Privacy Policy

Data Controller

OpenPay.fyi acts as the data controller for the personal data we process. We are responsible for determining the purposes and means of processing your personal data.

Contact Information

EU Representative

If you are in the European Union and have questions about our data processing activities, you may contact our EU representative at: eu-representative@openpay.fyi

3.1 Personal Information You Provide

• Contact Information: Email address, name (if provided)
• Account Information: Username, password, profile preferences
• Communication Data: Messages, feedback, support requests
• Survey Responses: Voluntary feedback and survey responses

3.2 Employment and Compensation Data

• Compensation Details: Base salary, bonuses, stock options, total compensation
• Job Information: Job title, career level, department, role description
• Company Information: Company name, company size, industry sector
• Location Data: Country, city, specific location (if provided)
• Experience Data: Years of experience, previous roles, career progression
• Education Information: Degree level, field of study, certifications
• Work Arrangements: Remote, hybrid, in-office preferences
• Benefits Information: Health insurance, retirement plans, perks, allowances
• Performance Data: Performance ratings, promotion history (if shared)

3.3 Automatically Collected Information

• Device Information: Device type, operating system, browser type and version
• Network Information: IP address, internet service provider, connection type
• Usage Data: Pages visited, time spent, click patterns, search queries
• Technical Data: Screen resolution, language settings, time zone
• Referral Information: Referring website, marketing campaign source
• Session Data: Session duration, pages per session, bounce rate
• Performance Data: Page load times, error logs, crash reports

3.4 Cookies and Tracking Data

• Essential Cookies: Session management, security, basic functionality
• Analytics Cookies: Usage statistics, performance metrics
• Preference Cookies: User settings, language preferences
• Marketing Cookies: Advertising effectiveness, campaign tracking
• Third-Party Cookies: Social media integrations, embedded content

3.5 Sensitive Personal Information

We may collect certain categories of sensitive personal information, including:

• Demographic information (age range, gender, ethnicity) - voluntary
• Financial information (salary, compensation details)
• Professional information (employment history, performance data)

We only collect sensitive information with your explicit consent and for specific, legitimate purposes.

4.1 Direct Collection

• Information you provide when submitting salary data
• Account registration and profile creation
• Contact forms and support requests
• Survey responses and feedback
• Email communications and newsletters

4.2 Automatic Collection

• Web server logs and access logs
• Cookies and similar tracking technologies
• Analytics tools and services
• Error tracking and performance monitoring
• Security monitoring and fraud detection

4.3 Third-Party Sources

• Social media platforms (if you choose to connect)
• Professional networking sites
• Marketing and advertising partners
• Data enrichment services
• Public databases and directories

5.1 Primary Purposes

• Provide and maintain our salary transparency platform
• Process, anonymize, and display salary data
• Generate salary statistics, trends, and market insights
• Create aggregated reports and analytics
• Facilitate salary comparisons and benchmarking

5.2 Platform Operations

• User account management and authentication
• Customer support and technical assistance
• Platform security and fraud prevention
• Quality assurance and data validation
• System maintenance and updates

5.3 Communication and Marketing

• Send service-related notifications and updates
• Respond to inquiries and support requests
• Provide newsletters and market insights (with consent)
• Conduct surveys and gather feedback
• Send promotional materials (with consent)

5.4 Analytics and Improvement

• Analyze usage patterns and user behavior
• Improve platform functionality and user experience
• Develop new features and services
• Conduct research and statistical analysis
• Performance optimization and troubleshooting

5.5 Legal and Compliance

• Comply with legal obligations and regulations
• Respond to legal requests and court orders
• Protect our rights and intellectual property
• Enforce our Terms of Service
• Prevent fraud and unauthorized access

6.1 Consent

We process your personal data based on your explicit consent when you:

• Voluntarily submit salary and employment data
• Subscribe to newsletters or marketing communications
• Participate in surveys or feedback collection
• Accept non-essential cookies

6.2 Legitimate Interests

We process your personal data based on our legitimate interests to:

• Operate and improve our platform
• Ensure platform security and prevent fraud
• Conduct analytics and research
• Provide customer support
• Enforce our terms and policies

6.3 Contractual Necessity

We process your personal data when necessary to:

• Provide our services as agreed
• Maintain your account
• Process your requests
• Fulfill our obligations under our Terms of Service

6.4 Legal Obligation

We process your personal data when required by law to:

• Comply with applicable regulations
• Respond to legal requests
• Maintain records as required by law
• Report to regulatory authorities

7.1 Public Display of Anonymized Data

We display salary and employment data publicly on our platform after anonymization and aggregation. We implement various techniques to protect individual privacy:

• Removal of direct personal identifiers
• Data aggregation and statistical grouping
• Suppression of small sample sizes
• Addition of statistical noise where appropriate
• Geographic generalization

7.2 Service Providers and Processors

We may share your information with trusted third-party service providers who assist us with:

• Cloud Infrastructure: AWS, Google Cloud, Microsoft Azure
• Analytics: Google Analytics, Mixpanel, Amplitude
• Email Services: SendGrid, Mailchimp, Amazon SES
• Customer Support: Zendesk, Intercom
• Security: Cloudflare, security monitoring services
• Payment Processing: Stripe, PayPal (if applicable)

All service providers are bound by data processing agreements and security requirements.

7.3 Business Transfers

In the event of a merger, acquisition, sale, or other business transfer, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

7.4 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users
• Investigate potential violations of our terms
• Prevent fraud or illegal activities

7.5 Consent-Based Sharing

We may share your information with third parties when you provide explicit consent for such sharing.

8.1 Technical Safeguards

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Network Security: Firewalls, intrusion detection systems
• Regular Security Audits: Penetration testing, vulnerability assessments
• Secure Development: Security code reviews, secure coding practices

8.2 Organizational Safeguards

• Employee Training: Regular privacy and security training
• Access Management: Principle of least privilege, regular access reviews
• Incident Response: Documented procedures for security incidents
• Vendor Management: Security requirements for all service providers
• Data Minimization: Collect only necessary data

8.3 Infrastructure Security

• Secure cloud infrastructure with leading providers
• Regular security updates and patches
• Automated monitoring and alerting
• Backup and disaster recovery procedures
• Physical security controls for data centers

8.4 Data Anonymization

• Advanced anonymization techniques
• Statistical disclosure control
• Differential privacy methods
• Regular anonymization effectiveness reviews
• Separation of identifiable and anonymized data

9.1 Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

9.2 Specific Retention Periods

• Salary Data: Retained indefinitely in anonymized form for statistical purposes
• Personal Identifiers: Deleted or anonymized within 30 days of data submission
• Account Information: Retained while account is active, deleted within 90 days of account closure
• Usage Data: Retained for up to 26 months for analytics purposes
• Communication Records: Retained for up to 7 years for legal and compliance purposes
• Security Logs: Retained for up to 13 months for security monitoring
• Marketing Data: Retained until consent is withdrawn or for 3 years, whichever is sooner

9.3 Data Deletion

When data is no longer needed, we securely delete it using industry-standard methods:

• Secure deletion from active systems
• Removal from backup systems
• Destruction of physical media
• Verification of deletion completeness

10.1 Universal Rights

Regardless of your location, you have the following rights:

• Right to Information: Know what personal data we collect and how we use it
• Right to Access: Request copies of your personal data
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data
• Right to Object: Object to certain types of processing

10.2 GDPR Rights (EU/EEA/UK)

If you are in the EU, EEA, or UK, you also have:

• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion in specific circumstances
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

10.3 How to Exercise Your Rights

To exercise your privacy rights:

• Email us at: privacy@openpay.fyi
• Use our online privacy request form (when available)
• Contact our Data Protection Officer at: dpo@openpay.fyi

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10.4 Limitations

Your rights may be limited in certain circumstances, such as:

• When data is needed for legal compliance
• For the establishment, exercise, or defense of legal claims
• When data has been anonymized and cannot be re-identified
• When deletion would harm freedom of expression or information

11.1 Transfer Locations

Your personal data may be transferred to and processed in countries outside your home country, including the United States, European Union, and other jurisdictions where our service providers operate.

11.2 Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards:

• Adequacy Decisions: Transfers to countries with adequate protection levels
• Standard Contractual Clauses: EU-approved contractual protections
• Binding Corporate Rules: Internal data protection rules
• Certification Schemes: Industry-recognized privacy certifications
• Codes of Conduct: Industry privacy standards

11.3 US-Specific Transfers

For transfers to the United States, we rely on:

• Standard Contractual Clauses with additional safeguards
• Service provider certifications (e.g., SOC 2, ISO 27001)
• Contractual commitments to data protection principles

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We also use similar technologies like web beacons, pixels, and local storage.

12.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality
• Performance Cookies: Help us understand how you use our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements

12.3 Cookie Duration

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain on your device for a set period

12.4 Managing Cookies

You can control cookies through:

• Your browser settings
• Our cookie preference center
• Third-party opt-out tools

Note: Disabling certain cookies may affect website functionality.

12.5 Third-Party Cookies

We may use third-party services that set their own cookies:

• Google Analytics for website analytics
• Social media platforms for sharing features
• Advertising networks for relevant ads
• Customer support tools

13.1 Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13.2 Social Media Integration

If you choose to connect your social media accounts, we may collect information from those platforms in accordance with their terms and your privacy settings.

13.3 Third-Party Analytics

We use third-party analytics services to understand website usage:

• Google Analytics - Privacy Policy
• Other analytics providers as disclosed in our cookie policy

14.1 Age Restrictions

Our Platform is not intended for children under the age of 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age.

14.2 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@openpay.fyi. We will take steps to remove such information.

14.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws regarding children's privacy.

15.1 California Consumer Rights

If you are a California resident, you have the right to:

• Know: What personal information we collect, use, and share
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of your personal information
• Non-Discrimination: Not be discriminated against for exercising your rights

15.2 Categories of Information

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (email, IP address)
• Commercial information (usage data)
• Internet activity (browsing behavior)
• Professional information (employment data)
• Sensitive personal information (salary data)

15.3 Sale of Personal Information

We do not sell your personal information to third parties. We may share anonymized, aggregated data that does not identify you personally.

15.4 Exercising Your Rights

To exercise your California privacy rights:

• Email: privacy@openpay.fyi
• Subject line: "California Privacy Rights Request"
• Include: Your name, email, and specific request

17.1 Breach Response

In the event of a data breach that may affect your personal information, we will:

• Assess the scope and impact of the breach
• Take immediate steps to contain the breach
• Notify relevant authorities as required by law
• Notify affected users without undue delay
• Provide guidance on protective measures

17.2 Notification Timeline

We will notify you of any breach within 72 hours of discovery (or as required by applicable law) if the breach is likely to result in a high risk to your rights and freedoms.

18.1 Automated Processing

We may use automated processing for:

• Data quality checks and validation
• Fraud detection and prevention
• Platform security monitoring
• Analytics and reporting

18.2 Your Rights

You have the right not to be subject to automated decision-making that produces legal effects or significantly affects you. You can request human review of automated decisions.

19.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

19.2 Notification

We will notify you of material changes by:

• Posting the updated policy on our Platform
• Updating the "Last Updated" date
• Sending email notifications for significant changes
• Displaying prominent notices on our Platform

19.3 Continued Use

Your continued use of our Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

20.1 Privacy Questions

If you have any questions about this Privacy Policy or our data practices, please contact us:

20.2 Regulatory Complaints

You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

• EU/EEA: Your national data protection authority
• UK: Information Commissioner's Office (ICO)
• California: California Attorney General

20.3 Emergency Contact

For urgent privacy or security matters, contact us immediately at: security@openpay.fyi