Privacy Policy
Last updated: April 4, 2026
OpenLakes, Inc. ("OpenLakes", "we", "us", or "our") operates the OpenLakes Harbor platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service.
1. Information We Collect
Information you provide
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication, notifications |
| Name | Display in dashboard and organization membership |
| Password (hashed) | Authentication |
| Organization name | Multi-tenant workspace management |
| Payment information | Billing for paid workspaces (processed by Stripe) |
Information collected automatically
| Data | Purpose |
|---|---|
| IP address | Security, rate limiting, abuse prevention |
| Browser type and version | Compatibility and debugging |
| Pages visited and actions taken | Analytics and product improvement |
| Timestamps of access | Security auditing and session management |
Your Data (lakehouse content)
Data you ingest, upload, or create within your workspaces ("Your Data") is stored in your isolated workspace environment. We do not access, analyze, or use Your Data except as necessary to provide the Service (e.g., executing queries you initiate, running connectors you configure).
2. How We Use Your Information
- Provide the Service — authenticate you, provision workspaces, execute queries, run connectors
- Communicate with you — send transactional emails (verification, password reset, workspace expiry notifications)
- Improve the Service — analyze aggregated usage patterns to inform product decisions
- Ensure security — detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations — respond to lawful requests from authorities
3. Third-Party Services
We use the following third-party services that may process your information:
| Service | Purpose | Data shared |
|---|---|---|
| Postmark | Transactional email delivery | Email address, email content |
| Stripe | Payment processing | Payment details, billing address |
| Google Analytics | Website analytics | Page views, anonymized usage data |
| Cloudflare | CDN, DNS, DDoS protection | IP address, request metadata |
| CockroachDB Cloud | Database hosting | Account data, workspace metadata |
Each third-party service is bound by its own privacy policy. We do not sell your personal information to any third party.
4. Data Storage and Security
Your account data is stored in CockroachDB Cloud with encryption at rest. Sensitive credentials (API keys, connector passwords, OAuth tokens) are protected with envelope encryption using cloud key management services.
Your lakehouse data is stored in object storage (Cloudflare R2) within isolated workspace namespaces. Each workspace has its own credentials and storage prefix.
We implement industry-standard security measures including:
- Encryption in transit (TLS) for all connections
- Envelope encryption at rest for sensitive data
- Hashed and salted passwords (bcrypt)
- Rate limiting on authentication endpoints
- Two-factor authentication (TOTP) with backup codes
- Session management with secure, HTTP-only cookies
5. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Workspace data: Retained while the workspace exists. Deleted within 30 days of workspace deletion or expiry.
- Server logs: Retained for up to 90 days for security and debugging, then deleted.
- Analytics data: Aggregated and anonymized data may be retained indefinitely.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data
- Deletion — request deletion of your personal data and account (see Data Deletion)
- Portability — request your data in a machine-readable format
- Objection — object to processing of your data for certain purposes
To exercise any of these rights, contact us at privacy@openlakes.io or use the self-service tools in the dashboard.
7. Cookies
We use the following cookies:
- Session cookie (essential) — maintains your authenticated session
- Analytics cookies (Google Analytics) — collect anonymized usage data
You can disable analytics cookies through your browser settings. Essential session cookies are required for the Service to function.
8. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@openlakes.io and we will delete it.
9. International Data Transfers
Your data may be processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your jurisdiction.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates the most recent revision.
11. Contact
For privacy-related questions or requests, contact us at:
OpenLakes, Inc.
Email: privacy@openlakes.io