Privacy Policy
At OpenAdapt.AI, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and safeguard the information you provide when using our products and services, including through our website hosted on Netlify.
1. Data Collection and Usage
The open-source engine records screenshots and GUI input locally to compile and replay a workflow. Recordings, compiled bundles, and machine-readable reports can contain Personally Identifiable Information (PII) or Protected Health Information (PHI). A compiled bundle is not de-identified or PHI-free by construction. These artifacts stay local by default. A hosted upload is made from a sanitized derivative, never by assuming compilation removed sensitive data. The sanitation process inventories and transforms supported content, rescans it, records unresolved findings and tool versions in a manifest, and binds approval to the derivative's cryptographic hash. Policy can require local review before upload. Unknown or unsuccessfully transformed content is refused rather than copied through. The separate report-break path sends only a minimized break descriptor. We may also collect hosted account, billing, usage, support, website-form, and analytics data needed to provide the service.
2. Third-Party Services
The engine can connect to an explicitly configured local or remote model endpoint for optional repair assistance. Relevant screenshots or crops may cross the boundary of a remote endpoint; healthy replay does not call a model. Hosted control-plane and runner infrastructure, website forms, hosting, analytics, Stripe payment processing, and any model endpoint are separate third-party services governed by their own terms and privacy policies.
3. Email Address Collection
For updates, support, and user registration, we collect email addresses via our website. This collection is facilitated through Netlify forms, which are used solely for the purpose of communication and service enhancement. We do not share your email with third parties without your consent, except as required for providing the services you've requested or for legal compliance. Users who wish to opt-out of future communications can do so at any time by using the unsubscribe link included in our emails or by contacting us directly.
4. Data Security
Declared password and secret fields are injected at replay rather than written into recordings. Other captured values, screenshots, identity evidence, bundles, and reports remain sensitive local artifacts and require appropriate filesystem access, encryption, retention, endpoint, and deletion controls. The local original remains sensitive and is never made safe by creation of a derivative. Runtime observations can reintroduce sensitive data after a recording was sanitized; PHI-bearing screenshots and logs must remain within the declared trusted execution boundary. No method of transmission or storage is completely secure. See the current security and data-boundary page before evaluating regulated data.
5. Children's Privacy
Our products and services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children.
6. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on our website, and we encourage you to review it periodically.