OpenGander

Privacy Policy

Last updated: January 20, 2026

Introduction

OpenGander is a marketing analytics service operated by Baldwin MN LLC, a Minnesota limited liability company ("Baldwin MN LLC," "we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect information when you use our services.

This policy applies to two categories of individuals: (1) customers who use our dashboard and services ("Customers"), and (2) end users who visit websites that have installed our SDK ("End Users").

1. Information We Collect from Customers

When you create an OpenGander account, we collect:

  • Account information — Email address for authentication and communications
  • Usage data — Dashboard interactions, features used, and queries executed
  • Settings — Your account preferences and configuration

2. Information Collected by Our SDK

When Customers install our JavaScript SDK on their websites, the SDK collects the following information from End Users. This data is owned by the Customer, not by Baldwin MN LLC.

2.1 User Identification

  • Anonymous identifier — A randomly generated string stored in the browser's localStorage (not a cookie)
  • Session information — Visit count, session duration, and entry page

2.2 Page and Navigation Data

  • Page views — URL, page title, and referrer
  • Performance metrics — Navigation timing, Core Web Vitals (LCP, FID, CLS, TTFB, INP)

2.3 Device Information

  • Browser — User agent, browser name and version
  • Display — Viewport dimensions
  • Platform — Operating system

2.4 Traffic Attribution

  • Campaign parameters — UTM source, medium, campaign, term, and content
  • Referrer — The domain that referred the visitor
  • Channel — Traffic classification (organic, paid, social, direct, etc.)

2.5 User Interactions

  • Click events — Element tag, ID, class, and sanitized text
  • Form submissions — Form ID and action URL (not form contents)

2.6 Error Data

  • JavaScript errors — Error type, message, and stack trace

3. Information We Do Not Collect

Our SDK does not collect:

  • Names, email addresses, or other personally identifiable information of End Users
  • Cookies — We use localStorage exclusively
  • Cross-site tracking data — Each website's data is isolated
  • Payment or financial information
  • Precise geolocation (GPS or IP-based location)
  • Form field contents — Only submission events, not user input
  • Passwords or authentication credentials

4. How We Use Information

4.1 Customer Information

  • Authenticate and manage your account
  • Communicate about service updates and security matters
  • Improve our products and services

4.2 SDK-Collected Information

  • Display analytics in the Customer's dashboard
  • Generate reports and provide insights
  • Enable SQL queries against Customer data

We do not use End User data for our own analytics, advertising, or any purpose other than providing services to our Customers.

5. Information Sharing

We do not sell personal information. We share information only as follows:

  • With your organization — Other users in your Customer account
  • Service providers — Infrastructure and service providers operating under data processing agreements
  • Legal requirements — When required by law or valid legal process
  • Business transfers — In connection with a merger, acquisition, or sale of assets

6. Data Retention

  • Analytics data — Retained for 30 days by default; Customers may configure retention periods
  • Account data — Retained while your account is active
  • Post-deletion — Data deleted within 30 days of account closure

7. Data Security

We implement reasonable technical and organizational measures to protect information:

  • Authentication — Short-lived JWT tokens with origin and IP binding
  • Data filtering — Automatic removal of emails, phone numbers, and sensitive patterns
  • Tenant isolation — Customer data is logically separated
  • Encryption — Data encrypted in transit (TLS) and at rest
  • Access controls — Rate limiting and abuse protection

8. Your Rights

8.1 For Customers

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of your personal information
  • Correction — Request correction of inaccurate information
  • Deletion — Request deletion of your account and data
  • Portability — Receive your data in a portable format
  • Objection — Object to certain processing activities

8.2 For End Users

If you visited a website using OpenGander and wish to exercise privacy rights regarding that data, please contact the website operator directly. The website operator is the data controller for information collected through their site.

8.3 Data Controller and Processor Roles

  • End User data — The Customer is the data controller; Baldwin MN LLC acts as a data processor.
  • Customer account data — Baldwin MN LLC is the data controller.

9. International Data Transfers

Our servers are located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. We use appropriate safeguards for international transfers as required by applicable law.

10. Children's Privacy

OpenGander is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice via email or through our dashboard at least 30 days before the changes take effect.

12. Contact Information

For privacy inquiries or to exercise your rights:

Baldwin MN LLC
Email: [email protected]

For general inquiries: [email protected]