Privacy Policy

Introduction

This Privacy Policy describes how OpenBlock Labs, Inc. ("OpenBlock Labs," "we," "us," or "our") collects, uses, and shares personal data in connection with the OB-1 platform and related services (collectively, the "Service"), accessible at dashboard.openblocklabs.com.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Personal data we collect

A. Personal data you provide to us directly

• Account Information. When you create an account, we collect your name, email address, and organization details necessary for authentication and billing.
• Payment Information. If you purchase a paid plan, payment information is collected and processed by our third-party payment processor. We do not store full payment card details on our servers.
• Inputs and Outputs. When you use the Service, you may submit code context, prompts, and other content ("Inputs"). The Service generates responses based on your Inputs ("Outputs"). By default, Inputs and Outputs are stored to support session history and debugging. When you enable --incognito mode, Inputs and Outputs are processed ephemerally and are not persisted beyond the life of each request.
• Communication Information. When you contact us for support or other inquiries, we collect the information you provide in those communications.

B. Personal data we receive from your use of the Service

• Device Information. We may collect information about the device you use to access the Service, including operating system, device type, and browser type.
• Usage Data. We collect aggregate usage metrics such as number of requests, models used, and feature usage to operate and improve the Service. Code content is not included in usage data.
• Log Information. We automatically collect log data when you use the Service, which may include IP address, timestamps, and request metadata.

C. Data stored locally on your device

• Session data and memories are stored locally on your machine in the ~/.ob1/ directory. This data does not leave your device unless transmitted as part of a request to the Service.
• You can delete this directory at any time to remove all locally stored data.

D. Information we do not collect

• When using --incognito mode, we do not store your source code, prompts, or model outputs beyond the life of a request.

2. How we use personal data

We use the personal data we collect for the following purposes:

• To provide, maintain, and improve the Service, including routing requests through our infrastructure to model providers.
• To apply security policies, including rate limiting and abuse prevention, enforced consistently across all requests.
• To process transactions and manage billing, including credit metering at the infrastructure layer.
• To authenticate users and enforce organization-based access controls, including Single Sign-On (SSO) via SAML or OIDC and role-based permissions.
• To communicate with you about the Service, including responding to support requests and sending service-related notices.
• To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
• To comply with legal obligations and enforce our agreements.

3. How we share personal data

We do not sell or share personal data for advertising or cross-contextual behavioral advertising purposes. We may share personal data in the following circumstances:

• Model Providers. All requests from the OB-1 CLI are routed through our infrastructure before reaching model providers. During active requests, relevant code context is sent to model providers for inference. When --incognito mode is enabled, requests are routed exclusively through providers that maintain policies prohibiting the storage or logging of inputs and outputs. Your use of AI models through the Service may be subject to the terms and privacy policies of the following providers:
  • OpenRouter Terms of Service / Privacy Policy
  • Google Terms of Service / Privacy Policy
  • Anthropic Terms of Service / Privacy Policy
  • OpenAI Terms of Use / Privacy Policy
• Service Providers. We use a limited set of third-party infrastructure and service providers to deliver the Service. These parties process data only as necessary to perform services on our behalf. A list of providers is available upon request.
• Authentication Providers. We use WorkOS to provide authentication, including SSO and organization management. Authentication data is shared as necessary to verify identity and manage access.
• Payment Processors. Payment information is shared with our third-party payment processor to facilitate transactions.
• Legal Requirements. We may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations.
• Business Transfers. In connection with a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.

4. Request architecture

All requests from the OB-1 CLI are routed through our infrastructure before reaching model providers. Requests are not sent directly to third-party providers. This architecture is used to:

• Apply security policies — rate limiting, abuse prevention, and data handling rules are enforced consistently across all requests.
• Track usage — billing and credit metering occur at the infrastructure layer.
• Manage keys — API keys are encrypted at rest using AES-256-GCM with unique initialization vectors and authentication tags, and are not exposed in logs or responses.

5. Incognito mode

OB-1 offers an Incognito Mode (--incognito) that provides zero data retention guarantees. When enabled:

• Requests are routed exclusively through model providers that maintain policies prohibiting the storage or logging of inputs and outputs.
• Code context exists in memory only for the duration of a request and is discarded immediately after on our servers.

We select model providers with strong data handling practices, though data handling may vary by provider when Incognito Mode is not enabled.

6. Retention

We retain personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs such as legal compliance, safety, and enforcement of our agreements.

By default, code context (including prompts and model outputs) is retained to support session history and debugging. When using --incognito mode, code context is not retained beyond the duration of a request.

When you delete your account, we will delete or anonymize your personal data within a commercially reasonable timeframe, unless we are required to retain it by law.

7. Security

We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include:

• All stored API keys and credentials are encrypted using AES-256-GCM with unique initialization vectors and authentication tags.
• All data in transit is encrypted via TLS.
• All data is scoped to your organization. Members may only access resources within their organization.
• Role-based permissions allow administrators to control who can manage billing, API keys, integrations, and team membership.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

8. Your rights and choices

Depending on your jurisdiction, you may have certain rights regarding your personal data, including:

• The right to access, correct, or delete your personal data.
• The right to restrict or object to certain processing of your personal data.
• The right to data portability.
• The right to opt out of the sale or sharing of personal data. We do not sell or share personal data for targeted advertising.

To exercise any of these rights, please contact us at team@openblocklabs.com. We will respond to your request within a commercially reasonable timeframe.

9. Privacy policy changes

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where required by applicable law, by providing additional notice (such as via email or through the Service). We encourage you to review this Privacy Policy periodically to stay informed about our practices.

10. Contacting us

If you have questions about this Privacy Policy, our security practices, or would like to discuss enterprise requirements, please contact us at team@openblocklabs.com.