Compliance

OpenSense is operated from the EU for EU customers. The compliance story is short, narrow and verifiable. We do not promise more than we operate.

GDPR

OpenSense is a data processor for sensor measurements. Most measurements (temperatures, humidity, CO₂) are not personal data, so GDPR has limited reach on the measurement stream itself. The personal data we actually hold is:

• The account holder's email address (the magic-link login).
• The billing details (Stripe — they are the processor for that).
• The recipient list for alerts and reports (free-text emails and Telegram chat ids).
• Optional operator notes typed on alarm acknowledgements.

We are a data controller for the first item (your relationship with us is direct) and a processor for the rest (you ask us to email your staff; you are the controller of your staff's emails).

Customer rights

• Access: dashboard Account → Export everything produces a ZIP of all your data, including raw measurements, alerts, reports and notes. Issued within 5 minutes.
• Rectification: edit the account; corrections appear in the audit trail.
• Deletion: dashboard Account → Delete is one-click. The data is irreversibly purged within 30 days; backups are aged out within 60 days.
• Portability: the export ZIP is CSV + JSON, openable by anyone.
• Object to processing: contact us; we close the account.

We do not sell, share or otherwise process personal data for marketing. There is no advertising network, no analytics fingerprinting; we use a self-hosted Plausible instance for aggregate site traffic (no cookies).

Data residency

All customer data lives in eu-central (Hetzner Falkenstein, Germany). We do not replicate to non-EU regions. We do not back up to non-EU regions. We do not have a US team member with administrative access.

Hetzner Online GmbH is a German entity subject to EU law. The underlying physical infrastructure is in Germany.

DPA

Our Data Processing Agreement is at https://opensense.murzin.digital/legal/dpa. It follows the EDPB 2021 SCCs (Standard Contractual Clauses) template, scoped to the service we provide. The salient points:

• Processor: Murzin Digital s.r.o. (EU-registered company, Slovakia).
• Sub-processors are listed below and notified before changes.
• 72-hour breach notification.
• Audit right: customer or their auditor may audit us once per year on reasonable notice; default audit period is one business day on-site or asynchronous via document request.

You do not need to sign the DPA separately — clicking "I accept" on the signup flow constitutes acceptance under EU law. We can sign a hard-copy DPA on request for larger customers.

Sub-processors

These are the third parties that touch customer data:

Adding a sub-processor: we email all customers at least 30 days before. Customer can object; objection is grounds for cancellation with refund of the remaining period.

Cookies

• Session cookie after magic-link login, httpOnly, Secure, SameSite=Lax, expires after 30 days of inactivity.
• Locale cookie (os_locale) to remember language choice. Optional.
• No third-party cookies. No advertising cookies. No fingerprinting.

We do not have a cookie banner because we do not set non-essential cookies. (EU law requires consent for non-essential cookies; the two cookies above are functional.)

Audit log access

Customers can self-export the per-account audit log at any time (dashboard Account → Audit log → Export). Includes login events, device configuration changes, rule edits, report downloads, and support-team access (we annotate when we look into your account, see below).

Support-team access

Engineers can read your account's data only to resolve a support ticket you opened, only after you accept a support access modal. The access is time-limited (24 h) and audit-logged. We do not have a "view as customer" button that bypasses this.

Sources

• GDPR — text on EUR-Lex
• EDPB Guidelines on the use of Standard Contractual Clauses (2021)
• Hetzner GmbH — data privacy