We collect information directly and indirectly to provide our services effectively.

Account and Identity Data: name, surname, nickname, email, organization, role, phone, profile picture, banner, social media links, website URL, and IP address. This data is collected directly and via third party applications such as Auth0 by Okta, Kinde, etc.

Login and Authentication Data: credentials via third-party login services (such as Google, GitHub, or similar) - we never store your passwords.

Company Information (for Sellers): company name, address, registration ID, website, social media links, sales email, logo, banner, and related metadata. Additional verification documents may be requested (e.g., incorporation papers, passport, driving license).

Usage and Analytics Data: session activity, dataset views, downloads, heatmaps, and interactions collected via analytics and tracking services (such as Google Analytics, Hotjar, Mixpanel, Vercel analytics, or similar).

Payment Information: transaction IDs, billing address, and related identifiers provided by payment processors (such as Stripe, PayPal, GoCardless or similar). We never store your card numbers.

Cookies and Tokens: session cookies and tokens used for secure authentication and account management.

We use the data we collect to:

• Provide, operate, and maintain our Services.

• Authenticate users and secure accounts.

• Facilitate dataset uploads, purchases, and downloads.

• Improve our user experience, platform design, and identify potential areas for enhancement.

• Process payments and payouts to sellers.

• Send important communications (e.g., account verification, deletion requests, assistance or service updates).

• Comply with legal obligations and prevent fraudulent or illegal activities.

We only share data where necessary and in accordance with applicable laws.

Service Providers: including cloud providers, payment processors, email services, analytics providers, and similar infrastructure partners (e.g., Google Cloud, Stripe, etc.).

Data Providers: if a user contacts, interacts with listed data products, or purchases from a data provider, we may share their name, email, and interest details to enable direct communication and facilitate transactions.

Legal Authorities: we may disclose data when required by law or to investigate suspected illegal activity.

By using Opendatabay, you acknowledge and agree that the data you generate and we collect may be used, processed, and shared with third-party partners and marketplaces for the purposes of training, fine-tuning, and evaluating Artificial Intelligence (AI), Machine Learning (ML), and Large Language Models (LLMs). This data usage is intended to both improve our services and for commercialisation and monetisation purposes. To protect your privacy, we commit to implementing commercial best practices and reasonable technical measures to filter and exclude personally identifiable information (PII) and special category sensitive data prior to sharing this data for AI training, ensuring full compliance with applicable data protection laws (including GDPR) and relevant AI regulations (such as the EU AI Act).

We use cookies, session tokens, and analytics tools to understand user behaviour, improve performance, and enhance security. Users can manage or delete cookies through their browser settings.

All payments are processed securely through Stripe and PayPal. We receive transaction IDs and user billing information for verification and record-keeping purposes. For sellers, we may store payout details such as bank account information required for withdrawals.

We retain user and dataset information only as long as necessary:

• User account data is deleted within 48 hours of a verified deletion request, but may be retained for up to 100 days for compliance and audit purposes.

• Deleted datasets are permanently removed from our systems; only minimal metadata may persist for up to 100 days.

Opendatabay serves users globally but operates under UK law. All personal data is processed in accordance with the UK GDPR, and any international data transfer is safeguarded through standard contractual clauses and equivalent protection mechanisms.

We use encryption, access control, HTTPS, and secure hosting environments to protect your data. Despite these measures, no online service can guarantee absolute security, but we work continuously to minimize risks.

Under applicable laws, you have the right to access, correct, delete, or restrict processing of your personal data. You can request account deletion or data export by contacting us at support@opendatabay.com.

Our Services are intended for users aged 18 and above. We do not knowingly collect data from minors. If you believe a child has provided information to us, please contact us immediately.

We may contact you via email for account support, legal notifications, or important platform updates. Marketing emails are optional - users may unsubscribe at any time. Future newsletters or promotional communications will comply with GDPR consent requirements.

Opendatabay ensures GDPR compliance through the following measures:

• Users provide consent to data processing by accepting the Privacy Policy and Terms of Service; platform access is not allowed without agreement.

• Legal bases for processing personal data (such as contract, consent, or legitimate interest) are established for all data categories.

• Profiling or automated decision-making, including AI recommendations or analytics, is disclosed, and users’ rights in this context are protected.

• Data breach notification procedures comply with GDPR requirements.

• All third-party processors have GDPR-compliant agreements and safeguards in place.

This Agreement is governed by the laws of England and Wales, without regard to conflict of law principles. Any disputes arising out of or relating to this Agreement shall be resolved exclusively in the courts of London, England.

Opendatabay reserves the right to update these terms at any time; continued use constitutes acceptance.

For any concerns, contact our Data Controller or Data Protection Officer:

• Data Controller: Opendatabay Ltd

• Data Protection Officer: justin@opendatabay.com

• General Support: support@opendatabay.com

If you believe your data rights have been violated, you can contact the UK Information Commissioner’s Office (ICO) for assistance.