Privacy Policy

openhero ("we", "the Service") is committed to protecting your privacy. This policy explains what minimal data we collect, how we use it, and the choices you have. openhero does not require account creation and does not collect personal information beyond what is strictly necessary to operate the platform.

We collect the following data:

• Anonymous session ID - a random UUID generated and stored in your browser's localStorage to track likes and view counts per session. It is never linked to your identity.
• IP address hash - a one-way salted hash of your IP address used exclusively for submission rate-limiting (max 2 per 30 days). The raw IP is never stored.
• Interaction events - when you view or like a video, we record the video slug, category, and name alongside your session ID. No personal identifiers are involved.
• Submitted content - if you voluntarily submit a hero section, we store the ZIP file, title, and description you provide.

Data collected is used only for the following purposes:

• Displaying accurate view and like counts on video cards
• Preventing duplicate likes from the same session
• Enforcing submission rate limits to prevent abuse
• Reviewing and publishing community-submitted hero sections

All data is stored in Supabase (a GDPR-compliant cloud database). Access is restricted via Row Level Security policies. Server-side functions run with SECURITY DEFINER to bypass RLS safely.

openhero does not use tracking cookies. We use:

• localStorage (session ID) - persisted in your browser until you clear site data
• No analytics cookies, advertising cookies, or cross-site trackers
• No third-party cookie SDKs

The following third-party services may process data when you use openhero:

• Supabase - database and storage backend (supabase.com/privacy)
• Vercel - hosting and edge network (vercel.com/legal/privacy-policy)
• Google Fonts - font delivery via CSS import (may log font requests)

Because we do not collect personal data, most data subject rights are not applicable. However, if you believe data related to your session ID should be removed, contact us and we will delete it within 30 days.

Session-based interaction data is retained indefinitely to maintain accurate statistics. Submission rate-limit records are automatically purged after 30 days. Submitted hero content is retained until reviewed; rejected submissions are deleted.

openhero is not directed at children under 13. We do not knowingly collect any information from children.

We may update this Privacy Policy from time to time. The last updated date at the top reflects any changes. Continued use after changes constitutes acceptance of the revised policy.

Questions about this Privacy Policy? Reach out via the contact information available on openhero.art. We aim to respond within 7 business days.