open-record.org

Privacy Policy

Last updated: July 8, 2026

open-record.org helps people request, organize, and understand personal records. We collect only the information needed to operate the service, respond to requests, and maintain account security.

Information We Process

We may process contact details, request metadata, user-provided files or messages, authentication records, and operational logs needed to provide and secure the service.

How We Use Information

We use information to provide user-directed record request workflows, send authorized messages, maintain security, debug reliability issues, and comply with legal obligations.

Subprocessors

These are every third party that processes personal information on our behalf, what they do, and where your data physically sits. Your data is stored in the European Union. Several of these companies are US-incorporated, which is a separate question from where the data lives — we name both.

OpenAI is the only subprocessor to which personal data leaves the European Union, and only for the identity document described below.

Identity Document Processing

If you upload an identity document, the image is stored in private, EU-resident object storage and is sent once to OpenAI (a US-based subprocessor) to extract document fields such as name and expiry date. The extraction result only assists a manual review by the open-record.org operator — verification decisions are always made by a person. Every access to your identity document is logged, raw images are deleted on a fixed retention schedule (90 days after verification, 7 days after rejection), and you can request earlier deletion at any time.

Your Choices

You can contact us to request access, correction, deletion, or export of personal information associated with your use of open-record.org.

Contact

For privacy questions, contact alberto@open-record.org.