Last Updated: October 20, 2025

Introduction

Welcome to Opendatabay Ltd ("Opendatabay", "we", "our", or "us"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, platform, or related services (collectively, the “Services”). We are committed to handling your personal data responsibly and transparently in compliance with UK GDPR and applicable data protection laws.

Information We Collect

We collect information directly and indirectly to provide our services effectively.

• Account and Identity Data: name, surname, nickname, email, organization, role, phone, profile picture, banner, social media links, website URL, and IP address. This data is collected directly and via third party applications such as (Auth0 by okta, Kinde, etc.).
• Login and Authentication Data: credentials via third-party login services (such as Google, GitHub, or similar) — we never store your passwords.
• Company Information (for Sellers): company name, address, registration ID, website, social media links, sales email, logo, banner, and related metadata. In some cases, additional verification documents (such as company incorporation papers or identity documents like passport or driving license) may be requested to confirm the identity of the seller or business owner. These documents are only used for verification purposes and may be shared with authorities if legally required.
• Usage and Analytics Data: session activity, dataset views, downloads, heatmaps, and interactions collected via analytics and tracking services (such as Google Analytics, Hotjar, Mixpanel, Vercel analytics, or similar).
• Payment Information: transaction IDs, billing address, and related identifiers provided by payment processors (such as Stripe, PayPal, GoCardless or similar). We never store your card numbers.
• Cookies and Tokens: session cookies and tokens used for secure authentication and account management.

How We Use Your Information

We use the data we collect to:

• Provide, operate, and maintain our Services.
• Authenticate users and secure accounts.
• Facilitate dataset uploads, purchases, and downloads.
• Improve our user experience, platform design and identify potential areas for enhancement.
• Process payments and payouts to sellers.
• Send important communications (e.g., account verification, deletion requests, assistance or service updates).
• Comply with legal obligations and prevent fraudulent or illegal activities.

Data Sharing and Disclosure

We only share data where necessary and in accordance with applicable laws.

• Service Providers: including cloud providers, payment processors, email services, analytics providers, and similar infrastructure partners (e.g., Google Cloud, Stripe, etc.).
• Data Providers: if a user contacts, interacts with premium datasets or purchases from a data provider, we may share their name, email, and interest details to enable direct communication and facilitate transactions.
• Legal Authorities: we may disclose data when required by law or to investigate suspected illegal activity.

Cookies and Tracking

We use cookies, session tokens, and analytics tools to understand user behaviour, improve performance, and enhance security. Users can manage or delete cookies through their browser settings.

Payments and Financial Data

All payments are processed securely through Stripe and PayPal. We receive transaction IDs and user billing information for verification and record-keeping purposes. For sellers, we may store payout details such as bank account information required for withdrawals.

Data Retention and Deletion

We retain user and dataset information only as long as necessary:

• User account data is deleted within 48 hours of a verified deletion request, but may be retained for up to 100 days for compliance and audit purposes.
• Deleted datasets are permanently removed from our systems; only minimal metadata may persist for up to 100 days.

International Data Transfers

Opendatabay serves users globally but operates under UK law. All personal data is processed in accordance with the UK GDPR, and any international data transfer is safeguarded through standard contractual clauses and equivalent protection mechanisms.

Security Measures

We use encryption, access control, HTTPS, and secure hosting environments to protect your data. Despite these measures, no online service can guarantee absolute security, but we work continuously to minimize risks.

User Rights

Under applicable laws, you have the right to access, correct, delete, or restrict processing of your personal data. You can request account deletion or data export by contacting us at support@opendatabay.com.

Children and Age Restrictions

Our Services are intended for users aged 18 and above. We do not knowingly collect data from minors. If you believe a child has provided information to us, please contact us immediately.

Communications and Marketing

We may contact you via email for account support, legal notifications, or important platform updates. Marketing emails are optional — users may unsubscribe at any time. Future newsletters or promotional communications will comply with GDPR consent requirements.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our operations or legal requirements. The updated version will always be available on this page with a revised “Last Updated” date.

Contact and Complaints

For any privacy concerns, contact our Data Controller or Data Protection Officer:

• Data Controller: Opendatabay Ltd
• Data Protection Officer: justin@opendatabay.com
• General Support: support@opendatabay.com

If you believe your data rights have been violated, you can contact the UK Information Commissioner’s Office (ICO) for assistance.