🛡️ Privacy First
We don't track you. We don't sell your data. We don't use surveillance capitalism.
Privacy Policy Overview and Definitions
The Open Research Initiative for Web Technologies Foundation ("ORI.WTF", "we", "us", "our", "the Foundation", or "the Organization") is committed to protecting the privacy and personal data of all users ("User", "you", "your", "Data Subject", or "Individual") who access, use, or interact with our comprehensive ecosystem of technological services, applications, platforms, and systems.
This Privacy Policy ("Policy") explains how we collect, process, store, use, disclose, and protect personal information in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), and other regional privacy regulations.
Definitions: For purposes of this Policy, "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to identifiers, characteristics, commercial information, internet activity, geolocation data, audio/visual information, professional information, education information, and inferences drawn from personal information.
Scope of Services and Data Processing Activities
ORI.WTF operates a diverse portfolio of technological services that may involve the processing of personal data:
- File Sharing and Storage Services: Processing of file metadata, access logs, user preferences, and sharing permissions
- Image and Media Manipulation Platforms: Processing of uploaded images, user preferences, processing parameters, and output metadata
- Artificial Intelligence and Machine Learning Systems: Processing of training data, user inputs, model outputs, interaction patterns, and performance metrics
- Peer-to-Peer Networks: Processing of network identifiers, connection logs, bandwidth usage, and routing information
- Encryption and Security Services: Processing of cryptographic keys, authentication tokens, access logs, and security events
- Blockchain and Smart Contract Platforms: Processing of wallet addresses, transaction data, contract interactions, and network participation
- Cloud Computing Infrastructure: Processing of resource usage, performance metrics, billing information, and system logs
- Data Processing and Analytics Systems: Processing of datasets, analysis results, user queries, and system performance data
Categories of Personal Data We Collect
We may collect, process, and store the following categories of personal data:
| Data Category |
Specific Data Types |
Legal Basis |
Retention Period |
| Identity Information |
Name, email address, username, user ID, account credentials |
Contract performance, legitimate interests |
Duration of account + 7 years |
| Contact Information |
Email address, phone number, mailing address, communication preferences |
Contract performance, consent |
Until withdrawal of consent |
| Technical Information |
IP address, device identifiers, browser type, operating system, user agent |
Legitimate interests, legal obligation |
2 years maximum |
| Usage Information |
Access logs, clickstream data, feature usage, session duration, error logs |
Legitimate interests, contract performance |
1 year maximum |
| Content Data |
Uploaded files, generated content, user inputs, processing results |
Contract performance, consent |
As specified in service terms |
| Location Data |
IP geolocation, approximate location, time zone |
Legitimate interests, legal obligation |
6 months maximum |
| Financial Information |
Payment methods, billing addresses, transaction history, subscription details |
Contract performance, legal obligation |
7 years for tax compliance |
| Communication Data |
Support tickets, feedback, survey responses, correspondence |
Contract performance, legitimate interests |
3 years maximum |
Legal Basis for Processing Personal Data
We process personal data based on the following legal grounds under applicable data protection laws:
- Contract Performance: Processing necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract
- Legitimate Interests: Processing necessary for our legitimate interests or those of third parties, including service improvement, security, fraud prevention, and business operations
- Consent: Processing based on explicit, informed, and freely given consent that can be withdrawn at any time
- Legal Obligation: Processing necessary to comply with legal obligations, including tax, accounting, and regulatory requirements
- Vital Interests: Processing necessary to protect the vital interests of the data subject or another natural person
- Public Task: Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Purposes of Data Processing
We process personal data for the following specific purposes:
- Service Provision: Delivering, maintaining, and improving our technological services and platforms
- User Authentication: Verifying user identity, managing accounts, and ensuring secure access
- Communication: Responding to inquiries, providing support, and sending important service updates
- Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activities
- Legal Compliance: Meeting regulatory requirements, responding to legal requests, and maintaining compliance records
- Research and Development: Improving services, developing new features, and conducting research in web technologies
- Analytics and Performance: Understanding usage patterns, optimizing performance, and improving user experience
- Business Operations: Managing relationships, processing payments, and conducting business activities
Data Collection Methods and Sources
We collect personal data through various methods and sources:
- Direct Collection: Information provided directly by users through registration, forms, uploads, and communications
- Automatic Collection: Data collected automatically through cookies, log files, analytics tools, and system monitoring
- Third-Party Sources: Information received from partners, service providers, and publicly available sources
- User-Generated Content: Content created, uploaded, or generated by users through our services
- Device Information: Technical data collected from devices, browsers, and applications
- Network Information: Data collected from network communications, protocols, and infrastructure
Data Sharing and Disclosure
We may share personal data with the following categories of recipients:
- Service Providers: Third-party vendors who assist in providing services, including hosting, analytics, payment processing, and customer support
- Business Partners: Strategic partners and collaborators who provide complementary services or technologies
- Legal Authorities: Government agencies, law enforcement, and regulatory bodies when required by law or to protect rights
- Affiliates: Related companies, subsidiaries, and entities under common control
- Acquirers: Entities involved in mergers, acquisitions, or other business transactions
- Public Information: Information that users choose to make public through our services
Data Sharing Restrictions: We do not sell, rent, or trade personal data to third parties for marketing purposes. All data sharing is subject to appropriate safeguards and contractual protections.
International Data Transfers
Personal data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers:
- Adequacy Decisions: Transfers to countries with adequate data protection laws
- Standard Contractual Clauses: EU-approved contractual clauses for data transfers
- Binding Corporate Rules: Internal policies and procedures for data protection
- Certification Schemes: Participation in recognized privacy certification programs
- Consent: Explicit consent for transfers to countries without adequate protection
Transfer Impact Assessments: We conduct assessments to evaluate risks associated with international transfers and implement additional safeguards when necessary.
Data Security and Protection Measures
We implement comprehensive security measures to protect personal data:
- Technical Safeguards: Encryption in transit and at rest, access controls, firewalls, intrusion detection, and security monitoring
- Administrative Safeguards: Privacy by design, data minimization, regular security training, and incident response procedures
- Physical Safeguards: Secure data centers, environmental controls, and restricted access to facilities
- Organizational Safeguards: Data protection policies, privacy impact assessments, and regular security audits
- Operational Safeguards: Backup and recovery procedures, business continuity planning, and disaster recovery protocols
Security Incident Response: We maintain procedures for detecting, reporting, and responding to security incidents, including data breaches, and will notify affected individuals and authorities as required by law.
Data Retention and Deletion
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy:
- Account Data: Retained for the duration of the account plus applicable legal retention periods
- Usage Data: Retained for up to 2 years for analytics and service improvement
- Communication Data: Retained for up to 3 years for support and legal purposes
- Financial Data: Retained for 7 years for tax and accounting compliance
- Legal Data: Retained as required by applicable laws and regulations
Data Deletion: Upon expiration of retention periods or upon request, personal data is securely deleted using industry-standard methods that prevent recovery.
Your Privacy Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request information about the personal data we process about you
- Right of Rectification: Request correction of inaccurate or incomplete personal data
- Right of Erasure: Request deletion of your personal data under certain circumstances
- Right of Portability: Request a copy of your data in a structured, machine-readable format
- Right to Restrict Processing: Request limitation of how we process your personal data
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent for processing based on consent
- Right to Non-Discrimination: Exercise privacy rights without discrimination
Exercising Your Rights: To exercise these rights, contact us at [email protected]. We will respond to requests within the timeframes required by applicable law.
Cookies and Tracking Technologies
Cookie Policy and Tracking Technologies:
- Essential Cookies: Necessary for basic website functionality and security
- Analytics Cookies: Used to understand usage patterns and improve services (anonymized)
- Preference Cookies: Remember user settings and preferences
- Session Cookies: Temporary cookies that expire when the browser is closed
- Persistent Cookies: Cookies that remain on your device for a specified period
Cookie Management: You can control cookies through your browser settings, but disabling certain cookies may affect service functionality.
Third-Party Tracking: We do not use third-party tracking cookies or engage in cross-site tracking for advertising purposes.
Artificial Intelligence and Machine Learning
Our AI and ML services involve specific privacy considerations:
- Training Data: AI models may be trained on datasets that include personal data, subject to appropriate safeguards
- Automated Decision-Making: Some services may use automated decision-making processes with human oversight
- Data Minimization: We minimize the use of personal data in AI training and processing
- Bias and Fairness: We implement measures to detect and mitigate bias in AI systems
- Transparency: We provide information about how AI systems process personal data
- Human Review: Automated decisions affecting individuals are subject to human review when appropriate
Blockchain and Cryptocurrency Services
Services involving blockchain technology have unique privacy characteristics:
- Public Ledgers: Blockchain transactions are generally public and permanent
- Pseudonymity: Blockchain addresses provide pseudonymity but may be linked to identity
- Immutable Records: Data recorded on blockchain cannot be easily modified or deleted
- Network Analysis: Blockchain analysis may reveal transaction patterns and relationships
- Regulatory Compliance: Cryptocurrency services may require additional identity verification
- Privacy Coins: Some cryptocurrencies offer enhanced privacy features
Children's Privacy and Age Restrictions
Our services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children without parental consent:
- Age Verification: We implement age verification measures where appropriate
- Parental Consent: We obtain parental consent before collecting data from children
- Limited Collection: We minimize data collection from children to what is necessary
- Parental Rights: Parents can request access, correction, or deletion of their child's data
- Educational Services: Special provisions apply to educational use of our services
Data Protection Officer and Contact Information
Data Protection Officer: ORI.WTF has designated a Data Protection Officer (DPO) to oversee privacy compliance and serve as a point of contact for data protection matters.
Contact Information: For privacy-related inquiries, requests, or complaints, contact us at:
- Email: [email protected]
- Subject Line: "Privacy Inquiry" or "Data Protection Request"
- Response Time: We will respond within 30 days (or as required by applicable law)
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your privacy rights have been violated.
Privacy Policy Updates and Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements:
- Material Changes: Significant changes will be communicated through email, website notice, or in-app notification
- Minor Updates: Non-material changes will be posted on our website with updated effective dates
- Consent Requirements: Some changes may require renewed consent under applicable law
- Historical Versions: Previous versions of this Policy are available upon request
- Effective Date: Changes become effective immediately upon posting unless otherwise specified
Continued Use: Continued use of our services after changes constitutes acceptance of the updated Policy.
Compliance and Regulatory Framework
This Privacy Policy is designed to comply with applicable data protection laws and regulations:
- GDPR (EU): General Data Protection Regulation compliance for EU residents
- CCPA (California): California Consumer Privacy Act compliance for California residents
- PIPEDA (Canada): Personal Information Protection and Electronic Documents Act compliance
- LGPD (Brazil): Lei Geral de Proteção de Dados compliance
- PDPA (Singapore): Personal Data Protection Act compliance
- Other Jurisdictions: Compliance with applicable privacy laws in other regions
Industry Standards: We also adhere to industry best practices and standards for data protection and privacy.