Openwater Privacy Policy

 

Openwater Privacy Policy

Last updated March 25, 2026 

Privacy Statement

Openwater (“we,” “our,” or “us”) is an open source medical technology company dedicated to building community-driven innovation in medical research and related fields. This Privacy Policy explains how we collect, use, and protect information from visitors (“users,” “you”) who access our website or communicate with us through online forms, support tickets, community interfaces, or reservation requests.

We are committed to transparency about what data we collect, how we use it, and how users can control their privacy preferences.

Definitions

  • Personal Data:   Information that can identify a specific individual, such as name, email address, or phone number.
  • Cookies:  Small files stored on your device that help websites remember preferences and analyze usage for improvement. 
  • Third Party:  Any external company or service provider (e.g., HubSpot, Google Analytics) that interacts with user data through our website.
  • Website:  Openwater’s official online platform, including openwater.cc and related branded subdomains.
  • Data Processor: A third party that processes personal data on our behalf under written instructions and a data processing agreement. 
  • Controller: The entity that determines the purposes and means of processing personal data. Openwater acts as controller for data collected through this website. 

Business Use Context

Our website and services are primarily intended for business, research, and professional users. We do not target individual consumers for personal, household use of products.
 

Table of Contents

  • The Data We Collect
  • How We Obtain Data
  • How We Use Data
  • Legal Bases for Processing (EU/UK Users)
  • Data Retention and Storage
  • Third-Party Sharing and International Transfers
  • Cookies and Tracking Technologies
  • User Preferences and Rights
  • Your Privacy Rights by Region
  • Data Security
  • Children's Privacy
  • Changes to this Policy
  • Contact Information

The Data We Collect

When you interact with our website, we may collect:

  • Name, email address, and phone number when voluntarily submitted through contact forms, account registration, or support tickets.
  • Information submitted in connection with product reservations or expressions of interest.
  • Technical information through Google Analytics, which may include IP addresses (anonymized where technically feasible), browser type, operating system, duration of site visits, and navigation patterns. 
  • Cookie-related information that helps us improve site functionality and understand user engagement.

We do not collect personally identifiable health information or any sensitive medical data through this website.

We request that users do not submit sensitive personal information (including health or medical data) through website forms. If such information is submitted, it will be handled in accordance with applicable law and deleted where appropriate.

If you participate in research studies or clinical programs, separate consent processes and privacy notices will apply. 

How We Obtain Data

We collect information in the following ways:

  • User-provided data: Entered through web forms, community participation, support ticket submissions, or reservation requests.
  • Automated collection:  Data passively gathered by analytics tools such as Google Analytics and cookies.
  • Third-party integrations: Through platforms like HubSpot CRM and Google Analytics, which may capture web usage and engagement patterns as data processors acting on our instructions. 

When you first visit our site, you will see a cookie banner allowing you to accept or reject non-essential cookies (analytics and performance cookies). You can change your preferences at any time using the “Cookie Settings” link in our website footer. Strictly necessary cookies required for basic site functionality cannot be disabled. 

How We Use Data

We use collected data to:

  • Improve website performance, structure, and usability.
  • Respond to user inquiries and provide customer or community support.
  • Process and manage product reservations or expressions of interest. 
  • Communicate with users regarding reservations, product availability, and related updates. 
  • Deliver relevant communications and updates to users who have opted in. 
  • Analyze engagement and website traffic to inform product and feature development. 
  • Support general compliance and operational monitoring efforts.

We do not use data for automated decision-making, user profiling, or personalized health-related marketing.

We do not “sell” or “share” personal information collected through this website as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell or share personal information for cross-context behavioral advertising as defined under CCPA/CPRA.

Each processing activity described above is carried out under the appropriate legal basis depending on the nature of the interaction (e.g., consent for cookies, contractual necessity for reservations, and legitimate interests for analytics and security).

Legal Basis for Processing (UK/EU Users)

If you are located in the European Union, United Kingdom, or European Economic Area, we process your personal data based on the following legal grounds:

  • Consent: For non-essential cookies and marketing communications (you may withdraw consent at any time). 
  • Legitimate interests: For limited website analytics, fraud prevention, and security monitoring, where permitted by applicable law and where our interests do not override your fundamental rights.
  • Contractual necessity: To respond to your support requests and fulfill services you request from us, including reservation-related communications. 
  •  Legal obligation: To comply with applicable laws and regulations.  

Data Retention and Storage

Openwater retains user data only as long as necessary to fulfill the purpose for which it was collected or until a user requests deletion, subject to legal or legitimate business requirements.

Typical retention periods include:

  • Contact form submissions: Up to 3 years from date of submission, unless you request earlier deletion.
  • Analytics data: Retained according to Google Analytics settings (currently 14 months for user‑level data).
  • Marketing communications data: Until you unsubscribe or request deletion.
  • Security logs: Up to 12 months for security and fraud prevention purposes. 

Data is securely stored in the cloud, using host-level protections and encryption supported by our service providers. Where technically feasible, we anonymize or de-identify collected data to reduce privacy risks. 

Some data may be retained longer where required by law, for dispute resolution, to enforce our agreements, or for other legitimate business purposes. 

Third-Party Sharing and International Transfers

Third-Party Sharing
We work with a limited number of trusted third-party data processors:

  • HubSpot (customer relationship management and communication platform)
  • Google Analytics (traffic and engagement analytics) 

These service providers process data on our behalf under written data processing agreements and are contractually required to protect your information and use it only for the purposes we specify. While we require our service providers to protect your data, we are not responsible for their independent privacy practices.

We do not sell or disclose personal data to third parties for advertising purposes. 

International Data Transfers
 Your personal data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the EU/UK to countries not deemed adequate by the European Commission or UK authorities, we rely on appropriate safeguards including:
 Standard Contractual Clauses (SCCs) approved by the European Commission.
 Data Processing Agreements (DPAs) with our vendors that incorporate SCCs and additional security measures.

 In the case of transfers to the United States, the EU‑U.S. Data Privacy Framework for certified organizations where applicable.

You may request a copy of the relevant transfer mechanism by contacting us at privacy@openwater.cc.

EU/UK Representative
 We assess our obligations under Article 27 GDPR and UK GDPR on an ongoing basis and will appoint an EU or UK representative if required. 

Cookies and Tracking Technologies 

We use cookies and similar tracking technologies to improve your experience on our website and analyze site performance.  We rely on user consent for analytics and non-essential cookies in jurisdictions where required.

Types of Cookies We Use
Strictly Necessary: Required for basic site functionality, security, and navigation.
Analytics & Performance: Google Analytics cookies that help us understand how visitors use our site (IP anonymized).

Managing Your Cookie Preferences
When you first visit our site, a cookie banner will appear allowing you to accept or reject non-essential cookies. You can change your preferences at any time using the “Cookie Settings” link in the website footer. You can also manage cookies through your browser settings, though this may affect site functionality. Rejecting analytics cookies will not impact your ability to use our website.

Google Analytics Configuration
 We have configured Google Analytics with privacy‑protective settings including IP address anonymization and limited data retention periods (14 months for user‑level data). Google Analytics does not collect personally identifiable information through our implementation.

User Preferences and Rights

Users can manage their privacy choices in the following ways:

  • Cookie Preferences: Set cookie settings via the cookie banner on your first visit or through the “Cookie Settings” link available in the website footer. 
  • Email Preferences: Unsubscribe or adjust marketing preferences using the links in our emails or by contacting privacy@openwater.cc.
  • Data Requests:  Request access, correction, or deletion of data by contacting us in writing at privacy@openwater.cc. We will respond to verified requests within 45 days (or as otherwise required by applicable law). 

We may request information such as email verification or prior interaction details to confirm your identity before fulfilling certain data requests.

Users may also choose to withhold any optional information when engaging with our site.

Please note that some data may be retained after deletion requests where required by law or for legitimate business purposes such as fraud prevention, security monitoring, or legal holds.

Your Privacy Rights by Region

Categories of Personal Information Collected (California)
 Under CCPA/CPRA, we collect the following categories of personal information:

  • Identifiers (e.g., name, email address, phone number)
  • Internet or network activity information (e.g., website usage, analytics data)
  • Inferences drawn from usage data (limited to improving website functionality and user experience)

For Users in the European Union, United Kingdom, and European Economic Area 

Under the General Data Protection Regulation (GDPR) and UK GDPR, you have the following rights: retention periods include:

  •  Right of access: Request confirmation of whether we process your personal data and obtain a copy. 
  •  Right to rectification: Request correction of inaccurate or incomplete personal data. 
  • Right to erasure: Request deletion of your personal data in certain circumstances. 
  • Right to restriction: Request that we limit how we use your personal data.
  • Right to data portability: Receive your personal data in a structured, machine‑readable format and request that we transmit it to another controller where technically feasible.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint: File a complaint with your local data protection authority if you believe we have violated your rights.

To exercise these rights, contact us at privacy@openwater.cc.

For Users in California
 Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of third parties with whom we share it.
  • Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt out: Opt out of the “sale” or “sharing” of personal information. (We do not sell or share personal information as defined by CCPA/CPRA through this website.)
  • Right to limit use of sensitive personal information: Limit use and disclosure of sensitive personal information. (We do not collect sensitive personal information as defined by CCPA/CPRA through this website.)
  • Right to non-discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

To submit a request or designate an authorized agent, contact us at privacy@openwater.cc or call +1 (415) 484‑3776. We will verify your identity before processing requests and respond within 45 days.

Do Not Track Signals
 Our website does not currently respond to Do Not Track (DNT) browser signals. You can control tracking primarily through our cookie banner, cookie settings, and your browser controls.

Data Security

We use commercially reasonable technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:
 Encryption of data in transit (HTTPS/TLS) and at rest where supported by service providers.
 Host-level security protections provided by our cloud service providers.
 Access controls limiting employee and contractor access to personal data on a need‑to‑know basis.
 Regular review of data processing practices and vendor security postures.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Children's Privacy

Our website is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will delete it promptly. If you believe we have collected information from a child under 16, please contact us at privacy@openwater.cc.

Changes to this Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy. 
  • Post the revised policy on our website. 
  • For material changes that significantly affect your rights, provide additional notice (such as email notification to registered users or a prominent notice on our website).

We encourage you to review this Policy periodically to stay informed about how we protect your information. 

Contact Information

For any questions, concerns, or requests regarding privacy or data handling, please contact us at:

Email: privacy@openwater.cc
 Phone (California residents): +1 (415) 484‑3776

We are based in San Francisco, CA, United States.