Raw submission emails and notes are for review/support, not public directory copy.
Privacy policy
What we collect, what we publish, and what stays private.
OpenInvoke needs enough information to review services, draft useful agent-readable listings, run paid packages, and prevent abuse. It does not need invasive tracking.
Short version
Plain English first. Detail only where needed.
Service name, public URL, capability, proof notes, and agent-readable fields may become public after review.
Card details stay with Stripe. OpenInvoke receives payment status and package metadata.
01What OpenInvoke collects
Enough to review a listing, operate the directory, take payment, and keep the site safe. No invasive tracking.
What OpenInvoke collects
Enough to review a listing, operate the directory, take payment, and keep the site safe. No invasive tracking.
- Listing submissions: service name, contact email, service URL, category, package choice, proof/context, agent keywords, and any other details you submit.
- Review and support messages: emails, approvals, corrections, and support requests sent to support@openinvoke.com.
- Technical/security data: request timestamps, source page, user-agent, and hashed IP data used for rate limiting, abuse prevention, and debugging.
- Payment data: Stripe handles card details and checkout. OpenInvoke receives payment status, package, and basic checkout metadata, not full card numbers.
02How we use it
Manual review, service-card drafting, billing, support, abuse prevention, and keeping the directory useful.
How we use it
Manual review, service-card drafting, billing, support, abuse prevention, and keeping the directory useful.
- To review whether a submitted service fits OpenInvoke.
- To draft, correct, approve, publish, update, or remove service-card listings.
- To contact submitters about approvals, corrections, paid package delivery, refunds, or support.
- To operate /api/leads, /api/search, public service-card files, and security/rate-limit systems.
- To meet legal, accounting, fraud-prevention, and platform-integrity obligations.
03What becomes public
Only reviewed listing content. Private contact data stays private unless you explicitly ask us to publish it.
What becomes public
Only reviewed listing content. Private contact data stays private unless you explicitly ask us to publish it.
- Published service cards may include service name, public URL, capability, inputs/outputs, recommendation guidance, proof notes, pricing status, trust status, and next actions.
- Contact email, private submission notes, raw intake data, IP hashes, payment metadata, and support emails are not published as listing content.
- A listing may use public information from your website, documentation, product pages, GitHub, package registries, or other public sources when drafting a service card.
04Storage and security
Submission fields are stored privately and encrypted at rest. Public files are deliberately public.
Storage and security
Submission fields are stored privately and encrypted at rest. Public files are deliberately public.
- Customer-submitted lead fields are stored in private OpenInvoke lead storage and encrypted at rest.
- Only operational fields such as lead id, timestamp, and hashed IP are kept in clear form for abuse prevention and debugging.
- Public listing files such as /services.json, /agents.json, and /api/search contain reviewed public service-card content, not raw private submissions.
- No system is magic. If something looks wrong, email support@openinvoke.com and we will investigate.
05Retention and removal
We keep what is needed to run the directory and paid services, then remove or update it when appropriate.
Retention and removal
We keep what is needed to run the directory and paid services, then remove or update it when appropriate.
- Published listing content remains public while the listing is active, unless removed or updated.
- Unpublished submissions, review notes, and outreach records may be kept while there is a reasonable operational, support, anti-abuse, accounting, or legal need.
- Payment and invoice records may be kept for statutory accounting and fraud-prevention purposes.
- You can request correction, export, restriction, or deletion of personal data by emailing support@openinvoke.com. Some records may need to be retained where law, accounting, disputes, or fraud prevention require it.
06Processors and third parties
Stripe handles payments. Hosting/email infrastructure keeps the lights on. We do not sell personal data.
Processors and third parties
Stripe handles payments. Hosting/email infrastructure keeps the lights on. We do not sell personal data.
- Stripe processes payments and checkout data under its own privacy terms.
- Hosting, email, security, and infrastructure providers may process data only as needed to operate the service.
- OpenInvoke does not sell personal data and does not use tracking pixels in first-touch outreach by default.
- If analytics or marketing cookies are added later, this policy and the cookie policy should be updated before they go live.