Privacy Policy

This policy explains what personal data OpenAVC LLC collects, why we collect it, and how we handle it. If you have questions, email info@openavc.com or write to us at the address at the bottom of this page.

Who we are

OpenAVC LLC is a North Carolina limited liability company. We make OpenAVC, an open-source AV control platform, and operate OpenAVC Cloud, a hosted service for managing OpenAVC installations.

What this policy covers

This policy applies to:

• The marketing site at openavc.com.
• The documentation site at docs.openavc.com.
• The OpenAVC Cloud portal at cloud.openavc.com.
• Data sent to us by an OpenAVC instance that has been paired to a cloud account.

OpenAVC software running on your own hardware does not send data to us unless you choose to pair it with OpenAVC Cloud. The open-source software itself collects nothing.

Marketing and documentation sites

openavc.com and docs.openavc.com do not use analytics, advertising trackers, or third-party cookies. There are no contact forms or signup forms on these sites. Our hosting providers keep short-lived server logs (IP address, user agent, request path) for abuse prevention and reliability.

OpenAVC Cloud account data

When you create or use a cloud account, we collect:

• Email address and password (passwords are stored as bcrypt hashes, never in plain text).
• Account name and account type.
• Names, email addresses, and roles of team members you invite.
• Email verification and password reset tokens (short-lived).

We use this data to authenticate you, run your account, send transactional email, and provide customer support. Authentication tokens are stored in your browser's localStorage for the duration of your session.

Billing

Payments are processed by Stripe. Card numbers and other payment credentials go directly to Stripe and never reach our servers. We store the Stripe customer ID, your plan, subscription status, and invoice metadata so we can manage your subscription and show your billing history. See Stripe's privacy policy.

System telemetry from paired instances

When you pair an OpenAVC instance to your cloud account, the on-device cloud agent sends us operational data so we can show it to you in the portal, send alerts, and provide support:

• System metrics: CPU, memory, disk usage, uptime, and (if available) temperature.
• Device counts and connection status.
• Device state values from your project (the readings, levels, and statuses you have configured).
• Alert events you have configured.
• Logs and diagnostic data when you request support.

Most of this is operational data about AV equipment, not personal data about people. We treat it as your confidential business data and don't share it outside OpenAVC LLC except as described in this policy.

AI assistant

OpenAVC Cloud includes an optional AI assistant powered by Anthropic's Claude API. When you use it, the messages you send and the project context needed to answer them (devices, macros, UI pages, scripts, plugin state) are sent to Anthropic for processing. We log token counts and conversation IDs for billing and rate limiting. The assistant is opt-in. If you don't use it, no project data is sent to Anthropic. See Anthropic's privacy policy.

Email

Transactional email (verification, password reset, team invitations, alert notifications) is sent through Postmark. We don't send marketing email without separate consent. See Postmark's privacy policy.

Subprocessors

We rely on the following third parties to operate the service:

• Stripe — payment processing.
• Anthropic — AI assistant.
• Postmark — transactional email.
• DigitalOcean — cloud hosting.
• Netlify — marketing and documentation site hosting.

How long we keep data

• Account data is retained while your account is active.
• Billing records are retained for seven years to meet US tax recordkeeping requirements.
• Telemetry and conversation history are retained while your account is active.
• Self-serve account deletion is not yet available in the portal. To delete your account and associated data, email info@openavc.com and we will complete the deletion within 30 days.

Your rights

You can request access to your personal data, correction of inaccurate data, deletion of your account, or an export of your data by emailing info@openavc.com. We don't sell personal data and we don't share it for cross-context behavioral advertising.

If you are in the European Union, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, or CCPA. The same email address handles those requests.

Security

Passwords are stored as bcrypt hashes. Traffic between your browser, paired OpenAVC instances, and our servers is encrypted with TLS. Paired instances authenticate using HMAC signatures with a per-instance key established during pairing. No system is perfectly secure, but we work to follow current best practices.

Children

OpenAVC is a professional AV product and is not directed at children under 16. We don't knowingly collect personal data from children.

Changes to this policy

If we change this policy in a way that affects how we handle your personal data, we'll update the "Last updated" date and email account holders for material changes.

Contact

Email: info@openavc.com
Mail: OpenAVC LLC, PO Box 1055, Lillington, NC 27546, USA