Privacy Policy

Effective Date: January 1, 2024 | Last Updated: December 6, 2025

1. Introduction

Openprofile ("we," "our," or "us") is a digital identity intelligence platform that helps organizations make informed decisions through comprehensive public data analysis. This Privacy Policy explains how we collect, use, protect, and respect information when you use our services or interact with our platform.

2. Information We Process

2.1 Public Information Aggregation

Our proprietary data aggregation technology processes exclusively publicly available information. We employ advanced search methodologies to gather comprehensive digital intelligence from:

• Publicly accessible professional networks and registries
• Open government databases and public records
• Corporate filings and business registrations
• Educational and certification registries
• Public social media profiles (where privacy settings allow)
• News articles and public media mentions
• Domain registrations and public web content

2.2 User Account Information

When you create an account or use our services, we collect:

• Business contact information (name, email, company)
• Authentication credentials (encrypted)
• Usage data and platform interactions
• Communication preferences
• Billing information (processed securely through third-party providers)

3. How We Use Information

3.1 Primary Purposes

• Identity Intelligence Services: Providing comprehensive digital identity profiles for legitimate business purposes
• Risk Assessment: Helping organizations evaluate potential risks and make informed decisions
• Compliance Support: Assisting with KYC, AML, and due diligence requirements
• Fraud Prevention: Detecting and preventing fraudulent activities
• Platform Improvement: Enhancing our technology and user experience

3.2 Legal Basis for Processing

We process information based on:

• Legitimate Interests: Preventing fraud, ensuring security, and providing business intelligence services
• Contract Performance: Delivering services to our customers
• Legal Obligations: Complying with applicable laws and regulations
• Consent: Where specifically required by law

4. Data Protection & Security

We implement enterprise-grade security measures to protect all information:

• Encryption: AES-256 encryption at rest and TLS 1.3 for data in transit
• Infrastructure: EU-based secure hosting with ISO 27001 certified data centers
• Access Control: Role-based access with multi-factor authentication
• Monitoring: Continuous security monitoring and threat detection
• Data Minimization: We only collect and retain necessary information
• Pseudonymization: Personal identifiers are hashed where possible

5. Your Privacy Rights

5.1 Rights Under GDPR (European Users)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of information we hold about you
• Rectification: Correct inaccurate or incomplete information
• Erasure ("Right to be Forgotten"): Request deletion of your information
• Restriction: Limit how we process your information
• Data Portability: Receive your data in a machine-readable format
• Object: Oppose certain types of processing
• Automated Decision-Making: Not be subject to solely automated decisions

5.2 Rights Under CCPA (California Users)

California residents have the right to:

• Know: What personal information we collect, use, and disclose
• Delete: Request deletion of personal information
• Opt-Out: Prevent sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of exercising privacy rights

5.3 How to Exercise Your Rights

6. Data Retention

We retain information based on the following principles:

• Public Profiles: Updated regularly with automatic deletion policies (24 hours to 30 days based on service level)
• User Accounts: Retained while account is active plus 90 days after closure
• Audit Logs: Maintained for 12 months for security and compliance
• Legal Holds: Extended retention when required by law or legal proceedings

7. International Data Transfers

While our primary infrastructure is EU-based, we may transfer data internationally when necessary:

• All transfers comply with GDPR requirements
• We use Standard Contractual Clauses (SCCs) where required
• Data is encrypted during all transfers
• We assess privacy laws in destination countries

8. Third-Party Services

We work with carefully selected third parties:

• Infrastructure Providers: Cloud hosting and content delivery
• Analytics Services: Platform performance and usage analytics
• Payment Processors: Secure payment handling (PCI-DSS compliant)
• Communication Tools: Email and support services

All third parties are contractually bound to protect your information and can only use it as directed by us.

9. Cookies and Tracking

We use minimal, privacy-respecting tracking:

• Essential Cookies: Required for platform functionality
• Analytics Cookies: Help us understand platform usage (optional)
• No Third-Party Advertising: We don't use advertising cookies or trackers

You can manage cookie preferences through your browser settings or our cookie consent tool.

10. Children's Privacy

Openprofile is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we become aware of any such collection, we will promptly delete the information.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of significant changes through:

• Email notifications to registered users
• Prominent notices on our platform
• Updated "Last Modified" date at the top of this policy

12. Contact Information