Privacy Policy

We respect your privacy. This page transparently describes what data we collect, how we use it, and how we protect it.

event Last updated: January 2025 language Applies to: RO · EU · International shield Compliant with GDPR · CCPA · COPPA

block We never sell your data

visibility_off No personal behaviour tracking

delete_forever Logs deleted after 90 days

lock No mandatory accounts

Who we are
What data we collect
Why we collect data
Storage & security
Cookies
Google AdSense
Third-party services
Your rights (GDPR)
California users (CCPA)
Children (COPPA)
Policy changes
Contact

Who we are

OpenProjects (accessible at openprojects.ro) is a personal, non-commercial project offering free web-based tools. The platform is operated by an individual based in Romania, European Union.

Under GDPR, the platform operator acts as the Data Controller for all personal data collected through this site.

🇷🇴 Operator based in Romania 🇪🇺 Subject to GDPR

What data we collect

We apply the principle of data minimisation (GDPR Art. 5(1)(c)) and collect only the minimum necessary for the platform to function:

Category	Data collected	Purpose	Retention
Access logs	Partially anonymised IP, browser, OS, page visited, timestamp	Security, debugging, aggregate statistics	90 days
User account (optional)	Email address, hashed password, registration date	Authentication, saved preferences	Until account deletion
Game scores (optional)	User-chosen display name, numeric score	Public leaderboard	Indefinite / on request
Functional cookies	Session token, UI preferences	Site functionality	Session / 30 days
AdSense cookies	Managed by Google LLC	Relevant advertising	Per Google's policy

We never collect: Phone numbers, national ID numbers, financial data, medical data, precise GPS location, or content generated inside tools that process data client-side in your browser.

Why we collect data — legal basis

Under GDPR Art. 6, we process data on the following legal grounds:

Legitimate interest (Art. 6(1)(f)) — access logs for security and technical debugging
Performance of a contract (Art. 6(1)(b)) — account data required to provide the requested service
Consent (Art. 6(1)(a)) — non-essential cookies and personalised advertising

We do not process data for any purpose beyond those stated above. We do not carry out automated profiling or automated decision-making with significant effects (GDPR Art. 22).

Storage & security

Data is stored on servers hosted within the European Union (Render.com, EU regions). We do not transfer data outside the EU/EEA except through the third-party services described in Section 7.

Security measures in place:

All traffic transmitted exclusively over HTTPS/TLS
Passwords stored using bcrypt hashing (irreversible)
Database access restricted by IP and credentials
Access logs with partial IP anonymisation
Regular platform security updates

An honest note No platform can guarantee 100% security. In the event of a security breach affecting your data, we will notify you in accordance with GDPR Art. 34 within 72 hours of becoming aware of the incident.

Cookies

We use cookies in compliance with the ePrivacy Directive (2002/58/EC) and GDPR.

Type	Purpose	Consent required
Essential cookies	Session, authentication, CSRF security	No (strictly necessary)
Functional cookies	UI preferences, language, saved settings	Optional
Google AdSense cookies	Personalised advertising and measurement	Yes — explicit consent required

You can manage or delete cookies at any time through your browser settings. Disabling essential cookies may affect platform functionality. For Google cookies, use Google Ads Settings or the Google Analytics Opt-out extension.

Google AdSense & advertising

The platform uses Google AdSense (operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the EU: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Google may use tracking technologies (cookies, pixels, device identifiers) to show personalised ads based on prior browsing behaviour. This involves a data transfer to the USA, carried out on the basis of Standard Contractual Clauses approved by the European Commission (GDPR Art. 46(2)(c)).

Third-party services

Some tools call external APIs. The table below lists all third-party services and the data transmitted to them:

Service	Purpose	Data transmitted	Privacy policy
Render.com	Server hosting (EU)	IP address, HTTP requests	render.com/privacy
Wikipedia / Wikimedia	Educational content API	IP address, text query	Wikimedia Privacy
Open-Meteo	Free weather API	General GPS coordinates	open-meteo.com/terms
Pl@ntNet API	Plant identification	Uploaded photograph	plantnet.org/privacy
Open Trivia DB	Quiz questions	None (public API)	opentdb.com
OCR.space	Text recognition from images	Uploaded image (processed and deleted)	ocr.space/privacy
Google AdSense	Advertising	Cookies, IP, browsing behaviour	policies.google.com

We are not responsible for the privacy practices of third-party services. We encourage you to review their individual policies.

Your rights under GDPR

Under Regulation (EU) 2016/679 (GDPR), you have the following rights regarding your personal data:

👁

Right of access (Art. 15)

Request a copy of the personal data we hold about you.

✏️

Right to rectification (Art. 16)

Request correction of inaccurate or incomplete data.

🗑

Right to erasure (Art. 17)

"Right to be forgotten" — request deletion of your data under certain conditions.

⏸

Right to restriction (Art. 18)

Request that we limit processing of your data in specific circumstances.

📤

Right to portability (Art. 20)

Receive your data in a structured, machine-readable format.

🚫

Right to object (Art. 21)

Object to processing based on legitimate interests.

To exercise any of these rights, contact us using the details in Section 12. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority. In Romania: ANSPDCP — dataprotection.ro · Tel: +40.318.059.211

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

Right to know — what personal information we collect and how we use it
Right to delete — personal information we have collected, with certain exceptions
Right to opt out of sale — we do not sell personal data
Right to non-discrimination — exercising your CCPA rights will not result in any penalty

Data sale declaration OpenProjects does not and has never sold personal data of users to any third party within the meaning of the CCPA.

For CCPA requests, use the contact details in Section 12. We will respond within 45 days, with a possible extension of a further 45 days in complex cases.

Children (COPPA & GDPR)

The platform is not intended to collect data from children under 13 years of age. Under GDPR, users from the EU under 16 years (or the applicable national minimum) require parental or guardian consent.

In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal data from children under 13 in the United States without verifiable parental consent.

If a parent or guardian discovers that a child below the minimum age has provided personal data to the platform, please contact us so we can delete that data immediately.

Changes to this policy

This policy may be updated periodically to reflect changes in our practices or applicable law. The revised version will be published on this page with an updated effective date.

Significant changes will be communicated via a visible notice on the platform. Continued use of the platform after changes are published constitutes acceptance of the updated policy.

Contact

For any questions, requests, or complaints relating to data privacy, you can reach us via:

Website: openprojects.ro
Contact form: available on the platform's main page

We are committed to responding to all personal data requests within the timeframes required by GDPR (30 days) and CCPA (45 days).

For unresolved complaints you may contact: ANSPDCP — dataprotection.ro