🔒 Privacy Policy

Transparent information about your data at OpenSelf

💡 Your data belongs to you

OpenSelf is a platform – the profiles on *.openself.page are created by the users themselves. OpenSelf has no influence on this content and is not responsible for its accuracy. You alone control what you publish.

What data do we store?

📄 Profile data (public)

Name, title, description, pinboard, skills, products, services, Nostr public key

💬 Chat media (private)

Images and voice messages you send in the chat. Encrypted with NIP-44.

📇 Contact list (private)

Your saved contacts are stored on our servers with authentication – only you can access them (cryptographically signed requests).

📁 Directory entry (optional)

If you register in the public directory, your name, bio and tags are stored.

🔗 Invitation data

Invite clicks: When someone opens an invitation link, we store the inviter's subdomain, the timestamp and the referrer URL (where the click came from). Upon successful registration, the assignment is stored (who invited whom).
Pending contacts: During invitations, we temporarily store the subdomains and names of both parties to establish the contact connection. This data is marked as processed after acceptance.

🔔 Push notifications (optional)

If you enable push notifications, we store your push endpoint and the associated keys. These are used exclusively to send you notifications about new messages.

⚙️ Technical data

Upload rate limits (temporary), AI search index for profile search, and invitation attribution (who invited you, when, through which channel).

🤖 OSAI – AI Assistant (optional)

When you use the AI assistant OSAI, the following data is processed:

Text messages: Your inputs to OSAI are sent to our AI server (openself-ai.muckulus.workers.dev) and processed by an AI model there. Messages are not permanently stored – they are only used for the duration of processing.
Voice recognition (Whisper): If you use voice input (long press the OSAI button), your audio recording is sent as a Base64-encoded file to our server and converted to text using OpenAI Whisper. Audio data is not stored and is discarded immediately after transcription.
Third-party provider: For AI processing, we use services from OpenAI (USA). The OpenAI privacy policy applies. Data transfer to the USA is based on Art. 49(1)(a) GDPR (consent through activation of OSAI).
Default: OSAI is enabled by default. You can deactivate it at any time in the settings. Use is entirely voluntary.

Where is data stored?

All data is stored on Cloudflare infrastructure (R2, D1, Workers KV). Cloudflare has concluded a Data Processing Agreement (DPA) with us. We do not use any external tracking services or analytics.

Cookies & local storage

OpenSelf sets one single functional cookie:

oi (Invite cookie): When you open an invitation link (openself.page/invite/...), a cookie is set containing the inviter's subdomain. This cookie allows the invitation to be restored even after an app installation (e.g. after redirecting to the Play Store). The cookie is deleted immediately after one-time use and has a maximum lifetime of 7 days. Legal basis: Technically necessary for contract performance (Art. 6(1)(b) GDPR), as it ensures the intended contact connection across device/browser changes.

All other application data (keys, settings, chat history) is stored exclusively in your browser (localStorage, IndexedDB). This data does not leave your device. Cloudflare may set technically necessary cookies (e.g. __cflb for load balancing) – these are exempt from consent requirements (Art. 5(3) ePrivacy Directive 2002/58/EC). A cookie banner is therefore not required.

Why do we store this data?

📋 Legal basis (Art. 6 GDPR)

Performance of contract (Art. 6(1)(b)): Storing your profile data is necessary to provide you with the service (public profile, chat).

🎯 Purpose of processing

Your data is used to display your public profile, enable the chat function, make you discoverable in the directory (if desired), establish contact connections through invitation links, and send push notifications (if activated).

🛡️ Admin access

The platform operator has access to aggregated usage statistics via a protected admin dashboard (number of profiles, invite clicks, referrals). This access serves exclusively for platform maintenance and is protected by a separate secret (admin secret). No automated decision-making or profiling takes place.

How long do we store data?

Profile data: Until you delete it
Chat media: Until you delete it
Push subscriptions: Until you deactivate them or delete your profile
Invite clicks: Until deletion of the associated profile
Pending contacts: Until acceptance or deletion of the profile
Rate limits: Automatically after 24h (temporary)
Directory: Until you unregister or delete
OSAI data: Not stored – processing in real-time only, then discarded

Data controller

Jeremias Muck Torpier (OpenSelf)
Mont. Casa das Corgas
7665-891 Luzianes-Gare, Portugal
NIF: 241632994
Email: privacy@openself.page

OpenSelf is an open-source project. The source code is available on GitHub. Full legal notice: Impressum.

Complete deletion

When you delete your profile, all data mentioned above is removed:

Profile files (HTML, JSON, Agent)
Chat images & voice messages
Contact list
Directory entry
AI search index
Invitation data & pending contacts
Push subscriptions
Rate limit data

🗑️ Delete profile

Enter your email address to receive a deletion code:

I have a deletion code from the Wizard →

⚠️ Nostr Events

Events on external Nostr relays can only be removed via NIP-09 Delete Event. These are beyond our control.

🛡️ Child Safety Standards

👶 Protection of Minors

OpenSelf is not intended for persons under 16 years of age. We do not knowingly collect data from children. If we become aware that a user is under 16, their profile will be removed immediately.

🚫 Zero Tolerance for CSAM

OpenSelf has a zero-tolerance policy regarding Child Sexual Abuse Material (CSAM) and any form of child exploitation. Any content depicting, promoting, or facilitating the sexual exploitation or abuse of minors is strictly prohibited and will be removed immediately upon detection or report.

📢 Reporting

If you encounter any content on OpenSelf that may involve child exploitation or abuse, please report it immediately to contact@openself.page. We will investigate all reports promptly and take appropriate action, including:

Immediate removal of the content
Permanent suspension of the offending account
Reporting to the relevant law enforcement authorities and organizations such as NCMEC and INHOPE

🤝 Cooperation with Authorities

OpenSelf cooperates fully with law enforcement agencies investigating child exploitation. We will preserve and disclose relevant data as required by law.

Your rights (Art. 15–21 GDPR)

Access (Art. 15): You can view your stored data at any time via your subdomain or request a complete data export.
Rectification (Art. 16): You can correct inaccurate data at any time through the app.
Erasure (Art. 17): Using your deletion code or via email, you can completely remove all data.
Restriction (Art. 18): You can request restriction of processing.
Data portability (Art. 20): Your profile is standardized (Schema.org, llms.txt) and exportable.
Objection (Art. 21): You can object to the processing of your data at any time.
Complaint: You have the right to lodge a complaint with a data protection supervisory authority. In Portugal: CNPD (Comissão Nacional de Proteção de Dados).

Contact

For privacy-related questions, you can reach us via Nostr or by email at privacy@openself.page.