OpenPD is a free, reusable, and standardized privacy policy system.

A new approach to privacy.

Most privacy policies are unhelpful. They fail to clearly define the user's rights, they use ambiguous language, and they don't clearly explain the data they collect.

OpenPD (Open Privacy Directive) brings the user's rights out of the fog. OpenPD is a standardized system for classifying user's rights so that they can be clearly understood. It exists on top of an existing privacy policy, or, for smaller projects that don't already have a privacy policy, in lieu of one.

Hypothetical: OpenPD in practice.

For larger projects.

You visit a large image sharing website, and next to their custom privacy policy you see a little badge that says OpenPD (STD) compliant. OpenPD (STD) means your data is never shared with third parties, and only critical information like your email address, password, and information you specifically provide to the site is collected. You don't have to read their entire policy to know your personal data will be respected.

It's impossible to craft a one-size-fits-all privacy policy for larger sites. GDPR, HIPAA, and FIP have detailed guidelines for what needs to be included in a privacy policy—guidelines that a generalized policy simply can't satisfy. That's why OpenPD can be used to classify existing privacy policies. If your current privacy policy is compatible with an OpenPD policy, you can declare your site OpenPD compliant and specify a configuration.

For smaller projects.

You visit a small documentation website for your favorite open-source library. They can't afford to hire a lawyer to write up a custom privacy policy, so they write in the page's footer that their site is OpenPD (AA) compliant (no individual tracking whatsoever), and provide a link to the OpenPD policy.

Some projects—like documentation sites or command line tools—are so small that crafting a custom privacy policy simply isn't practical. Still, it's always important to clearly define the user's privacy rights. These projects—which would otherwise be published without a privacy policy at all—can use OpenPD in lieu of a traditional privacy policy.

OpenPD is a standardized privacy directive that clarifies and protects the user's rights.

Respects the user.

Privacy is important, which is why OpenPD prioritizes the user's rights. Using OpenPD as your project's privacy policy makes it clear that you respect your users' privacy.

Modular and flexible.

One privacy policy can't possibly cover all projects. That's why OpenPD is modular. With one base policy and multiple extensions that you can mix-and-match, you can be sure that OpenPD is the right fit.

Saves time.

Instead of including a privacy policy, many small projects simply operate without one. OpenPD makes it easy for small and medium sized projects to be transparent and responsible about how they use their users' data.

An open standard.

Instead of having to read a different privacy policy for every site, OpenPD standardizes privacy policies into recognizable IDs, like OpenPD:AAu. It complements—and sometimes even replaces—a traditional privacy policy.

Declare OpenPD compliance in your code.

Imagine if your browser could tell you when your personal data is respected.

<meta name="privacy" content="OpenPD">

There will be an OpenPD configuration for you.

For fine-grained control and flexibility, OpenPD policies have two parts: a single base policy and flexible configuration. Learn more at the project overview.

Help wanted

OpenPD is still just a concept. We need help drafting the policies themselves and making sure they are legally sound. Are you a lawyer or expert in privacy law? Please reach out to this nonprofit project.

Overview Community GitHub