Legal
Privacy Policy
Last updated: June 2025
OpenSearch Doctor ("we", "us", "our") operates the OpenSearch Doctor platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service you agree to this policy.
1. Information We Collect
Account information
When you sign up we collect your name, email address, and profile picture (from Google OAuth or direct registration). This is used to authenticate you and personalise your experience.
Billing information
Payment is processed by Stripe. We never store your card number or bank details. We retain only Stripe customer IDs and subscription status needed to manage your plan.
Diagnostic data
The OpenSearch Doctor agent runs on your server and collects diagnostic metrics — health scores, node stats, shard counts, index metadata, and similar operational data. Your OpenSearch credentials and raw data (documents, queries, business data) are never sent to our platform. Only aggregated diagnostic information is transmitted.
Usage data
We automatically collect standard server logs (IP address, browser type, pages visited, timestamps) to operate and improve the Service.
2. How We Use Your Information
- Provide, maintain, and improve the Service
- Process billing and manage your subscription via Stripe
- Send transactional emails (alerts, diagnostic reports, account notices) via Resend
- Respond to support requests
- Monitor uptime and diagnose technical problems
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your diagnostic data for advertising.
3. Data Sharing
We share your information only with the following service providers, and only to the extent necessary to operate the Service:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| Google OAuth | Authentication (optional) |
We may disclose information when required by law or to protect the rights and safety of our users.
4. Data Retention
Diagnostic data and metric snapshots are retained according to your plan (30 days on the Free Trial, 90 days on Pro). Account data is retained while your account is active. After account deletion, personal data is purged within 30 days, except where required by law or for fraud prevention.
5. Security
We implement reasonable technical and organisational measures to protect your data: HTTPS-only transport, encrypted database connections, hashed API keys, and HTTP-only secure cookies. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
6. Cookies
We use only strictly necessary cookies to maintain your authenticated session. We do not use advertising or tracking cookies. Session cookies expire after 30 days of inactivity.
7. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by emailing support@opensearchdoctor.com. You may also delete your account from the settings page, which will initiate purging of your data. If you are located in the European Economic Area you additionally have rights under the GDPR to data portability and to lodge a complaint with your local supervisory authority.
8. Children
The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service. The "Last updated" date at the top of this page will always reflect the current version.
10. Contact
For privacy-related questions or requests: support@opensearchdoctor.com