Last updated: January 1, 2026 ยท OpenFetch
OpenFetch ("we", "us", or "the Service") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
By using OpenFetch, you agree to the collection and use of information as described in this policy.
URL data: When you submit a URL for scanning, we process the URL and its publicly accessible content to generate an analysis report. We do not store the raw HTML beyond the processing window.
Scan results: Aggregated, anonymized scores and metadata (domain name, score, timestamp) may be retained in our database to power the public registry and leaderboard.
API keys: If you register as a partner, we store your API key hash and usage statistics. We do not store full plaintext keys after initial generation.
Technical logs: Standard server logs (IP addresses, request timestamps) are retained for up to 30 days for security and abuse-prevention purposes only.
We do not collect: names, email addresses, phone numbers, payment information, government identifiers, or any other personally identifiable information (PII) unless you voluntarily provide it for partner registration.
We do not use browser fingerprinting, behavioral tracking, or cross-site tracking technologies.
Data collected is used solely to: (a) generate and display your scan report; (b) power the public registry and leaderboard; (c) improve the accuracy and coverage of our scoring algorithms; and (d) prevent abuse.
We do not sell, rent, or otherwise transfer your data to third parties for marketing or commercial purposes.
All data is transmitted using industry-standard TLS encryption (SSL). Our database is hosted on isolated, access-controlled infrastructure. We apply principle-of-least-privilege access controls to all internal systems.
Scan reports stored in the database contain only domain names and scores โ no raw page content or visitor identifiers.
Scan records are retained indefinitely in aggregate form to power the public registry. You may request deletion of any scan record associated with a domain you control by contacting us via the platform.
Technical logs are purged after 30 days.
We use browser localStorage only to remember your acceptance of our Terms of Service across sessions. We do not use third-party cookies or advertising trackers.
The Service uses AI inference APIs to generate analysis summaries. Scanned URLs and extracted text snippets may be sent to AI providers for processing under their respective privacy policies. We minimize data sent to only what is necessary for analysis.
You have the right to: (a) know what data we hold about your domain; (b) request deletion of scan records; (c) opt out of public registry listing. To exercise these rights, use the manage interface or contact us via the platform documentation.
The Service is not directed to children under 13. We do not knowingly collect data from children.
We may update this Privacy Policy periodically. We will update the "Last updated" date at the top. Continued use of the Service constitutes acceptance of the revised policy.
For privacy-related questions, please use the contact information available in the platform documentation or the Docs page.