Privacy Policy

Effective date: April 9, 2026

1. Introduction

OPENSOSDATA LLC ("we", "us", "our") operates opensosdata.com and the OpenSOSData API. This Privacy Policy explains what information we collect, how we use it, and how we protect it.

We built OpenSOSData to be a developer-friendly, privacy-respecting data API. We do not sell your personal data, we do not use it for advertising, and we collect only what we need to operate the service and bill you for it.

2. Information We Collect

Account information

• Email address (required for account creation and key delivery)
• Name (optional, for personalization)
• Password (stored as a bcrypt hash, never in plaintext)

Usage data

• API calls made: which entity you searched, which state, the timestamp, response time, and whether the result came from cache
• Aggregate statistics: lookups today, this month, all time, cache hit rate

Billing data

• Credit balance and top-up history
• We do NOT store payment card numbers. All card processing is handled by Stripe under their privacy policy.

Technical data

• IP addresses and user agent strings (used for security, abuse detection, and rate limiting)
• HTTP request metadata logged by our infrastructure

Communications

• Emails you send to arthurandarcher@gmail.com or support@opensosdata.com

3. How We Use Your Information

• To provide and operate the API service
• To authenticate you and secure your account
• To calculate and display usage and billing
• To send transactional emails (API key delivery, billing alerts, password resets)
• To send service announcements (downtime notices, price changes, terms updates)
• To detect and prevent abuse, fraud, and security incidents
• To improve our service and fix bugs

4. Information We Do NOT Collect

• We do not collect payment card numbers (Stripe handles this)
• We do not sell your personal data to third parties
• We do not use your data for advertising or behavioral targeting
• We do not build consumer profiles
• We do not use third-party analytics or tracking cookies
• We do not share your usage data with marketing partners

5. The Business Entity Data We Retrieve

The core service of OpenSOSData is retrieving publicly available business entity information from US Secretary of State databases. This data includes registered agents, principal addresses, formation dates, and officer names where publicly available.

This data pertains to legal business entities and their registered agents. It is public government information obtained from official sources. We do not create this data or warrant its accuracy.

If you believe data about you appears incorrectly in a state Secretary of State database, contact the relevant Secretary of State office directly. We can only show you what the official source provides.

6. Data Sharing

We share limited data with the following third-party service providers solely to operate the service:

• Stripe for payment processing. Their privacy policy applies to payment card data.
• Resend for transactional email delivery (API key emails, billing alerts).
• Hetzner Online GmbH our server infrastructure provider in Helsinki, Finland.
• Cloudflare for DNS and CDN services.

We do not sell, rent, or share your data with data brokers, advertisers, marketing services, or any other third parties beyond what is listed above.

7. Data Retention

• Account data: retained while your account is active and for 2 years after account closure for legal and audit purposes.
• Lookup logs: retained for 2 years for billing reconciliation and audit.
• Cached entity data: retained for 7 days then automatically overwritten on the next lookup.
• Email logs: retained for 90 days.

You may request deletion of your account and associated data at any time by emailing arthurandarcher@gmail.com.

8. Cookies

We use minimal cookies:

• A single httpOnly session cookie (osd_user_token or osd_admin_token) to maintain your login state. This cookie is essential to the operation of the portal and cannot be disabled while logged in.
• A localStorage entry (osd-theme) to remember your light/dark theme preference. This is not a cookie and contains no personal data.

We do NOT use any tracking cookies, third-party analytics cookies, or advertising cookies.

9. Security

• Passwords are hashed with bcrypt at 12 rounds. We never store plaintext passwords.
• API keys are generated using cryptographically secure random sources.
• All traffic between you and our service is encrypted via TLS 1.2 or higher.
• Server access is restricted to SSH key authentication. No password SSH.
• Database backups are encrypted at rest.
• We log all administrative actions for audit purposes.

10. Your Rights

Regardless of where you live, you may at any time:

• Request a copy of all personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your account and associated data
• Opt out of non-transactional emails
• Withdraw consent for any optional data processing

To exercise any of these rights, email arthurandarcher@gmail.com. We will respond within 30 days.

11. Children

OpenSOSData is a B2B developer service not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it promptly.

12. International Users

OPENSOSDATA LLC operates from Montana, USA. Our servers are located in Helsinki, Finland (Hetzner). By using the service from outside the United States or the European Economic Area, you consent to the transfer and processing of your data in those locations.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to registered users at least 14 days before taking effect. The "Effective date" at the top of this document will reflect the date of the most recent revision.

14. Contact