Privacy statement

We treat data as hospitality.

Privacy is not an afterthought bolted onto research or immersive experiences. It is part of the service blueprint. Every form, project brief, or analytic signal is considered property temporarily entrusted to us so that we can respond with care and accountability.

Last updated · March 2024

Signals we collect

Only the signals that help us run op-site and reply to people raising their hand are captured. We do not broker or rent data.

  • Contact details you submit through our forms or direct outreach (name, role, email, brief narrative).
  • Operational metadata such as IP address, browser, and device characteristics collected by our hosting and analytics providers for security.
  • Project material you optionally share so we can scope an engagement or offer a point of view.

How we use them

Processing is narrow, specific, and tied to the consented context in which the data was provided.

  • Responding to inbound messages and structuring potential collaborations.
  • Maintaining platform reliability, debugging outages, and defending against abuse.
  • Producing anonymized, aggregate reports that help us evaluate demand without exposing individuals.

When we share data

We only share data with service providers that help us operate this site or fulfill a request, all bound by confidentiality obligations.

  • Infrastructure partners such as Vercel, Supabase, and email delivery platforms.
  • Advisors or collaborators who need context to deliver an engagement, only after aligning on use and security posture.
  • Regulators or law enforcement if legally compelled, after assessing the scope of the order and pushing for the narrowest disclosure possible.

Commitments

Retention

We delete inquiry data when it is no longer active or when asked. System logs rotate automatically and are generally removed within 30 days.

International transfers

Servers may sit in the United States or European Union. Regardless of location, data receives equivalent contractual protections.

Security

Access to sensitive systems is limited to a small set of operators with hardware-backed authentication. We monitor for unusual access and rehearse incident response.

Your agency

Email tom@openpeople.me to request access, correction, deletion, or to lodge a concern. We reply within 72 hours and never retaliate for a privacy request.

Children

The studio works with professionals. We do not knowingly collect information from anyone under 16, and we will purge such data if discovered.

Questions

If you believe data has been mishandled, pause and write us immediately at tom@openpeople.me. We will investigate, share our findings, and evolve the practice in public where possible.