OpenRole

Legal

Privacy Policy

Last updated: 9 February 2026

1. Who we are

OpenRole (“we”, “us”, “our”) operates the website openrole.co.uk and provides employer brand audit and optimisation services. We are the data controller for the personal data described in this policy.

Contact: privacy@openrole.co.uk

2. Data we collect

2.1 When you run an audit

  • Company name and website URL
  • Work email address
  • IP address (for rate limiting only, not stored long-term)
  • Publicly available employer data scraped from your website and job listings

2.2 When you install the pixel

  • API key identifier (hashed — we never store the full key)
  • Domain where the pixel is installed
  • Pixel load events (timestamp, page URL — no visitor data)

The pixel does not collect any visitor data. It does not set cookies, track users, or collect personally identifiable information from your website visitors.

2.3 When you visit our website

  • Basic server logs (IP address, user agent, pages visited) — retained for 30 days
  • No third-party analytics, no advertising trackers, no cookies for marketing

3. How we use your data

  • To generate and deliver your employer brand audit report
  • To provide the OpenRole pixel service and AI visibility metrics
  • To communicate with you about your account and audit results
  • To detect and prevent abuse, fraud, and security incidents
  • To improve our scoring methodology and service quality (aggregated, anonymised data only)

We do not sell your data. We do not share it with third parties for marketing purposes. We do not use it to build advertising profiles.

4. Legal basis for processing

  • Contract performance: Processing your audit request and delivering results
  • Legitimate interest: Security monitoring, fraud prevention, service improvement
  • Consent: Marketing communications (opt-in only, easy unsubscribe)

5. Data retention

  • Audit results: 12 months from date of audit
  • Account data: Until you request deletion
  • Pixel analytics: 90-day rolling window
  • API & security logs: 30 days
  • Rate limiting data: Session only (not persisted)

6. Where your data is stored

All data is stored in the European Union (London region) on Supabase infrastructure. Our application is served globally via Vercel's edge network, but data at rest remains within the EU.

Both Supabase and Vercel maintain SOC 2 Type II certification and GDPR compliance. See our Security page for details.

7. Your rights

Under GDPR and the UK DPA 2018, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, email privacy@openrole.co.uk. We respond within 30 days. Deletion requests are processed within 48 hours.

8. Sub-processors

We use the following sub-processors:

  • Supabase Inc. — database hosting and authentication (EU region)
  • Vercel Inc. — application hosting and edge delivery

We will notify existing customers at least 30 days before adding new sub-processors. A Data Processing Agreement (DPA) is available on request.

9. Cookies

OpenRole uses only strictly necessary cookies for session management. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie banner is required because we do not use optional cookies.

10. Children's data

OpenRole is a business-to-business service. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data to us, contact privacy@openrole.co.uk and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The “last updated” date at the top of this page will always reflect the current version.

12. Contact & complaints

For any privacy-related questions or concerns, contact us at privacy@openrole.co.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.