Privacy Policy

Last updated: March 24, 2026

1. Introduction

OpenDrift (“the Service”) is operated by the OpenDrift team (“we”, “us”, or “our”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2. Information We Collect

Account Information

When you sign in via GitHub or Google, we receive your name, email address, and profile image from the OAuth provider. We store this information to manage your account.

Prompts and Responses

We store the prompts you submit and the responses generated by AI models so you can access your history, collections, and shared links. Prompts and responses are associated with your account.

Billing Information

We track your credit balance and transaction history. Payment processing is handled by third-party providers (e.g., Stripe). We do not store your full credit card number or payment credentials.

API Keys

If you create API keys for the OpenDrift SDK, we store a hashed version of the key and a prefix for identification. The full key is shown only once at creation time.

Usage Data

We may collect basic usage data such as page views, feature usage, and error logs to improve the Service. We do not use third-party analytics trackers.

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity
  • To process billing and track credit balances
  • To store your prompt history and collections
  • To enable shared links when you choose to share a drift
  • To improve the Service and fix bugs
  • To communicate important changes to the Service

4. Third-Party Services

We share data with third parties only as necessary to provide the Service:

  • OpenRouter — Your prompts are sent to OpenRouter to generate responses. OpenRouter routes them to the model provider you selected. Refer to OpenRouter's privacy policy for how they handle data.
  • OAuth Providers (GitHub, Google) — Used for authentication only. We receive limited profile information as described above.
  • Payment Processors (Stripe) — Handles payment transactions. We do not store payment credentials.
  • Neon— Our database provider. Your data is stored on Neon's infrastructure.

5. Data Retention

We retain your account data, prompt history, and collections for as long as your account is active. If you wish to delete your account and associated data, please contact us. We will delete your data within 30 days of a verified request, except where retention is required by law.

6. Data Security

We take reasonable measures to protect your information, including encrypting data in transit (HTTPS) and at rest. API keys are stored as hashed values. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Export your data in a portable format

To exercise any of these rights, please contact us via the method described below.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please open an issue on our GitHub repository.