Trust Center
Trust, security, privacy, and responsible AI.
OpenOS helps organizations unlock intelligence from data while maintaining strong commitments to privacy, security, transparency, compliance, and human-centered AI governance.
How OpenOS collects, processes, protects, and governs customer and website data.
Review policy Security Security OverviewAccess controls, encryption, incident response, resilience, and operational safeguards.
Read overview Responsible AI AI Usage PolicyHuman oversight, transparency, data use boundaries, and responsible AI commitments.
Read policy Procurement Data Processing AddendumProcessor responsibilities, sub-processors, transfers, security, and breach handling.
Review DPA Data lifecycle Retention & DeletionRetention windows, deletion requests, backup handling, and customer data return.
See lifecycle policy Security research Vulnerability DisclosureHow to report security findings responsibly and how OpenOS handles valid reports.
View disclosure policyBuilt For Enterprise Review
Clear answers across privacy, security, and AI governance.
Whether you are evaluating OpenOS for procurement, legal due diligence, or an AI governance review, this Trust Center provides the core material buyers usually request first.
Privacy & data protection
OpenOS acts as a service provider and processor, handling customer data solely to deliver contracted services.
- Customer data ownership stays with the customer
- Privacy practices are documented and reviewable
- DPA, Privacy Policy, and Cookie Policy are linked publicly
Security & platform reliability
OpenOS documents layered safeguards covering access controls, transport security, monitoring, resilience, and response processes.
- Role-based access controls and account protections
- HTTPS/TLS for data in transit
- Incident response and operational continuity practices
Responsible AI
AI is used to support decision-making, not replace human judgment, with transparency and review expectations built into the policy framework.
- Human-in-the-loop oversight
- Transparency around AI-generated outputs
- No public model training on customer data without written agreement
Data lifecycle management
Retention, deletion, backup handling, and data return expectations are covered through dedicated lifecycle and DPA documentation.
- Retention categories and timelines are documented
- Deletion requests are supported under applicable agreements
- Customer data is retained only for legitimate business or legal purposes
Procurement & legal review
Enterprise buyers can review contractual and procurement-facing policies before deeper diligence or commercial conversations.
- Terms of Service and DPA
- Disclaimer and Subprocessor List
- Privacy, retention, and cookie documentation
Security researcher support
OpenOS publishes responsible disclosure guidance for security researchers and customers who identify vulnerabilities affecting OpenOS systems.
- Reporting process and scope details
- Safe harbor and responsible disclosure guidance
- Public contact pathway for security reports
Resources
Every trust resource in one place.
Use these pages during enterprise sales cycles, security reviews, legal diligence, and AI governance conversations.
Privacy Policy
How OpenOS collects information, uses it, protects it, and responds to user rights requests.
- Information categories
- Legal basis and data sharing
- DPDP and contact details
Security Overview
Core security principles, platform safeguards, incident response, and customer responsibilities.
- Access controls and encryption
- Continuity and resilience
- Security contacts
AI Usage Policy
Responsible AI expectations across oversight, transparency, fairness, privacy, and reporting.
- Human review expectations
- AI limitations and accuracy
- Customer data and model training rules
Terms of Service
Service terms, account responsibilities, acceptable use, data rights, and commercial provisions.
- Use of AI services
- Security and confidentiality
- Liability and termination terms
Data Processing Addendum
Processor obligations, security measures, transfers, sub-processors, and audit considerations.
- Controller and processor roles
- Rights and breach notification
- Return or deletion of data
Data Retention & Deletion
Retention windows, deletion practices, backups, anonymization, and customer request handling.
- Retention categories
- Account termination handling
- Deletion and backup practices
Cookie Policy
How OpenOS uses essential and security-focused cookies across the website and product properties.
- Cookie categories
- Session and persistent cookies
- Managing cookie preferences
Vulnerability Disclosure
How security findings can be reported responsibly and the guidelines OpenOS asks researchers to follow.
- Scope and reporting steps
- Safe harbor guidance
- Authorized versus prohibited activity
Subprocessor List
Categories of third-party providers that may support infrastructure, AI, storage, and security functions.
- Provider categories
- Transfer and due diligence controls
- Update and contact process
FAQ
Fast answers for enterprise review teams.
These are the questions buyers and governance stakeholders most often need answered early.
Does OpenOS sell customer data?
No. OpenOS states that customer data remains customer-owned and is processed solely to provide contracted services, maintain platform functionality, support security operations, and fulfill related obligations.
Can OpenOS support procurement and security reviews?
Yes. The Trust Center brings together privacy, DPA, security overview, AI policy, retention, cookie, disclosure, disclaimer, and subprocessor material in one place.
Does OpenOS use customer data to train public AI models?
OpenOS states that customer data is not used to train public AI models unless explicitly agreed in writing with the customer through a separate agreement.
How can a security issue be reported?
Security-related questions and responsible disclosure reports can be sent to hello@openost.com, with full guidance published in the Vulnerability Disclosure Policy.