Privacy Policy

Last updated: March 23, 2026

1. Information We Collect

Account information

When you create an account, we collect your email address and authentication provider details (Google or GitHub profile). If you complete a publisher profile, we store your chosen username, display name, bio, website, and GitHub username.

Published content

Skills you publish are stored on our servers along with metadata including content hashes, version history, and timestamps. Published skills are publicly accessible by design.

Usage data

We collect aggregate usage statistics including skill pull counts, search queries, and API usage. We use IP-based rate limiting but do not store IP addresses permanently.

2. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and protect your account
  • To display your publisher profile and published skills
  • To calculate reputation scores and trust tiers
  • To detect plagiarism and enforce content policies
  • To send transactional emails (account verification, webhook notifications)
  • To generate aggregate analytics (trending skills, coverage stats)

3. Information Sharing

We do not sell your personal information. We share data only in these cases:

  • Public content: Published skills, publisher profiles, ratings, and reputation scores are publicly visible by design
  • Service providers: We use Supabase (database/auth), Cloudflare (hosting/CDN), OpenAI (embeddings), and Google Analytics (usage analytics) to operate the Service
  • Legal requirements: We may disclose information if required by law or to protect rights and safety

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies. All connections use TLS encryption. Authentication tokens are managed by Supabase Auth with industry-standard security practices.

5. API Keys

API keys you generate are stored securely. Key secrets are shown only once at creation time. We store a hashed version for authentication. You can revoke API keys at any time from your settings.

6. Cookies & Analytics

We use essential cookies for authentication session management. We use Google Analytics (via Google Tag Manager) to collect aggregate, anonymized usage data such as page views, feature usage, and general traffic patterns. Google Analytics may set cookies to distinguish unique users and sessions. We do not use advertising cookies or share analytics data with third parties for advertising purposes.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Your Rights

You have the right to:

  • Access your personal data
  • Update or correct your profile information
  • Delete your account and associated data
  • Export your published skills
  • Revoke API keys and webhook subscriptions

To exercise these rights, contact us or use the settings page in your dashboard.

8. Data Retention

Account data is retained while your account is active. Published skills remain available after account deletion to preserve the integrity of the registry (skills may be depended on by other skills or agents). You can unpublish individual skills before deleting your account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related questions, contact us at theopenbooklet@gmail.com.

Privacy Policy — OpenBooklet