Privacy Policy

Last updated: January 13, 2026

Overview

OMDR ("we", "us", "our") respects your privacy. This policy explains what data we collect, why we collect it, and how we use it. We aim to be transparent and give you control over your data.

Data We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Profile information from OAuth providers (GitHub, Google)

Usage Data

We automatically collect:

  • API call logs (server accessed, timestamp, response time)
  • Page views and feature usage
  • Device and browser information
  • IP address (anonymized after 30 days)

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. We receive transaction confirmations and billing addresses for tax purposes.

How We Use Your Data

  • Provide and improve the Service
  • Process payments and payouts
  • Send transactional emails (receipts, security alerts)
  • Detect and prevent fraud and abuse
  • Generate anonymized analytics
  • Comply with legal obligations

Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers: Hosting (Fly.io), payments (Stripe), auth (Supabase), email (Resend)
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In case of merger or acquisition (with notice)

Data Retention

  • Account data: Retained until you delete your account
  • Usage logs: 90 days (anonymized thereafter)
  • Payment records: 7 years (legal requirement)
  • Published servers: Retained until unpublished by you

Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Delete your account and associated data
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing emails

To exercise these rights, email privacy@openmcpdirectory.com

Cookies

We use essential cookies for authentication and session management. We use analytics cookies (with consent) to understand how the Service is used. You can disable non-essential cookies in your browser settings.

Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, regular security audits, and access controls. However, no system is 100% secure. Please use strong passwords and enable 2FA when available.

International Transfers

Data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

Children's Privacy

OMDR is not intended for users under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us immediately.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date indicates when changes were made.

Contact

Questions about privacy? Contact our Data Protection Officer at privacy@openmcpdirectory.com