Legal

Privacy Policy

Last updated: March 2026

1. Who We Are

OpenTraid ("we", "us") operates the commerce API and website at opentraid.com. We are based in Berlin, Germany. This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

When you join the waitlist:

  • Email address
  • Self-selected role (e.g. "OpenClaw user", "Agent developer")

When you use the API:

  • API key (hashed, not stored in plaintext)
  • Search queries sent to the API
  • Request metadata (IP address, timestamps, user agent)
  • Usage metrics (request counts, endpoints called)

When you visit the website:

  • We do not use cookies for tracking
  • We do not use third-party analytics
  • Basic server logs may record IP addresses for security purposes

3. How We Use Your Data

  • To provide and maintain the Service
  • To issue and authenticate API keys
  • To send you your API key and onboarding information
  • To monitor usage and enforce rate limits
  • To improve search quality and relevance
  • To communicate service updates or changes

We do not sell your personal data. We do not use your search queries for advertising.

4. Legal Basis (GDPR)

  • Contract performance: Processing necessary to provide the API service you signed up for
  • Legitimate interest: Security monitoring, abuse prevention, service improvement
  • Consent: Waitlist signup and optional communications

5. Data Sharing

We share data only with:

  • Infrastructure providers: Hosting (Hetzner, Germany), DNS, and CDN services necessary to operate the Service
  • Affiliate networks: When you click a purchase link, the affiliate network may receive a click identifier. No personal data is shared by us.

We do not share your data with advertisers, data brokers, or other third parties for their own purposes.

6. Data Storage & Security

Your data is stored on servers in Germany (Hetzner). API keys are stored as hashed values — we cannot retrieve your original key. We use encryption in transit (TLS) and follow industry-standard security practices.

7. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • API logs: Retained for 90 days for debugging and abuse prevention, then deleted
  • Waitlist data: Retained until you are onboarded or request deletion

8. Your Rights (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. International Transfers

Your data is processed and stored within the EU (Germany). We do not transfer personal data outside the European Economic Area unless required by a sub-processor with appropriate safeguards (Standard Contractual Clauses).

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about your privacy? Email us at [email protected].