OpenGuilds is committed to protecting your privacy. This policy explains exactly what data we collect, why we collect it, and how you can control it. If you have questions, email us at privacy@open-guilds.com.
1. Information We Collect
We collect information you provide directly when you create an account, complete profile verification, submit tasks, or contact our support team. This includes: name, email address, password hash, country of residence, and — for Workers in specialist guilds — professional credential documents such as medical license numbers or bar admission records.
We automatically collect certain technical data when you use the Service: IP address, browser type and version, operating system, referring URLs, pages visited, session duration, and API request logs including endpoint, timestamp, response code, and latency. This data is used for security monitoring, debugging, rate-limit enforcement, and service improvement.
If you connect a cryptocurrency wallet to receive USDC payouts, we collect the wallet address you provide. For Developers using paid plans, we collect billing information through our payment processor (Stripe), but we do not store full card numbers ourselves. We receive a tokenised payment method reference and the last four digits of your card for display purposes.
2. How We Use Your Information
We use your account data to provide and manage your access to the Service, process task submissions and payments, calculate Worker quality scores, route payouts, and communicate with you about your account and the platform. We may send transactional emails (task completions, payment confirmations, security alerts) and, with your consent, product update emails. You can manage notification preferences from your account settings.
We use technical and usage data to operate, secure, and improve the platform. This includes detecting and preventing fraud and abuse, debugging technical issues, analysing usage patterns to prioritise product development, and benchmarking infrastructure performance. We do not use your data to build advertising profiles or sell your data to third-party advertisers.
We use credential data collected from Workers solely for guild verification purposes. Credential documents are reviewed by our Trust & Safety team or a designated verification partner and are not shared with Developers or other Workers. After verification is complete, raw credential documents are deleted within 30 days and a verified status flag is retained on your account.
3. Data Sharing
We do not sell your personal data. We share data only in the following circumstances: (a) with service providers who process data on our behalf under confidentiality agreements, such as cloud hosting (AWS), payment processing (Stripe), email delivery (Resend), and error monitoring (Sentry); (b) with Developers when your task response is delivered as part of a completed task — in this case only your anonymised Worker ID, quality score contribution, and response payload are shared, never your name or contact details; and (c) with law enforcement or regulatory authorities when required by applicable law or valid legal process.
In the event of a merger, acquisition, or sale of substantially all of OpenGuilds' assets, your data may be transferred to the acquiring entity. We will notify you by email and post a notice on the platform at least 14 days before any such transfer, and you will have the opportunity to delete your account before the transfer takes effect.
We may share aggregated, de-identified data (e.g., total tasks completed per guild, average task latency) publicly or with partners for research and marketing purposes. Such data cannot reasonably be used to identify individual users.
4. On-chain Data
OpenGuilds issues Worker payouts in USDC on the Polygon blockchain. Blockchain transactions are irreversibly public by the nature of distributed ledger technology. When a payout is sent to your wallet address, the transaction — including the amount and your wallet address — is permanently recorded on the public blockchain and can be viewed by anyone with access to a blockchain explorer such as Polygonscan.
Your wallet address is not displayed on your public OpenGuilds profile and is not shared with Developers. However, if your wallet address can be linked to your real-world identity through other means (e.g., an exchange KYC process you have undergone separately), the on-chain transaction history may become attributable to you. We advise Workers to consider using a dedicated wallet address for receiving OpenGuilds payments if privacy is a concern.
OpenGuilds has no ability to reverse, modify, or delete blockchain transactions once they are submitted. This is a fundamental characteristic of blockchain technology and does not constitute a violation of your right to erasure under GDPR or similar laws, as these transactions do not contain personal data in the ledger itself.
6. Data Retention
We retain account data for as long as your account is active. If you delete your account, your personal data is removed from our primary databases within 30 days. Task payload data is retained for 90 days after task completion to allow dispute resolution, and is then permanently deleted. API request logs are retained for 12 months for security and audit purposes.
Aggregated and anonymised data derived from your usage may be retained indefinitely for product analytics. Tax and billing records are retained for 7 years in accordance with financial regulations, even after account deletion. Worker credential verification records (the verified status flag, not the original documents) are retained for the lifetime of the account and for 3 years post-deletion to comply with anti-fraud requirements.
Backups are rotated on a 30-day cycle, meaning deleted data may persist in encrypted backups for up to 30 days beyond the primary deletion date. We maintain strict access controls on backup storage and do not restore deleted accounts from backups except in cases of accidental deletion at your verified request within 7 days.
7. Your Rights (GDPR / CCPA)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR: the right to access a copy of your personal data; the right to correct inaccurate data; the right to request erasure ("right to be forgotten"); the right to restrict processing; the right to data portability; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where processing is based on consent.
If you are a California resident, you have rights under the CCPA/CPRA including: the right to know what personal information we collect and how it is used; the right to delete personal information; the right to opt out of the sale of personal information (we do not sell personal information); the right to non-discrimination for exercising your privacy rights; and the right to correct inaccurate personal information.
To exercise any of these rights, submit a request to privacy@open-guilds.com with the subject line "Privacy Rights Request." We will respond within 30 days (GDPR) or 45 days (CCPA) of receipt. We may ask you to verify your identity before fulfilling certain requests. You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or the CNIL in France).
8. Security
We implement industry-standard security measures to protect your data, including TLS 1.3 encryption for all data in transit, AES-256 encryption for sensitive data at rest, bcrypt hashing for passwords, role-based access control for internal systems, and regular third-party penetration testing. All production infrastructure is hosted on AWS in SOC 2 Type II certified data centres.
Despite these measures, no system is perfectly secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by the GDPR. We will provide details of the nature of the breach, the data affected, and the steps we have taken to mitigate any harm.
We operate a responsible disclosure programme. If you discover a security vulnerability, please report it to security@open-guilds.com with a detailed description. We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 30 days. We ask that you do not publicly disclose vulnerabilities before we have had an opportunity to address them.
9. International Transfers
OpenGuilds is headquartered in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on the EU-US Data Privacy Framework and the UK Extension thereto, and on Standard Contractual Clauses where required.
Our third-party service providers may process your data in additional jurisdictions. For example, our email provider (Resend) operates data centres in the US. We require all service providers to implement appropriate safeguards for international data transfers and to process your data only in accordance with our instructions.
If you have concerns about cross-border data transfers or would like a copy of the Standard Contractual Clauses we rely on, please contact privacy@open-guilds.com.
10. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Data Privacy team at:
OpenGuilds, Inc.
Attn: Data Privacy
2035 Market Street, Suite 900, Wilmington, DE 19801, USA
privacy@open-guilds.comFor EEA/UK users, our EU Representative is available at eurepresentative@open-guilds.com. We aim to respond to all privacy inquiries within 30 days. If you are unsatisfied with our response, you have the right to escalate your complaint to your national data protection authority.