This Privacy Policy describes how Rocketship, LLC (“we”, “us”, “our”) collects, uses, and protects information through the OpenGraph+ service (“Service”), accessible at https://www.opengraphplus.com/.

Consent

By using the Service, you consent to this Privacy Policy and agree to our Terms of Service.

Information we collect

Account information

When you register, we collect your email address and, if you sign in with Google or Apple, your name (if provided by the OAuth provider). We do not store passwords. Authentication is handled via magic-link email, Google OAuth, or Apple Sign-in.

Websites and pages

When you use the Service, we collect the domains you register and the page URLs you submit for screenshot generation.

Website crawling data

When we crawl a URL you submit, we collect and store:

• The URL itself
• A screenshot image (PNG) of the page
• HTTP cache headers (for cache management)
• Open Graph meta tag values extracted from the page

We do not store page HTML content, cookies, or any other data from the crawled page.

Short-link visitor data

When someone clicks an OpenGraph+ short link, we log:

• IP address
• User agent
• Referrer
• Timestamp

This data is used for click analytics and is associated with the short link, not with individual visitors.

Payment data

All payment processing is handled by Stripe. We do not store credit card numbers or other payment credentials. We store only your Stripe subscription ID and plan dates to manage your account.

Cookies

OpenGraph+ uses a single session cookie with a 30-day expiry to keep you logged in. We do not use tracking cookies, advertising cookies, or web beacons.

Analytics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies, does not collect personal information, and is fully compliant with GDPR, CCPA, and PECR.

Third-party services

We use third-party services to operate the Service. See our subprocessor list for details on each provider and the data they process.

Security practices

OpenGraph+ minimizes the data we hold. We do not store passwords, credit card numbers, or page content from crawled URLs. Authentication is delegated to Google, Apple, or short-lived magic links. Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider.

All connections to the Service are encrypted via TLS.

We do not currently hold SOC 2 or ISO 27001 certifications. If your organization has security questions, contact us at trust@opengraphplus.com.

Data location

All data, including screenshot images, is stored in the United States.

Data retention

Screenshot images are cached according to the TTL settings you configure for each website. If you delete your account, all associated data is permanently deleted: websites, screenshots, API keys, and visit logs.

CCPA privacy rights (do not sell my personal information)

We do not sell your personal information. Under the CCPA, California consumers have the right to:

• Request disclosure of the personal data we have collected
• Request deletion of personal data we have collected
• Not be discriminated against for exercising these rights

If you would like to exercise any of these rights, contact us at trust@opengraphplus.com. We will respond within one month.

GDPR data protection rights

Our legal basis for processing your data under the GDPR is contract performance (we need your email and submitted URLs to provide the Service) and legitimate interest (analytics, security, and service improvement). We do not process data based on consent except where you explicitly opt in to optional features.

If you are in the European Economic Area, you have the following rights:

• Access: request copies of your personal data
• Rectification: request correction of inaccurate information
• Erasure: request deletion of your personal data
• Restrict processing: request that we limit how we use your data
• Object to processing: object to our processing of your data
• Data portability: request transfer of your data to another service

If you would like to exercise any of these rights, contact us at trust@opengraphplus.com. We will respond within one month.

Children’s information

OpenGraph+ does not knowingly collect any personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us at trust@opengraphplus.com and we will promptly delete it.

Changes to this policy

We may update this Privacy Policy at any time. Changes take effect when posted to this page. It is your responsibility to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, contact us at trust@opengraphplus.com.