Personal Information You Provide:

• Email addresses
• Usernames
• Passwords (for Magic Link auth)
• Contact or authentication data
• GitHub account data (username, avatar URL, public profile)
• User preferences and settings (avatar selection, display preferences)
• Tool submission data (GitHub repository URLs, tool descriptions, contact email for verification, self-described maintainer role)

We do not process sensitive information.

Social Login Data:

If you register using GitHub or Google OAuth, we receive certain profile information from those providers. See Section 7 for details.

Information Automatically Collected:

We automatically collect certain information when you visit our Services, including:

Log and Usage Data: IP address, browser type, device information, pages viewed, searches performed, date/time stamps, and other usage information.

Device Data: Information about your computer, phone, tablet, or other device used to access our Services, including IP address, browser type, operating system, and system configuration.

We also store your search history locally in your browser using localStorage.

For more information about our use of cookies, see our Cookie Notice at: http://www.ossdiscovery.site/cookies

We process your personal information for the following purposes:

• To facilitate account creation and authentication
• To deliver and facilitate delivery of our Services
• To respond to user inquiries and offer support
• To send administrative information (account updates, policy changes)
• To request feedback about our Services
• To protect our Services from fraud and abuse
• To identify usage trends and improve our Services
• To save or protect an individual's vital interest when necessary

For EU/UK users (GDPR):

• Consent: When you give us permission to use your data
• Performance of a Contract: To provide you our Services
• Legitimate Interests: To improve our Services, prevent fraud, and understand usage patterns
• Legal Obligations: To comply with applicable laws
• Vital Interests: To protect safety when necessary

For Canadian users (PIPEDA):

We process your information with your express or implied consent. You may withdraw consent at any time by contacting us at contact@ossdiscovery.site.

We share data with the following third-party providers:

AI Service Providers:

Authentication:

Cloud & Infrastructure:

All third-party providers are bound by contracts that prohibit them from using your data for any purpose other than providing services to us.

Business Transfers:

We may share your information in connection with any merger, sale, or acquisition of all or part of our business.

We use cookies to maintain your authentication session when you are logged in. We do not use advertising cookies, tracking pixels, or marketing cookies.

We also use localStorage to store your search history locally in your browser. This data never leaves your device.

For full details, see our Cookie Notice: http://www.ossdiscovery.site/cookies

We provide AI-powered features through the following third-party providers:

• Groq (primary search summaries)
• Cerebras (fallback search summaries)
• Fireworks AI, Together.ai, DeepInfra, SambaNova (tool Q&A generation)

Your search queries may be processed by these providers to generate relevant summaries. We do not use your personal information to train AI models.

When you choose to register or log in using GitHub or Google OAuth, we receive the following profile information:

From GitHub: Username, email address, avatar URL, public profile information

From Google: Email address, name, profile picture

We use this information only to create and manage your account. We do not control how GitHub or Google use your information — please review their respective privacy policies for details.

Our infrastructure is hosted in the United States (Vercel) and Singapore (Supabase). If you are located in the EEA, UK, or Switzerland, your data may be transferred to these countries.

We protect international transfers using the European Commission's Standard Contractual Clauses (SCCs). Our service providers Supabase and Vercel both maintain SCCs as part of their GDPR compliance programs.

Standard Contractual Clauses can be provided upon request by contacting contact@ossdiscovery.site.

We retain your personal information only for as long as necessary to provide our Services. When you delete your account, we will delete or anonymize your personal information within 30 days, unless retention is required by law.

Our security measures include:

• Row Level Security (RLS) on all database tables
• Encrypted connections (SSL/TLS) for all data in transit
• Secure OAuth authentication via GitHub and Google
• API key hashing — raw keys are never stored
• Supabase database encryption at rest
• HTTPS enforced across all pages via Vercel

No electronic transmission over the internet can be guaranteed 100% secure. You should only access our Services within a secure environment.

We do not knowingly collect data from or market to users under 18 years of age. If you believe we have collected data from a minor, please contact us immediately at contact@ossdiscovery.site and we will delete it promptly.

Depending on your location, your rights may include:

• Right to access your personal information
• Right to correct inaccurate information
• Right to request deletion of your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time

To exercise any of these rights, contact us at: contact@ossdiscovery.site

We will respond within 30 days in accordance with applicable law.

Account Management:

You can review and update your account information at any time by logging into your dashboard settings. To delete your account entirely, contact us at contact@ossdiscovery.site.

Most web browsers include a Do-Not-Track ("DNT") setting. We do not currently respond to DNT signals as no uniform standard has been finalized. If a standard is adopted in the future, we will update this notice accordingly.

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights under your state's privacy laws.

Categories of Personal Information We Collect:

Your Rights Include:

• Right to know what personal data we process
• Right to access your personal data
• Right to correct inaccuracies
• Right to request deletion
• Right to obtain a copy of your data
• Right to non-discrimination for exercising rights
• Right to opt out of sale of personal data (we do not sell personal data)

To exercise these rights, contact us at: contact@ossdiscovery.site

We have not sold any personal information to third parties in the preceding 12 months.

Appeals:

If we decline your request, you may appeal by emailing contact@ossdiscovery.site. If your appeal is denied, you may contact your state attorney general.

Australia:

We process your personal information in accordance with Australia's Privacy Act 1988. You have the right to request access to or correction of your personal information at any time by contacting contact@ossdiscovery.site.

If you believe we are unlawfully processing your information, you may lodge a complaint with the Office of the Australian Information Commissioner.

Yes. We may update this Privacy Notice from time to time to reflect changes in our practices or applicable law. The updated version will be indicated by an updated date at the top of this page.

For material changes, we will notify you by email or by prominently posting a notice on our Services.

For questions or concerns about this Privacy Notice:

Email: contact@ossdiscovery.site

Postal address: