OpenInstrument ("we," "us," or "our") operates the OpenInstrument platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.
1. Information We Collect
Information you provide directly
- Account information: your name, email address, and password when you register
- Lab and instrument data: lab names, instrument names and descriptions, photos, files (SOPs, manuals, calibration records), and scheduling rules you configure
- Reservation data: booking times, notes, and titles associated with reservations you create
- Payment information: billing details processed by Stripe; we do not store full card numbers on our servers
- Communications: any messages you send to us at hello@openinstrument.com
Information collected automatically
- Usage data: pages visited, features used, actions taken within the Service, and timestamps
- Log data: IP addresses, browser type and version, and error logs
- Cookies and local storage: session identifiers, authentication tokens, and preferences such as calendar view state — necessary for the Service to function
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Send transactional emails (booking confirmations, cancellations, invitation notifications, and billing receipts)
- Process payments and manage subscriptions
- Respond to support requests and troubleshoot issues
- Detect and prevent fraud or abuse
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data for advertising purposes.
3. Information Sharing
We share your information only in the following circumstances:
- Within your lab or organization: Lab admins can see all reservations and member activity within their lab. Organization admins can see lab-level data within their department.
- Service providers: We use Stripe for payment processing and a transactional email provider for sending notifications. These providers receive only the data necessary to perform their functions and are bound by confidentiality obligations.
- Legal requirements: We may disclose information if required by law, court order, or government request, or to protect the rights and safety of OpenInstrument, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
4. Data Retention
We retain your account and lab data for as long as your account is active. If you delete your account:
- Your personal information (name, email, password) will be deleted within 30 days
- Lab data, instruments, reservations, and uploaded files associated with your account will be deleted within 30 days
- We may retain anonymized, aggregated usage statistics that cannot be linked to you
Payment records may be retained longer as required by financial and tax regulations.
5. Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and access controls. However, no method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to enable two-factor authentication in your account settings.
6. Your Rights and Choices
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information via your account settings
- Delete your account and associated data
- Export your reservation data in CSV format from your account
- Opt out of non-essential communications (note: transactional emails related to your reservations cannot be disabled as they are core to the Service)
To exercise any of these rights, contact us at hello@openinstrument.com.
7. University and Institutional Users
If you are using OpenInstrument under a Department or University license arranged by your institution, your institution's data processing agreements and privacy policies may also apply. Please contact your institutional IT or data privacy office if you have questions about how your institution handles data.
OpenInstrument does not knowingly collect data in a way that would trigger obligations under FERPA beyond what is inherent in the operation of a scheduling tool used within a university research context. Reservation data is limited to the researcher's name, email, and booking times — no student educational records are processed.
8. Cookies
We use strictly necessary cookies and local storage to operate the Service — for example, to keep you logged in and remember your preferences. We do not use advertising cookies or third-party tracking cookies.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Questions or concerns about this Privacy Policy? Contact us at hello@openinstrument.com.