Openfieldguide
Privacy & data practices

Privacy Policy

Openfieldguide values your privacy. This Privacy Policy explains what data we collect, how we use it, how we protect it, and the options available to you. It applies to personal data collected through our website and during our client engagements. If you have specific privacy questions, please contact us using the details at the end of this policy.

Secure data concept with lock and network

1. Information we collect

We collect information you provide directly when you contact us, request an assessment, or engage our services. This may include your name, business email address, telephone number, job title, company name, and information about your business operations relevant to a diagnostic (for example spend exports, supplier lists, headcount by function). We may also collect information when you interact with our website, such as form entries and uploaded files you transmit during the engagement process. For marketing and analytics purposes we collect usage data automatically through cookies and similar technologies; see the Cookies section for more detail. We limit collection to data necessary for the service or functionality requested and will request additional permissions if we need more sensitive information. Where we process personal data under a client engagement, we act in accordance with applicable agreements and with client instructions regarding processing scope and retention.

2. How we use information

We use personal data to respond to inquiries, schedule and execute assessments, deliver consulting services, and communicate about engagement progress and outcomes. Data collected for diagnostics and programs is used to analyze spend, surface opportunities, and build prioritized roadmaps or pilot designs. We may also use contact information to send administrative messages, service updates, or marketing material where you have provided consent or have an existing business relationship. When processing data on behalf of a client we follow contractual instructions from that client and treat data in accordance with applicable confidentiality obligations. We do not sell personal data. Any use beyond the purpose stated at collection will be disclosed and, where required by law, will be subject to consent or legal basis appropriate for the jurisdiction.

3. Cookies and tracking technologies

We use cookies and similar technologies to operate our site, improve user experience, and measure site performance. Cookies may be necessary for basic site functionality (for example session cookies) or used for analytics to understand usage patterns and improve content. Our cookie consent banner gives visitors the choice to accept or decline non-essential cookies. You may control or withdraw consent through your browser settings or by updating preferences in the cookie banner. Third-party analytics services used on our site operate under their own privacy policies; these services help us aggregate non-identifying metrics such as page views and device types. For visitors who decline tracking, we honor that choice and limit non-essential data collection accordingly.

4. Data security and retention

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process. Controls include access restrictions, encrypted transmissions, logical separation of client data where relevant, and documented personnel practices that limit access to authorized individuals. While we strive to protect data, no online system can be guaranteed completely secure; if a security incident occurs we will follow applicable notification obligations. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to satisfy legal obligations, or as directed by a client when processing on a client’s behalf. Retention periods vary by data type and context; for example, contact details for marketing may be kept until consent is withdrawn, whereas engagement data is retained in line with contractual obligations and agreed handover procedures. If you request deletion of personal data, we will respond in accordance with applicable law and contractual commitments to clients, while preserving necessary records for compliance or dispute resolution where required.

5. Third-party services and subprocessors

We use trusted third-party providers to support business operations, such as cloud hosting, analytics, email delivery, and customer relationship management. These subprocessors process data on our behalf under written agreements that require appropriate safeguards and limit use to contracted purposes. Where we engage subprocessors to process client data, we provide notice to the client and comply with contractual requirements regarding subprocessors. We do not permit subprocessors to use data for their own purposes. Links to third-party sites from our website do not imply endorsement and those sites have separate privacy notices. When you provide data to a third party via our integrations, the third party’s policies will govern that processing and you should review them separately.

6. Your rights and choices

Depending on your jurisdiction, you may have rights such as access to the personal data we hold about you, correction of inaccurate data, deletion in certain circumstances, objection to processing for direct marketing, and portability of data you provided. To exercise these rights, contact us using the details below. We will verify requests as required by law before taking action and respond within applicable timeframes. You may also control marketing preferences by following unsubscribe instructions in our emails or by contacting us. For cookie preferences, you can update choices via the cookie consent banner or through browser settings. If you are a client and have specific contractual or regulatory requirements for data handling, we will follow the terms of our agreement and applicable laws when addressing rights and requests.

7. International data transfers

Openfieldguide operates primarily from the United States. When personal data is transferred across borders it may be subject to different data protection frameworks. We take appropriate measures such as contractual safeguards or other legal mechanisms to ensure an adequate level of protection consistent with applicable law. If you are located in a region with specific transfer restrictions, contact us to discuss arrangements and lawful transfer mechanisms that we have in place for client data processing.

8. Changes to this policy

We may update this Privacy Policy from time to time to reflect operational or legal changes. Material changes that affect how we use personal data will be posted on this page with an updated effective date. For significant changes we will make reasonable efforts to notify existing contacts and clients directly where feasible. Continued use of our services or website following a change constitutes acceptance of the updated policy where permitted by law.

9. Contact us

For privacy inquiries, to exercise your rights, or to request additional detail about our practices, contact:

Openfieldguide
123 Market St, Suite 400
San Francisco, CA 94103
United States
📞 +1 (415) 555-0198
✉️ [email protected]

If you are a client and have an existing data processing agreement, please follow the notice procedures in that agreement for any data subject requests or security concerns.