OpenPD is a free, reusable, and standardized privacy policy system.

A new approach to privacy.

Most privacy policies are unhelpful. They fail to clearly define the user's rights, they use ambiguous language, and they don't clearly explain the data they collect.

OpenPD (Open Privacy Directive) brings the user's rights out of the fog. OpenPD is a standardized system for classifying user's rights so that they can be clearly understood. It exists on top of an existing privacy policy, or, for smaller projects that don't already have a privacy policy, in lieu of one.

Hypothetical: OpenPD in practice.

For larger projects.

You visit a large image sharing website, and next to their custom privacy policy you see a little badge that says OPD:I compliant. OPD:I means your data is never shared with third parties. You don't have to read their entire policy to know your personal data will be respected.

It's impossible to craft a one-size-fits-all privacy policy for larger sites. GDPR, HIPAA, and FIP have detailed guidelines for what needs to be included in a privacy policy—guidelines that a generalized policy simply can't satisfy. That's why OpenPD can be used to classify existing privacy policies. If your current privacy policy is compatible with an OpenPD policy, you can declare your site OPD:N, OPD:I, or OPD:C compliant.

For smaller projects.

You visit a small documentation website for your favorite open-source library. They can't afford to hire a lawyer to write up a custom privacy policy, so they write in the page's footer that their site is OPD:N compliant (no individual tracking whatsoever), and provide a link to the OPD:N policy.

Some projects—like documentation sites or command line tools—are so small that crafting a custom privacy policy simply isn't practical. Still, it's always important to clearly define the user's privacy rights. These projects—which would otherwise be published without a privacy policy at all—can use OpenPD in lieu of a traditional privacy policy.

OpenPD is a standardized privacy directive that clarifies and protects the user's rights.

Respects the user.

Privacy is important, which is why OpenPD prioritizes the user's rights. Using OpenPD as your project's privacy policy makes it clear that you respect your users' privacy.

Modular and flexible.

One privacy policy can't possibly cover all projects. That's why OpenPD is modular. With one base policy and multiple extensions that you can mix-and-match, you can be sure that OpenPD is the right fit.

Saves time.

Instead of including a privacy policy, many small projects simply operate without one. OpenPD makes it easy for small and medium sized projects to be transparent and responsible about how they use their users' data.

An open standard.

Instead of having to read a different privacy policy for every site, OpenPD standardizes privacy policies into recognizable IDs, like OPD:I (CO, PT, AL). It complements—but doesn't replace—a traditional privacy policy.

Declare OpenPD compliance in your code.

Imagine if your browser could tell you when your personal data is respected.

<meta name="privacy" content="OPD:N">

Which OpenPD policy fits your project?

For fine-grained control and flexibility, OpenPD policies have two parts: a single base policy and collection of clauses.

Which base policy fits your project?

The base policy gives the 'big picture' about the data you collect about your users, how it's used, and how it's shared.

Nothing — OPD:N

A simple and absolute base policy that respects the user's privacy.

Perfect for static websites, command line tools, and other simple software.

  • No data is collected about individual users.
  • Data is only collected in aggregate (for example, total pageviews or downloads).


No privacy policy necessary.

Internal — OPD:I

A base policy that keeps all user data internal and out of the hands of third parties.

Perfect for all projects where the users' personal data isn't the product.

  • Users can expect their data to be collected.
  • Users' data isn't shared with any third parties.


Privacy policy recommended.

Consent — OPD:C

A flexible base policy that keeps the user in control while still allowing data sharing.

Perfect for all other projects.

  • Users can expect their data to be collected.
  • A user's data isn't shared with any third parties without the user's consent.


Privacy policy required.

Which clauses apply to your project?

Clauses allow you to be more specific about how you use, collect, process, and share your users' data. You can include any combination of clauses in your site's OpenPD policy.


The project uses cookies to store information on the user's computer to retain data between sessions.

 Include this clause
OPD:* (CO, ...)

Privacy Policy

The project publishes a privacy policy that details what data is collected and what policies are in place to protect it. Recommended for medium and large sized projects.

 Include this clause
OPD:* (PP, ...)


The project uses dependencies and extensions—like Disqus—which may have their own privacy policies that still apply.

 Include this clause
OPD:* (PT, ...)

Do Not Track

The project recognizes and respects 'Do Not Track' signals from the user's browser. Only applicable for websites.

 Include this clause
OPD:* (DNT, ...)


The project uses analytics software to track how it's used. The data collected may be either in aggregate or user-specific.

 Include this clause
OPD:* (AL, ...)

Under 13

The project takes special measures to protect users under the age of 13 by collecting less data. This clause is redundant with the OPD:N base.

 Include this clause
OPD:* (U13, ...)


The project anonymizes user data in compliance the de-identification standard set forth in the EU General Data Protection Regulation.

 Include this clause
OPD:* (AN, ...)


The project is compliant with FTC's FIP, CalOPPA, and EU GDPR. Compliance guidelines: FIP, CalOPPA, GDPR.

 Include this clause
OPD:* (LAW, ...)

Use OpenPD yourself.

Here's your OpenPD best-fit policy, based on your selections above.

Under Construction

Help wanted

OpenPD is still just a concept. We need help drafting the policies themselves and making sure they are legally sound. Are you a lawyer or expert in privacy law? Please reach out to this nonprofit project.

Contact GitHub