OSL Privacy

Privacy policy

Working draft. This privacy policy is a draft prepared for legal review. Final language will be reviewed by counsel before launch and may change. Last updated: May 2026.

What we collect, what we don't, and what we do with it.

What we collect #

We collect the minimum data needed to run the service:

  • Email address — if you provide one for launch notifications or paid-tier subscriptions.
  • Website analytics — none. We don't use Google Analytics, Plausible, or any third-party analytics service. We don't set tracking cookies.
  • Server logs — Cloudflare, our CDN, retains standard request logs (IP address, user agent, requested URL, timestamp) for a short period for security and abuse detection.
  • Payment information — if you subscribe to the paid tier via Stripe, Stripe receives your card details; we receive a customer ID and subscription status from Stripe, never the card number itself. If you pay via Bitcoin or Monero, the payment goes directly to an OSL-owned address with no third-party processor in between.
  • License validation — paid subscribers' OSL clients periodically check that their license is still active. These requests include the license key and a timestamp.

What we don't collect #

From within OSL itself, we collect nothing:

  • Your Discord messages or contacts. OSL never sends them off your computer.
  • Your encryption keys. They live on your device, encrypted at rest with your password.
  • Usage analytics. OSL doesn't phone home with telemetry.
  • Cross-site tracking via cookies.
  • Device identifiers or fingerprints from inside the application.

How we use what we collect #

  • Email — to send the launch notification you signed up for, or service-related notices if you're a paid subscriber. We don't sell, rent, or share your email with third parties. We don't run marketing campaigns to your address.
  • Payment data — to process your subscription and handle renewals, refunds, and cancellations. For Stripe-paid subscriptions this is a Stripe customer ID; for crypto-paid subscriptions this is an on-chain transaction reference and license key only.
  • License validation requests — to verify your paid tier is active. The validation server doesn't track which Discord servers you're in, who you talk to, or anything about your OSL usage beyond "this license is valid."
  • Server logs — for security and abuse detection only. We don't analyze them for marketing or analytics purposes.

Third parties #

We use the following third-party services:

  • Cloudflare — CDN and DDoS protection for oslprivacy.com.
  • Stripe — card payment processing for paid subscriptions. Bitcoin and Monero payments do not go through Stripe or any other payment processor.

We do not use Google Analytics, Facebook Pixel, ad-retargeting trackers, or any other cross-site tracking infrastructure.

Your rights #

If you're in the EU (GDPR) or California (CCPA), you have the right to:

  • Request a copy of any personal data we hold about you.
  • Request correction of that data.
  • Request deletion of that data.
  • Object to processing.
  • Withdraw consent at any time.

To exercise any of these rights, email OSLPrivacy@gmail.com. We'll respond within 30 days.

Contact #

For privacy questions, complaints, or data requests, email OSLPrivacy@gmail.com.