OpenSDK
Legal

Privacy Policy.

Last updated: April 2, 2026

1. Overview

OpenSDK ("we", "us", "our") operates the opensdk.ca website and API service. This policy explains what data we collect, why we collect it, and how we handle it. We are committed to protecting your privacy and handling your data transparently.

2. Data We Collect

Account Data

When you create an account, we collect your name, email address, and a hashed password. If you sign up via OAuth, we receive your name and email from the provider.

Payment Data

Credit card details are collected and processed directly by Stripe. We never store your full card number. We store your Stripe customer ID to link payments to your account.

Usage Data

We record API requests, credit consumption, task metadata (URLs submitted, timestamps, operation types), and generated output references. This data is tied to your user ID and used for service delivery and debugging.

Technical Data

We collect IP addresses, browser user-agent strings, and session tokens for authentication and security purposes.

3. How We Use Your Data

  • Provide, maintain, and improve the Service
  • Process credit purchases and maintain billing records
  • Authenticate your identity and secure your account
  • Send transactional emails (account verification, receipts)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising. We do not train AI models on your submitted API documentation or generated SDK output.

4. Third-Party Services

We use the following third-party services to operate:

  • Stripe — payment processing
  • Supabase — database hosting (Postgres)
  • Vercel — application hosting
  • Upstash — Redis caching and rate limiting
  • OpenRouter — AI analysis (API documentation is sent to LLM providers for processing)

Each provider operates under its own privacy policy. We select providers that maintain appropriate security standards.

5. Data Retention

Account data is retained for as long as your account is active. Task data (generated SDKs, specs) is stored temporarily and may be purged after 30 days of inactivity. Credit ledger entries are retained indefinitely for audit purposes. When you delete your account, we remove your personal data within 30 days.

6. Cookies

We use a session cookie to keep you signed in. This cookie is essential for the Service to function and is not used for tracking or analytics. We do not use third-party advertising cookies.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hello@opensdk.ca.

8. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, hashed API keys, and role-scoped data access. No system is perfectly secure; we cannot guarantee absolute security but we take reasonable steps to protect your data.

9. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the Service. The "last updated" date at the top reflects the most recent revision.

11. Contact

Questions or concerns about your privacy? Reach us at hello@opensdk.ca.