Legal
Privacy Policy
Effective date: April 11, 2026
1. What we collect
When you create an account, we collect your email address and, if you provide it, your name. When you use OpenWrld, we collect the company brief and context you enter, queries you submit to the research pipeline, and any data sources you connect. We also collect standard server logs including IP addresses, browser type, and pages visited.
2. How we use it
We use your data exclusively to provide and improve the OpenWrld service — running your research pipeline, building your business world model, and surfacing recommendations. We do not sell your data to third parties. We do not use your company data to train shared models.
3. Data storage
Your data is stored on cloud infrastructure in the United States. We use AES-256 encryption at rest and TLS 1.2+ in transit. Access is restricted to authorised OpenWrld personnel on a need-to-know basis. We do not operate on-premise infrastructure — all compute and storage is managed through SOC 2-compliant cloud providers.
4. Sub-processors
OpenWrld uses the following sub-processors to deliver the service. Each processes data only to the extent necessary for their specific function and is bound by data processing agreements consistent with this policy.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | United States |
| Vercel | Application hosting & compute | United States |
| Anthropic | LLM inference (AI features) | United States |
5. AI and large language models
OpenWrld uses Anthropic's Claude API to power AI features including summaries, briefings, and research responses. When you use these features, relevant context from your session is sent to Anthropic solely to generate a response.
Anthropic processes API requests with zero data retention — your inputs and outputs are not logged or stored by Anthropic beyond the immediate inference request, and are never used to train shared models.
OpenWrld does not retain raw LLM prompt or response payloads after a session ends. Derived outputs (summaries, briefings) may be stored in your account for the duration of your subscription.
6. Data retention
We retain your data for the duration of your active subscription plus 30 days following account termination, after which all associated data is permanently deleted from production systems.
Backup copies are purged on a rolling 30-day cycle. We may retain data longer where required by applicable law.
7. Data deletion requests
You may request deletion of your data at any time by emailing hello@openwrld.ai or through your account settings. Upon receipt, we will: (1) verify your identity, (2) permanently delete all associated data — including OAuth tokens, connected source data, and derived insights — from production systems within 7 business days, and (3) confirm deletion in writing. Deletion requests are also forwarded to relevant sub-processors in accordance with their data processing agreements.
8. Your rights
You have the right to access, correct, or delete the personal data we hold about you. You may also request a copy of your data in a portable format. To exercise any of these rights, contact us at hello@openwrld.ai.
9. Cookies
We use a single session cookie to keep you logged in. We do not use advertising or tracking cookies. We do not use analytics that profile individual users.
10. Changes to this policy
If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.
11. Contact
Questions about this policy? Reach us at hello@openwrld.ai.