Privacy Policy
This Privacy Policy explains how Opensolr SRL collects, uses, stores, and protects your personal information when you use our platform and services. We are committed to safeguarding your privacy and processing your data in accordance with applicable law.
1 Data Controller
The data controller responsible for your personal data is:
For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Opensolr SRL acts as the data controller for your Account information and as a data processor for Content you store within the Service.
2 Information We Collect
2.1 β Information You Provide
| Data Category | Examples | When Collected |
|---|---|---|
| Account data | Name, email address, password | Registration |
| Billing data | Billing name, address, VAT number | Subscription or upgrade |
| Support data | Messages, attachments, configuration details | Support requests |
| Content | Data you index, schemas, configuration files | Use of the Service |
Payment card details are collected and processed exclusively by Stripe, our authorised payment processor. Opensolr does not store, process, or have access to your full card numbers.
2.2 β Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Server logs | IP address, request URL, timestamp, HTTP status, user agent, referrer | Security, debugging, analytics |
| Usage data | Pages visited, features used, API calls made | Service improvement |
| Cookies | Session cookies, preference cookies | Authentication, personalisation |
3 Legal Basis for Processing
We process your personal data under the following legal bases as defined by the GDPR:
| Legal Basis | Applies To |
|---|---|
| Performance of a contract (Art. 6(1)(b)) | Processing necessary to provide the Service, manage your Account, and fulfil your subscription. |
| Legitimate interest (Art. 6(1)(f)) | Security monitoring, fraud prevention, service improvement, and analytics. Our legitimate interests do not override your fundamental rights. |
| Legal obligation (Art. 6(1)(c)) | Tax and accounting requirements, responding to lawful requests from authorities. |
| Consent (Art. 6(1)(a)) | Marketing communications and optional analytics cookies. You may withdraw consent at any time. |
4 How We Use Your Information
We use the information we collect to:
- Provide and operate the Service β create and manage your Account, provision Solr indexes, process transactions, and deliver the features you use.
- Communicate with you β send transactional emails (account confirmations, billing receipts, service alerts), respond to support requests, and provide technical guidance.
- Improve the Service β analyse usage patterns, identify and fix issues, develop new features, and optimise performance.
- Ensure security β detect and prevent fraud, abuse, and unauthorised access; monitor for suspicious activity; and maintain the integrity of our infrastructure.
- Comply with legal obligations β meet tax, accounting, and regulatory requirements.
- Send marketing communications β occasional product updates, feature announcements, and service-related information (only with your consent; you may unsubscribe at any time).
5 Data Sharing and Third Parties
We do not sell, trade, or rent your personal information to third parties.
We may share your data with the following categories of recipients, only to the extent necessary:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Stripe | Payment processing | Stripe Privacy Policy; PCI DSS compliant |
| Infrastructure providers (AWS, Hetzner AG, etc.) | Hosting and operating the Service | Data processing agreements; adequate safeguards per GDPR requirements |
| Law enforcement or regulators | When required by law, court order, or to protect rights and safety | Only in response to valid legal requests |
All third-party service providers are contractually obligated to protect your data and may only process it for the purposes specified by Opensolr.
6 Cookies
Cookies are small text files stored on your device by your web browser. We use cookies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security. Required for the Service to function. | Session / up to 30 days |
| Preference | Remembering your settings and preferences (e.g., language, display options). | Up to 1 year |
| Analytics | Understanding how visitors use the site to improve the Service. Aggregated and anonymised where possible. | Up to 1 year |
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service. We do not use third-party advertising or tracking cookies.
7 Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your Account, plus up to 30 days after deletion to allow for recovery requests. |
| Billing and transaction records | As required by Romanian tax and accounting law (typically 10 years). |
| Support correspondence | For the duration of your Account, or as needed to resolve ongoing issues. |
| Server logs | Up to 90 days, unless longer retention is needed for security investigation. |
| Content (indexed data) | Deleted promptly upon Account cancellation or termination, in accordance with our Terms and Conditions. |
When data is no longer needed, it is securely deleted or anonymised.
8 Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit β all communication between you and the Service is encrypted using TLS (Transport Layer Security).
- Encryption at rest β sensitive data is encrypted on our servers.
- Access controls β access to personal data is restricted to authorised personnel on a need-to-know basis.
- Infrastructure security β our servers are protected by firewalls, intrusion detection, and continuous monitoring.
- Payment security β payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. No card data touches our servers.
For a detailed overview of our security practices, see our Security documentation.
While we take every reasonable precaution, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any breach in accordance with applicable law.
9 International Data Transfers
Opensolr operates infrastructure in multiple regions worldwide. When you choose a hosting region for your Opensolr Index, your Content is stored in that region.
Opensolr SRL is registered in Romania (EU). Our primary website, control panel, and Account database infrastructure are hosted in the United States (US-East). Customer Solr indexes are hosted in the region selected by the customer at the time of index creation.
Because your Account data is processed on servers located outside the EU/EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR, including:
- Transfers to countries recognised by the European Commission as providing an adequate level of data protection;
- Standard Contractual Clauses (SCCs) approved by the European Commission; or
- Other legally recognised transfer mechanisms under the GDPR.
10 Your Rights
Under the GDPR and applicable data protection law, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. |
| Restriction | Request that we restrict the processing of your personal data in certain circumstances. |
| Data portability | Receive your personal data in a structured, commonly used, machine-readable format. |
| Objection | Object to processing based on legitimate interest or for direct marketing purposes. |
| Withdraw consent | Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, contact us at support@opensolr.com. We will respond within thirty (30) days of receiving your request, as required by the GDPR.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or with the supervisory authority in your country of residence.
11 Children's Privacy
The Service is not directed to individuals under sixteen (16) years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@opensolr.com.
12 Third-Party Links
The Service may contain links to third-party websites or services. These third parties have their own privacy policies, which we encourage you to review. Opensolr is not responsible for the privacy practices or content of external sites.
13 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Opensolr is under no obligation to send emails or otherwise individually notify users about changes to this Privacy Policy. All changes to the Service, including changes to this Privacy Policy, are published in the Opensolr Changelog and the Opensolr RSS Feed. You are encouraged to subscribe to these resources and review them regularly.
The most current version of this policy is always available at opensolr.com/privacy-policy.
14 Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Please also review our Terms and Conditions, which govern your use of the Service.
This policy was last modified on March 2, 2026.