Privacy Policy
Effective Date: March 31, 2025
1. Scope
This policy applies to all users of openpao.com ("OpenPAO," "we," "us") worldwide. Depending on your jurisdiction, additional rights may apply (see Section 5).
2. Information We Collect
2.1 Directly Collected Data
- Account Registration: Name, email, username, IP address (for fraud prevention).
- Payment Data: Processed by third parties (e.g., Stripe, PayPal); we do not store full credit card numbers.
- User Content: Uploaded images (deleted after 24 hours), API request data.
2.2 Automatically Collected Data
- Cookies & Logs: Device info, browser type, access timestamps, API call logs (retained for 30 days).
- Analytics: Google Analytics (anonymized data).
2.3 Sensitive Data
We do not collect race, religion, or biometric data unless legally required or with explicit consent.
3. Purposes of Data Processing
| Purpose | Legal Basis (Region-Specific) |
|---|---|
| Account Management | Contractual necessity (global) |
| Fraud Prevention | Legal obligation (e.g., GDPR Art 6(1)(c)) |
| Service Optimization | Legitimate interest (global) or consent (EU) |
| Legal Compliance | Court orders, tax laws, etc. |
4. Data Sharing & Disclosures
We do not sell your data. Disclosures occur only for:
- Vendors: Payment processors, cloud providers (AWS), customer support (under strict contracts).
- Legal Requests: Court orders or government mandates.
- Business Transfers: Data included in mergers/acquisitions (with user notification).
5. Your Rights (Jurisdiction-Dependent)
Depending on your location, you may have:
| Right | Applicable Regions (Examples) |
|---|---|
| Access/Portability | EU (GDPR), California (CCPA) |
| Deletion | EU, California, Brazil, China (PIPL) |
| Correction | Global |
| Opt-Out of Profiling | EU, Canada |
| Withdraw Consent | Global (where processing relies on consent) |
How to Exercise Rights?
- 📧 Email: privacy@openpao.com
- We respond within 30 days (GDPR) or 45 days (CCPA). Requests are free unless manifestly unfounded.
6. International Data Transfers
Your data may be processed in the U.S., EU, Singapore, etc., protected by:
- EU → U.S.: EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
- China → Overseas: PIPL-compliant security assessments (if applicable).
- Other Regions: Local laws or explicit user consent.
7. Children’s Privacy
- Services are not for users under 18 (or local age of majority).
- Unintentionally collected minor data is deleted immediately. Parents/guardians may contact us.
8. Security Measures
- Encryption: TLS 1.3 (in transit), AES-256 (at rest).
- Breach Response: Notify regulators within 72 hours (GDPR); users alerted for high-risk incidents.
9. Policy Updates
- Material changes notified via website banner + email. Continued use = acceptance.
- Archive prior versions upon request (privacy@openpao.com).
10. Contact Us
- Global Inquiries: privacy@openpao.com
© 2025 openpao.com All rights reserved. Privacy PolicyTerms of Service