Privacy Policy

Effective date: March 10, 2026 · Last updated: April 8, 2026

The short version

OpenFactory collects the minimum data needed to run the service, protect the platform, and deliver your operating systems. We do not sell data, we do not share it for advertising, and we do not use your builds or conversations to train models.

This policy explains what OpenFactory Inc. collects, why we collect it, how long we keep it, and what control you retain over that information across openfactory.tech and related services.

1. What we collect

We keep the scope narrow and tie collection to a specific operational need.

Account information

We store your name, email address, profile image, and authentication identifiers so you can sign in and manage your account.

Build and recipe data

We store your recipes, build settings, generated images, logs, and test results so you can create, review, rerun, and download your systems.

Conversation data

If you use AI-assisted build workflows, we store the conversation and any generated draft artifacts so the session can continue and the system can produce the requested output.

Security and usage data

We log IP addresses, user-agent strings, authentication events, and basic service telemetry to prevent abuse, investigate incidents, and maintain platform reliability.

Organization and integration data

If you belong to a team, we store organization membership, roles, and encrypted integration credentials for services that you explicitly connect.

2. How we use information

Run the service: Provision builds, store artifacts, execute tests, and make your account data available to you.
Secure the platform: Detect fraud, enforce access controls, investigate abuse, and maintain audit trails.
Communicate with you: Send account notices, build status updates, and security alerts.
Improve the product: Review anonymous or aggregated usage patterns on the marketing site and service surfaces to improve navigation and reliability.

3. What we do not do

We do not sell personal data.
We do not share data with advertisers or data brokers.
We do not use your builds, recipes, or conversations to train foundation models.
We do not profile you for advertising or ad targeting.

4. When we share data

We keep third-party access limited to infrastructure and service delivery.

Infrastructure providers: Cloud and hosting partners may process data necessary to operate the service under contractual controls.
AI and processing providers: Where the product uses a third-party model or processing backend, the provider only receives the data needed to fulfill the request under an applicable data-processing arrangement.
Analytics: We use analytics on marketing properties to understand page traffic in aggregate.
Legal obligations: We may disclose information when required by law, court order, or a valid legal process.

5. Retention

We retain data only as long as it remains useful for the service or necessary for security and compliance.

Data	Kept for	After deletion
Account information	While the account exists	Removed within 30 days
Builds and recipes	While the account exists	Removed within 30 days
ISO images	Up to 90 days after build	Purged automatically
Conversations	While the account exists	Removed within 30 days
Security logs	Typically 90 days	Purged automatically
Audit logs for regulated workflows	Up to 7 years when required	Retained as required by law or contract

Enterprise customers can negotiate different retention periods through a written agreement.

6. Your rights and controls

Access: Request a copy of the information we hold about you.
Correction: Ask us to correct inaccurate or incomplete account information.
Deletion: Request deletion of your account and associated data.
Portability: Export builds, recipes, and related configuration data where supported.
Objection: Object to processing where the law gives you that right.

We respond to privacy requests through privacy@openfactory.tech and normally complete them well before the 30-day mark.

7. Security and regulated use

Data is encrypted in transit and protected at rest with standard platform controls.
Build jobs run in isolated environments.
Access is governed by role-based controls and least-privilege principles.
We maintain audit trails and verification records for regulated deployment workflows.
Business Associate Agreements and regulated-environment commitments are available through enterprise agreements where applicable.

8. Cookies and analytics

We use a small number of cookies and similar technologies.

Cookie or signal	Purpose	Required
Session cookie	Keeps you signed in and maintains session state	Yes
Analytics cookies	Measure marketing-site traffic and navigation patterns	No

You can disable non-essential cookies in your browser. Core service functionality still works without analytics cookies.

9. Children and policy changes

Children

OpenFactory is not intended for children under 16, and we do not knowingly collect personal data from them.

Policy changes

If we make material changes to this policy, we will post the update here and, where appropriate, notify account holders in advance.

10. Contact

For privacy requests, data-processing questions, or regulated-environment inquiries, contact us here.

OpenFactory Inc.

Email: privacy@openfactory.tech

Website: openfactory.tech

If you are in the EEA or UK and believe we did not resolve a complaint appropriately, you may also contact your local data protection authority.