legal
privacy policy
effective 2026-05-13
open sign is operated by Alex Kammerer, a sole proprietor based in Little Rock, Arkansas, doing business as open sign. this policy explains what we collect from you, what we do with it, and what we don't.
plain-english summary
- we collect only what we need to do the work you've hired us to do.
- we don't sell your data. ever. to anyone. for any purpose.
- we don't share SMS opt-in data or phone numbers with third parties for their marketing.
- you can ask us to delete your data at any time. email [email protected].
what we collect
information you give us
during onboarding and ongoing service we collect: your name, business name, phone number, email, mailing address, the photos and copy you send us for posts, your social media account credentials (where you grant access), and the operational details you share so we can manage your digital presence accurately.
SMS messages
once you're an active client and have consented to SMS communication as part of your service agreement, we exchange text messages with you through a Twilio phone number. those messages, their timestamps, and the photos you attach are stored as part of your client record so we can act on them and answer questions about them later.
website analytics
this website logs the basics: which pages were visited, the referring source, approximate region (country and state from IP, not precise location), and the browser type. we use Cloudflare's built-in analytics. we don't run third-party advertising trackers.
how we use it
- to do the work you've hired us to do (post on your behalf, update your business profiles, respond to your questions).
- to communicate with you about your account, your posts, and your service.
- to keep records that let us answer "what did we post for me on March 14" three months from now.
- to comply with the law when we're legally required to.
about your SMS opt-in specifically:
no mobile information will be shared with third parties or affiliates for marketing or promotional purposes. information sharing to subcontractors for the purpose of supporting our services to you (for example, our SMS carrier Twilio handling message delivery) is permitted. all other categories of personal information exclude text messaging originator opt-in data and consent. this information will not be shared with any third parties.
who we share data with
we use a small number of subcontractors and vendors who help us run the service. they only see what they need to see to do their job, and they're contractually required to handle your data with care.
- Twilio (SMS delivery): processes the SMS messages we send and receive on your behalf. Twilio's privacy policy: twilio.com/legal/privacy.
- Cloudflare (hosting, DNS, basic analytics): serves this website and stores rendered post images. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
- Meta and Google (where you authorize): when you grant us access to your Facebook, Instagram, or Google Business Profile, we operate on those platforms on your behalf. their privacy policies govern data on their side.
- Anthropic and OpenAI (AI model providers): we use language models to draft post copy and parse incoming messages. the content of those messages may pass through these providers' APIs. we do not allow them to train on your data; both providers' API terms exclude API content from training by default.
we do not sell your data to anyone. we do not share your information with third parties for their marketing.
how long we keep your data
we keep your client record (messages, photos, posts, metadata) for as long as you're an active client and for two years after you stop service, so we can answer historical questions and produce receipts. after that we delete it. if you want it deleted sooner, email us.
your rights
- see what we have about you. email us and we'll send you a copy.
- correct what's wrong. email us and we'll fix it.
- delete your data. see data deletion instructions for the full process, or email us directly.
- opt out of SMS at any time by replying STOP to any message from us.
data deletion
you can request deletion of your data at any time. there are three paths:
- email request: email [email protected] and we will complete deletion within 30 days.
- disconnect from Facebook: removing open sign from your Facebook Business Integrations triggers an automatic deletion request to us. we delete within 30 days and confirm via the status URL Facebook shows you.
- disconnect from Instagram: same process as Facebook, since Instagram Business accounts are managed through the connected Page.
full step-by-step instructions are at opensign.work/data-deletion-instructions. some records (billing, tax) we are legally required to retain for up to 7 years.
children
open sign is a business-to-business service. it's not intended for anyone under 18. we don't knowingly collect data from minors.
changes to this policy
if we materially change this policy we'll update the "effective" date at the top and notify active clients by email. minor edits (typos, clearer wording) we'll just make.
contact
questions about this policy or about your data, email [email protected]. we read everything.