OpenKudos

Privacy Policy

Last updated: January 31, 2025

1. Introduction

This Privacy Policy explains how Open Growth Group INC ("we", "us", "our") collects, uses, and protects your information when you use OpenKudos.dev ("the Service"). This policy applies to all users of the Service, including workspace administrators and members.

2. Data We Collect

We collect the following categories of data:

  • Slack profile information: Your name, email address, and profile avatar, obtained through Slack OAuth.
  • Workspace information: Your Slack workspace name, domain, and team ID.
  • Recognition content: Kudos messages, award descriptions, Q&A posts, and points transactions you create through the Service.
  • Usage data: Information about how you interact with the Service, including features used and actions taken.
  • Technical data: IP address, browser type, device information, and access timestamps collected automatically when you use the Service.
  • Payment data: Billing information is processed by Stripe. We do not store your credit card number or full payment details on our servers. We receive only a confirmation of payment status and a reference to your Stripe customer account.

3. How We Use Your Data

We use the data we collect to:

  • Provide and operate the Service, including authenticating users, processing kudos and awards, and displaying leaderboards.
  • Send notifications related to recognition activity in your workspace (e.g., when you receive kudos).
  • Process payments and manage subscriptions through Stripe.
  • Improve the Service based on usage patterns and feedback.
  • Respond to support requests and communicate with you about your account.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on the following legal grounds:

  • Consent: When you authorize OpenKudos through Slack OAuth, you consent to our collection and use of your Slack profile and workspace data.
  • Contract performance: Processing is necessary to provide the Service you signed up for.
  • Legitimate interests: We process data to improve the Service, ensure security, and prevent abuse, where these interests are not overridden by your rights.

5. Data Sharing & Third Parties

We share your data with the following third parties:

  • Slack: We integrate with Slack to authenticate users, read workspace data, and send notifications. Slack's use of your data is governed by Slack's Privacy Policy.
  • Stripe: We use Stripe to process payments. Stripe's handling of your payment data is governed by Stripe's Privacy Policy.
  • Hosting providers: We use cloud infrastructure providers to host the Service. Your data may be stored on their servers.

We do not sell your personal data to anyone. We may disclose your data if required by law, regulation, or legal process.

6. Cookies

OpenKudos uses only essential cookies required for the Service to function:

  • Authentication token: To keep you signed in.
  • Session data: To maintain your session state.

We do not use marketing, advertising, or third-party tracking cookies.

7. Data Retention

We retain your data for as long as your workspace account is active and the Service is in use. If a workspace administrator disconnects their workspace from OpenKudos, we will delete all associated workspace data within 30 days, unless retention is required by law.

8. Your Rights (GDPR)

If you are in the EEA, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request your data in a machine-readable format.
  • Restrict processing: Request that we limit how we use your data.
  • Withdraw consent: You can revoke Slack OAuth access at any time through your Slack workspace settings.

To exercise any of these rights, contact us at hello@openkudos.dev.

9. Your Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: Request what personal information we collect and how we use it.
  • Right to access: Request a copy of your personal information.
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out of sale: We do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Data Security

We take reasonable measures to protect your data, including:

  • Encryption in transit using TLS for all connections to the Service.
  • Access controls to limit who within our organization can access your data.
  • Stripe PCI DSS compliance for all payment processing.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Transfers

Your data is stored and processed in the United States. If you are accessing the Service from outside the US, your data will be transferred to the US. For users in the EEA, we rely on Standard Contractual Clauses or other appropriate safeguards to ensure your data is protected in accordance with GDPR requirements.

12. Children's Privacy

OpenKudos is designed for workplace use and is not directed at children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact

If you have questions about this Privacy Policy or your data, contact us at hello@openkudos.dev.