← Back to OpenABGPrivacy Policy
Last updated: May 14, 2026
This Privacy Policy explains how OpenABG ("we," "us," or "our") collects, uses, and shares information about you when you use our service.
By using OpenABG, you agree to the practices described here. If you do not agree, do not use the Service.
1. Information We Collect
Information you provide
- Account information: email address and password (stored as a salted hash via Supabase Auth — never in plain text).
- Scenarios: text descriptions you submit to generate openers.
- Uploaded photos: images you submit for Vibe Check analysis.
- Generated content: openers and vibe-check results stored in your per-user archive.
- Payment information: handled directly by Stripe. We receive only transaction metadata (amount, success/failure timestamp, currency, last 4 digits of card). We do not store full card numbers, CVCs, or expiration dates.
- Support correspondence: anything you email to hello@openabg.com.
Information collected automatically
- Session cookies: required for authentication. Encrypted, signed, and tied to your active sign-in. Cleared when you sign out.
- Server logs: standard request metadata (timestamp, IP address, user agent, endpoint hit) retained for approximately 30 days for debugging and abuse prevention.
- Aggregate usage data: anonymized counts of API calls, generations, and errors for monitoring service quality.
We do not use third-party analytics, advertising trackers, or social media pixels.
2. How We Use Your Information
We use your information to:
- Provide, operate, and improve the Service.
- Process payments and grant credits.
- Maintain your account and archive.
- Respond to support requests.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not:
- Sell your information.
- Share your information with advertisers.
- Use your scenarios, photos, or generated content to train AI models.
- Read your archive except as necessary for support, security, or legal compliance.
3. AI Processing
When you generate an opener or run a Vibe Check, your input (scenario text and/or uploaded photo) is:
- Sent securely from our server to Anthropic's API.
- Processed by Anthropic's Claude model.
- Returned to our server as a generated output.
Anthropic has its own privacy practices (see anthropic.com/legal). As of the date of this Policy, Anthropic does not train its models on data submitted via its API. Inputs are processed in-memory and not retained beyond the request lifecycle.
4. Photo Storage
Photos you upload for Vibe Check are:
- Processed on our server (resized, rotation corrected, re-encoded as JPEG).
- Stored in Supabase Storage at a path scoped to your user ID.
- Accessible only to you, enforced by database row-level security.
- Deleted when you delete the corresponding archive entry or your account.
We strongly recommend that you do not upload photos of identifiable individuals without their consent. The Vibe Check feature is designed to analyze venues and general crowd vibe, not individuals.
5. Third-Party Service Providers
We rely on the following providers, each of whom may process your information for the limited purpose described:
| Provider | Purpose | Region |
|---|
| Anthropic | AI model inference | United States |
| Supabase | Database, authentication, file storage | United States (Oregon) |
| Stripe | Payment processing | United States |
| Vercel | Application hosting | United States |
Each provider has its own privacy policy and is contractually obligated not to misuse your data.
6. Data Retention
- Account information: kept while your account is active, plus 90 days after deletion to handle disputes, fraud claims, and legal obligations.
- Generated content (openers + vibe checks): kept until you delete it or your account.
- Uploaded photos: kept until you delete the corresponding archive entry or your account.
- Server logs: approximately 30 days.
- Payment records: kept for 7 years to comply with tax and financial reporting laws (Stripe is the primary record-holder).
When you delete your account:
- Your auth record, user row, archive entries, and stored photos are scheduled for permanent deletion within 30 days.
- Anonymized aggregate analytics (e.g., total API calls in a month) are retained.
- Payment records are retained as required by law.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: request a copy of the personal information we hold about you.
- Correct: ask us to fix inaccurate or incomplete information.
- Delete: ask us to delete your personal information, subject to legal retention requirements.
- Port: receive your data in a portable, structured format.
- Object/Restrict: limit how we use your information.
- Withdraw consent: where our processing is based on your consent.
To exercise any of these rights, email hello@openabg.com from the address associated with your account. We will respond within 30 days.
California residents (CCPA / CPRA)
You have the rights above plus the right to know the categories of personal information we collect, the purposes for which we use it, the categories of sources, and the categories of third parties with whom we share it. We do not sell or share personal information for cross-context behavioral advertising.
EU/UK residents (GDPR / UK GDPR)
We rely on the following legal bases for processing:
- Contract: to provide the Service you signed up for.
- Legitimate interests: to prevent abuse, secure the Service, improve quality.
- Consent: where you have opted in (e.g., future marketing emails, if offered).
- Legal obligation: to comply with tax, billing, and applicable law.
You have the right to lodge a complaint with your local data protection authority.
8. Cookies
We use only essential cookies — specifically, Supabase's authentication cookies, which:
- Are required for sign-in to function.
- Are encrypted and signed by Supabase.
- Expire when you sign out or after a period of inactivity.
- Cannot be disabled while remaining signed in.
We do not use advertising cookies, analytics cookies, or third-party trackers.
9. Children
OpenABG is only for users 18 and older. We do not knowingly collect information from anyone under 18. If you believe a minor has created an account, email hello@openabg.com and we will delete it promptly.
10. Security
We implement reasonable technical and organizational measures to protect your information, including:
- HTTPS-encrypted connections for all data in transit.
- Password hashing and session-token authentication via Supabase.
- Row-level security on database tables (you can only see your own data).
- Restricted access to production credentials.
- Webhook signature verification for payment events.
No system is 100% secure. You are responsible for keeping your account password confidential.
11. International Transfers
We process information in the United States. If you are accessing the Service from outside the U.S., you are transferring your information to the U.S., where data protection laws may differ from those of your jurisdiction.
For EU/UK users, we rely on the appropriate transfer mechanisms (Standard Contractual Clauses, where applicable) with our service providers.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated through the Service or by email at least 7 days before they take effect.
The "Last updated" date at the top reflects the most recent revision.
13. Contact
For privacy questions, requests, or complaints, email hello@openabg.com.