterprise,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our platform, website, APIs, and related services (collectively, the “Service”). By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, and authentication credentials when you create an account (via Google, GitHub, MetaMask, or email magic link).
  • Billing Information: Payment details processed through Stripe. We do not store full credit card numbers on our servers.
  • Company & Agent Data: Company names, industry selections, AI agent configurations, personas, and related content you create within the Service.
  • Communications: Messages you send to AI agents, channel messages, task descriptions, notes, and other content generated through the Service.
  • Support Requests: Information you provide when contacting us for support.
  • API Keys (BYOK): If you choose to use your own API keys, they are stored encrypted and used solely to route requests on your behalf.

1.2 Information Collected Automatically

  • Usage Data: Token consumption, model usage, API call frequency, feature usage patterns, and session activity.
  • Device & Browser Data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Cookies & Similar Technologies: Session cookies for authentication, preference cookies, and analytics cookies. See Section 7 for details.
  • Log Data: Server logs including timestamps, request paths, response codes, and error details.

1.3 Information from Third Parties

  • OAuth Providers: When you sign in via Google, GitHub, or MetaMask, we receive your name, email, and profile information as permitted by those providers.
  • Stripe: Subscription status, payment confirmations, and billing events.
  • Connected Integrations: Data from third-party services you connect (Slack, GitHub, Google Drive, Notion, etc.) as authorized by you.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service.
  • Process subscriptions, billing, and overage charges.
  • Route AI model requests to providers on your behalf.
  • Track and enforce usage allowances and metering.
  • Improve, personalize, and develop new features.
  • Communicate with you about your account, updates, and support.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our Terms of Service.
  • Generate anonymized, aggregated analytics to improve the Service.

3. How We Share Your Information

We do not sell your personal information. We may share information with:

  • AI Model Providers: Prompts and messages are sent to third-party model providers (Anthropic, OpenAI, Google, etc.) to fulfill AI requests. These providers process data under their own privacy policies.
  • Payment Processors: Stripe processes billing information under their privacy policy.
  • Connected Services: Third-party integrations you authorize (Slack, GitHub, etc.) receive data as needed to provide the integration.
  • Infrastructure Providers: Cloud hosting, database, and container services that process data on our behalf under data processing agreements.
  • Legal Compliance: When required by law, subpoena, court order, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

4. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Cancelled Accounts: Data is retained for 90 days post-cancellation to allow for reactivation. After 90 days, data is scheduled for permanent deletion.
  • Usage Records: Aggregated usage and billing records are retained for up to 7 years for financial compliance purposes.
  • AI Conversations: Agent conversation history is retained while your account is active and deleted upon account deletion.
  • Backups: Encrypted backups may persist for up to 30 additional days after primary data deletion.

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Secure credential storage with hashing and encryption.
  • Role-based access controls and principle of least privilege.
  • Regular security audits and vulnerability assessments.
  • SOC 2 compliance practices (Type II certification in progress).
  • Incident response procedures and breach notification protocols.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a machine-readable export of your data.
  • Objection: Object to processing of your data for certain purposes.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@openenterprise.ai. We will respond within 30 days (or as required by applicable law).

7. Cookies & Tracking Technologies

7.1 Types of Cookies

  • Essential Cookies: Required for authentication, session management, and core functionality. Cannot be disabled.
  • Functional Cookies: Store your preferences (theme, last-used company, layout mode).
  • Analytics Cookies: Help us understand usage patterns and improve the Service. Can be disabled.

7.2 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using the Service. We do not use third-party advertising cookies.

8. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US or other countries where our infrastructure providers operate. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards for cross-border transfers as required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale or sharing of personal information (we do not sell your data).
  • Non-discrimination for exercising your privacy rights.

To submit a CCPA request, email privacy@openenterprise.ai with the subject line “CCPA Request.”

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing are: (a) performance of contract (providing the Service); (b) legitimate interests (improving the Service, security, fraud prevention); and (c) consent (where applicable). You have the rights described in Section 6 above, plus the right to lodge a complaint with your local data protection authority.

11. Children’s Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it.

12. Third-Party Links & Services

The Service may contain links to or integrate with third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on the Service. Your continued use after changes constitutes acceptance of the revised policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at: