Legal

Privacy Policy

How OpenInstrument collects, uses, protects, and retains information across labs, departments, and institutional accounts.

Last updated: February 21, 2026

OpenInstrument ("we," "us," or "our") operates the OpenInstrument platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your information.

1. Information We Collect

Information you provide directly

  • Account information: your name, email address, and password when you register
  • Lab and instrument data: lab names, instrument names and descriptions, photos, files (SOPs, manuals, calibration records), and scheduling rules you configure
  • Reservation data: booking times, notes, and titles associated with reservations you create
  • Payment information: billing details processed by Stripe; we do not store full card numbers on our servers
  • Communications: any messages you send to us at hello@openinstrument.com

Information collected automatically

  • Usage data: pages visited, features used, actions taken within the Service, and timestamps
  • Log data: IP addresses, browser type and version, and error logs
  • Cookies and local storage: session identifiers, authentication tokens, and preferences such as calendar view state — necessary for the Service to function

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Send transactional emails (booking confirmations, cancellations, invitation notifications, and billing receipts)
  • Process payments and manage subscriptions
  • Respond to support requests and troubleshoot issues
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Information Sharing

We share your information only in the following circumstances:

  • Within your lab or organization: Lab admins can see all reservations and member activity within their lab. Organization admins can see lab-level data within their department.
  • Service providers: We use Stripe for payment processing and a transactional email provider for sending notifications. These providers receive only the data necessary to perform their functions and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, court order, or government request, or to protect the rights and safety of OpenInstrument, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your account and lab data for as long as your account is active. If you delete your account:

  • Your personal information (name, email, password) will be deleted within 30 days
  • Lab data, instruments, reservations, and uploaded files associated with your account will be deleted within 30 days
  • We may retain anonymized, aggregated usage statistics that cannot be linked to you

Payment records may be retained longer as required by financial and tax regulations.

5. Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and access controls. However, no method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to enable two-factor authentication in your account settings.

6. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information via your account settings
  • Delete your account and associated data
  • Export your reservation data in CSV format from your account
  • Opt out of non-essential communications (note: transactional emails related to your reservations cannot be disabled as they are core to the Service)

To exercise any of these rights, contact us at hello@openinstrument.com.

7. University and Institutional Users

If you are using OpenInstrument under a Multi-Lab or University license arranged by your institution, your institution's data processing agreements and privacy policies may also apply. Please contact your institutional IT or data privacy office if you have questions about how your institution handles data.

OpenInstrument does not knowingly collect data in a way that would trigger obligations under FERPA beyond what is inherent in the operation of a scheduling tool used within a university research context. Reservation data is limited to the researcher's name, email, and booking times — no student educational records are processed.

8. Cookies

We use strictly necessary cookies and local storage to operate the Service — for example, to keep you logged in and remember your preferences. We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions or concerns about this Privacy Policy? Contact us at hello@openinstrument.com.

Need clarification on data handling?

If you have institution-specific privacy questions or need more detail about retention and access, get in touch and we’ll respond directly.

Contact us
Privacy Policy — OpenInstrument