Privacy Policy

OpenAttention is the product name used for this creator marketplace.

TODO before launch: add the legal controller name, registered address, jurisdiction and privacy contact email. These details are intentionally not fabricated.

Account data may include email address, role, authentication state and onboarding information.

Creator profile data may include display name, handle, bio, country, niche tags, logo or avatar, social handles and contact details selected by the creator.

Brand and agency data may include company details, job briefs, applicant decisions, messages, subscription state and payment workflow records.

Technical data may include cookies, session identifiers, logs, IP-derived security signals and device or browser information needed to operate the service.

We use data to create accounts, authenticate users, publish creator profiles, operate marketplace search, manage jobs, process payments, support reviews and maintain service security.

For GDPR purposes, legal bases may include contract performance, legitimate interests, legal obligations and consent where consent is required.

OpenAttention should not collect sensitive personal data unless it is strictly required for a clearly explained feature.

OpenAttention may share limited data with infrastructure, database, email, payment, analytics or security providers needed to run the product.

Current product integrations may include hosting, database, email delivery and Stripe billing or payment workflows.

OpenAttention does not sell personal data. If marketing or advertising tools are added later, this policy and cookie controls should be updated before use.

Account and profile data should be kept only as long as needed to provide the service, resolve disputes, meet legal obligations or maintain security.

Users may request deletion. Some payment, invoice, fraud prevention or legal records may be retained where required even after account deletion.

Phase 12 account self-service is designed around soft deletion first, with PII anonymization and a later hard-delete retention window.

Where GDPR applies, users may have rights to access, correct, delete, restrict, object to processing and receive a copy of personal data.

Users may also have the right to lodge a complaint with a supervisory authority in the EU or relevant local jurisdiction.

TODO before launch: add the verified privacy contact channel for GDPR requests.

OpenAttention may rely on providers that process data outside the user's country. Where required, appropriate safeguards such as standard contractual clauses should be used.

The product should keep public positioning global while maintaining EU privacy expectations for creators and brands.