OE

Legal

Privacy Policy (Callers)

Effective date: 18 January 2026

1. Who we are

Open Ears is the controller for personal data processed through the Open Ears callers website. If you have questions, you can contact us via our contact form.

2. What we collect

Depending on how you use the service, we may collect:

  • Account and profile data (e.g., name, email, password hash, preferences).
  • Call and usage metadata (e.g., time, duration, the member you connected with, billing events).
  • Messages and reports you send to us (e.g., support requests, safety reports).
  • Device and technical data (e.g., IP address, user agent, approximate location inferred from IP).
  • Push notification subscription data if you enable notifications.

Open Ears does not record calls. We do not intentionally store the audio/video content of conversations.

3. Cookies and similar technologies

We use cookies and local storage for essential functionality (such as security and session management). With your consent, we may also use analytics and marketing cookies.

You can change your preferences at any time using the “Cookie settings” link in the footer.

4. Analytics and monitoring

If you consent to analytics cookies, we may use PostHog to understand how the website is used (including optional session replay of website interactions with input masking). We also use Sentry to monitor errors and performance to keep the service reliable.

These tools are used for website analytics and stability and are not used to record calls.

5. Why we process your data (legal bases)

  • Contract: to provide the service, manage your account, and facilitate calls and billing.
  • Legitimate interests: to prevent fraud/abuse, ensure security, and improve reliability.
  • Consent: for analytics/marketing cookies and related tracking where required.
  • Legal obligation: to comply with accounting, tax, and regulatory requirements where applicable.

6. Who we share data with

We share personal data with service providers who help us operate Open Ears. This may include:

  • Infrastructure and database providers (e.g., Supabase).
  • Error monitoring and performance providers (e.g., Sentry).
  • Analytics providers (e.g., PostHog) when you consent.
  • Payment processors and financial partners when you purchase paid services.

We do not sell personal data.

7. International transfers

Our service providers may process data in countries outside your own. Where required, we use appropriate safeguards such as contractual protections.

8. Data retention

We retain personal data for as long as needed to provide the service and meet legal requirements. Typical retention includes:

  • Account data: for the life of your account, then deleted or anonymized within a reasonable period after closure.
  • Billing/transaction records: retained as required by law (often several years).
  • Security and audit logs: retained for limited periods (e.g., weeks to months) unless needed for investigations.

9. Your GDPR rights

If you are in the EEA/UK (and in other regions with similar laws), you may have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing, and request data portability.
  • Withdraw consent at any time (e.g., for analytics cookies) without affecting prior processing.
  • Lodge a complaint with your local supervisory authority.

To exercise rights, contact us via the contact form.

10. Security

We implement technical and organizational measures designed to protect your data. No system is perfectly secure, so please use strong passwords and keep your account credentials confidential.

11. Changes

We may update this policy from time to time. If changes are significant, we will provide notice through the website.