privacy should be legible.

openhawk is operated by the openhawk business entity responsible for this website and product. Until a formal company name, postal address, and data protection contact are published, privacy requests can be sent to privacy@openhawk.eu.

When you use the landing page or join the waitlist, we collect:

• email address;
• role or domain;
• operating system;
• the tool or workflow where you get stuck;
• terms/privacy consent ID, policy versions, timestamp, and analytics choice;
• marketing consent choice, consent timestamp, and source;
• page URL, referrer, and UTM campaign parameters;
• browser/user-agent and a hashed IP address for abuse defense.

We do not intentionally collect passwords, secrets, payment card data, health data, biometric data, children's data, or third-party confidential information through the waitlist form. Please do not submit those categories.

If you choose to use the openhawk app, the product may process screen context so it can guide you where you are working. That may include screenshots, screen text, app/window metadata, workflow context, prompts, spoken or typed questions, model outputs, diagnostics, and crash logs.

Product builds should make capture visible, user-initiated, and controllable. Future product notices will describe what is local, what leaves the device, retention periods, deletion controls, and which AI or cloud providers process the data.

• manage the waitlist and early access program;
• contact you about product research, launch updates, and marketing;
• understand which workflows and operating systems to prioritize;
• measure landing page performance and campaign attribution;
• protect the site against spam, abuse, and security incidents;
• comply with legal obligations.

We do not sell personal information. If that changes, this policy must change first.

We use PostHog for analytics only after you accept analytics cookies. PostHog may collect page views, referrers, device/browser metadata, click events, dead-click signals, and session replay data. Form inputs are masked before replay capture.

You can decline analytics in the consent modal. Essential server logs and consent records may still be processed for security, debugging, fraud prevention, and legal compliance.

Joining the waitlist includes consent to receive openhawk early access, product research, launch, and build updates. We may use an email provider such as Resend to send those messages. You can unsubscribe or ask us to delete your waitlist record at any time.

openhawk may use AI model providers, cloud hosting providers, analytics providers, email providers, and database providers to provide and improve the service. These processors may process data on our behalf under their own data processing terms.

Public AI provider commitments vary. For example, commercial API offerings from major providers generally distinguish customer API data from consumer chatbot data, and may retain abuse logs for limited periods. We will name specific model providers before the product relies on them for screen/context processing.

• waitlist and early access requests: pre-contract steps or legitimate interests;
• marketing emails: consent, with the right to withdraw;
• analytics cookies and session replay: consent;
• security logging and abuse prevention: legitimate interests;
• legal recordkeeping: legal obligation.

• waitlist records: until launch plus up to 24 months, unless you ask us to delete them sooner;
• terms/privacy and marketing consent logs: as long as needed to prove compliance;
• security logs: typically 30-90 days unless needed for abuse, security, or legal reasons;
• analytics data: according to PostHog project retention settings;
• future screen/context data: to be minimized and documented before collection.

Some service providers may process data outside your country, including outside the EEA/UK. Where required, we rely on recognized safeguards such as adequacy decisions, Data Privacy Framework participation, data processing agreements, and Standard Contractual Clauses.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, port your data, withdraw consent, and complain to a supervisory authority.

Send requests to privacy@openhawk.eu. We may need to verify your identity before acting on a request.

openhawk is not directed to children. You must be at least 18, or the age required to enter a binding agreement in your country, to use the site or product.

We use reasonable technical and organizational safeguards, including HTTPS, access controls, least-privilege operational access, and vendor review. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur.