Legal

Privacy Policy

opub collects only what it needs to run the service. We don't sell your data, we don't track you across the web, and we never see your prompts or model responses.

Last updated: May 2026

1. What we collect

GitHub account information

When you sign in with GitHub, we receive your GitHub username, display name, GitHub user ID, public profile URL, and an email address when GitHub provides one. This is used to create and identify your account. We do not request access to your repositories, code, or private data beyond what GitHub's OAuth scope provides.

Donation and payment records

When you donate, we store the donation amount, currency, the project it was directed to, and references to Stripe transaction identifiers. We do not store credit card numbers or full payment details — those are handled exclusively by Stripe on their infrastructure. Stripe billing email is stored privately on the checkout session and may fill a blank account email; it is never public donor attribution.

Page analytics

We run our own analytics to understand how the site is used. We record the page path visited, HTTP method, response status, the referring site's domain (not full URL), and a general browser family identifier (for example, "Chrome" or "Firefox"). We do not store IP addresses. If you are signed in, your user ID is associated with the page view. Analytics are retained for 90 days.

Blog and email subscriptions

If you subscribe to blog updates, we store your email address in our email delivery service (Resend) for the purpose of sending you updates. You can unsubscribe at any time using the link in any email we send.

Session data

We use a session cookie to keep you signed in. This cookie contains an encrypted session identifier and is not used for tracking across other websites.

2. How we use your data

  • To authenticate you and operate your account
  • To process and record donations to the projects you choose
  • To verify your GitHub repository access when you claim a project
  • To provision and track compute keys associated with your verified projects
  • To display public donation attribution if you have enabled it in your dashboard
  • To send transactional emails such as welcome emails and project funding notifications
  • To send blog updates, if you subscribed
  • To understand aggregate usage patterns on the site through our own analytics

We do not use your data to build advertising profiles, engage in behavioural tracking, or make automated decisions that significantly affect you.

3. What we never do

  • We never observe, log, or store prompt content, model responses, code, diffs, or files you send through compute keys. Prompt and response data flows directly between your agent and OpenRouter's infrastructure.
  • We never sell, rent, or trade your personal data to third parties.
  • We never store credit card numbers or full payment details.
  • We never store IP addresses in our analytics.
  • We never place third-party tracking or advertising cookies on your device.

4. Third-party services

opub relies on the following services to operate. Each has its own privacy practices that apply to data processed on their infrastructure:

  • GitHub — account authentication and repository verification. GitHub's privacy policy governs your GitHub account data.
  • Stripe — payment processing. Card details are entered directly on Stripe's hosted checkout and are never transmitted to opub. Stripe's privacy policy governs payment data.
  • OpenRouter — compute key provisioning and model access routing. Prompt and response data is processed under OpenRouter's terms. OpenRouter's privacy policy governs data on their infrastructure.
  • Resend — transactional and subscription email delivery. Your email address is shared with Resend for the purpose of sending emails. Resend's privacy policy applies.
  • Fly.io — infrastructure and hosting. Application data is stored on servers operated by Fly.io.

5. Data retention

  • Analytics page views — deleted after 90 days.
  • Account data — retained while your account is active. Deleted upon account deletion request.
  • Donation records — retained for financial record-keeping purposes even after account deletion, as required to maintain accurate project ledgers.
  • Email subscriptions — retained until you unsubscribe.

6. Your choices

Public attribution — Donation attribution is private by default. You can enable or disable public attribution per donation in your donations dashboard.

Email subscriptions — Use the unsubscribe link in any email, or contact us to be removed.

Account deletion — To delete your account or request a copy of your data, email hello@opub.dev. We will respond within a reasonable timeframe. Note that donation records tied to project ledgers may be retained in anonymised form after deletion.

7. Security

opub uses HTTPS for all connections, encrypts session data, and applies access controls to sensitive data. Compute keys are single-use secrets displayed once and stored in encrypted form. We follow reasonable security practices to protect your data, but no system is perfectly secure. If you believe you have found a security issue, please contact hello@opub.dev.

8. Changes to this policy

If we make material changes to how we handle your data, we will update the date at the top of this page. Continued use of the service after a change constitutes acceptance of the updated policy.

9. Contact

For privacy questions, data requests, or concerns: hello@opub.dev.