Privacy Policy
Last updated: March 2, 2026
What this project is
OpenLoop is an open-source, self-hosted feedback collection platform built for educational and experimental purposes. It is not a commercial service. If you self-host OpenLoop, you are the data controller for your instance.
What data is collected
OpenLoop collects only what is necessary for the product to function:
- Feedback submissions — the text content users submit through the widget
- Votes — which ideas a user has upvoted (tracked by user ID you provide)
- Email address — only if a user or admin provides one for notifications
- Admin credentials — email and password for dashboard access, managed by Supabase Auth
What we do not do
- No analytics or tracking scripts
- No cookies beyond functional session storage
- No selling, sharing, or monetizing user data
- No profiling or behavioral tracking
- No third-party advertising
Third-party services
The hosted demo and default deployment rely on:
- Supabase — database and authentication (their privacy policy)
- Cloudflare — hosting and CDN (their privacy policy)
- Resend — transactional email, only if notifications are enabled (their privacy policy)
If you self-host, you choose your own providers and their respective policies apply.
Data storage
All data is stored in your Supabase project with Row Level Security enabled. We do not maintain a separate copy of your data. Session tokens are stored in the browser's localStorage and never sent to any third party.
Data deletion
Self-hosted users have full control over their database and can delete any data at any time. If you submitted feedback on a hosted instance and want it removed, contact the instance operator.
Changes
This policy may be updated as the project evolves. Changes will be committed to the repository.