Privacy Q&A
What's most important?
OpenUPM is a service that encourages the use and development of open-source unity contents. We try to minimize the information we collect while providing value for you. If you feel uncomfortable about the privacy policy, please mail to hello@openupm.com to start a conversation.
How does OpenUPM collect data about me?
OpenUPM collects data about you:
- when
openupm
,npm
, or another program accesses the OpenUPM public registry - when you browse the OpenUPM website, openupm.com
- when you send support, privacy, legal, and other requests to the OpenUPM server
What data does OpenUPM collect about me, and why?
OpenUPM collects data about how you use OpenUPM software and registries.
When you use the openupm
command, the npm
command, or other software to work with the OpenUPM public registry, OpenUPM logs data that might be identified to you:
- a random, unique identifier for necessary registry actions
- the names and versions of your project's dependencies, their dependencies, and so on, that come from the OpenUPM public registry
- the versions of Node.js, the
openupm
command, and the operating system you are using - data about the software you're using to access the registry, such as the
User-Agent
string - network request data, such as the date and time, your IP address, and the URL
OpenUPM uses this data to:
- fulfill your requests, such as by sending the packages you ask for
- keep registries working quickly and reliably
- debug and develop the
openupm
command and other software - defend registries from abuse and technical attacks
- compile statistics on package usage and popularity
- prepare reports on trends in the developer community
- improve search results on the website
- recommend packages that may be relevant to your work
OpenUPM usually deletes registry log entries with identifiable information within a few weeks but may preserve logs longer, as needed in specific cases, like investigations of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.
OpenUPM collects data about how you use the website.
When you visit openupm.com and other OpenUPM websites, OpenUPM uses cookies, server logs, and other methods to collect data about what pages you visit, and when. OpenUPM also collects technical information about the software and computer you use, such as:
- your IP address
- your preferred language
- the web browser software you use
- the kind of computer you use
- the website that referred you
- how you use our website
OpenUPM uses data about how you use the website to:
- optimize the website so that it's quick and easy to use
- diagnose and debug technical errors
- defend the website from abuse and technical attacks
- compile statistics on package popularity
- compile statistics on the kinds of software and computers visitors use
- compile statistics on visitor searches and needs, to guide the development of new website pages and functionality
- decide who to contact about product announcements, service changes, and new features
- improve our products and advertising
OpenUPM usually deletes website log entries with identifiable information within a few weeks but keeps entries for visitors with OpenUPM accounts, and visitors using paid services like Enterprise registries, longer. OpenUPM reviews log entries for those users twice a year and deletes entries when they're no longer needed.
OpenUPM may preserve log entries for all kinds of visitors longer, as needed in specific cases, like the investigation of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.
OpenUPM collects account data.
A few features of OpenUPM services require a GitHub account. For example, you must have a GitHub account to submit packages to the OpenUPM public registry.
OpenUPM publishes this account data for the whole world to see on the package detail page and contributor pages and so on.
If you prefer not to show your GitHub username, you can leave it empty when submitting packages.
OpenUPM uses your GitHub account data to:
- add metadata to packages that you submit
- contact you in special circumstances related to your account or packages
- contact you about support requests
- contact you about legal requests, like DMCA takedown requests and privacy complaints
OpenUPM stores that data as long as it stores the package.
OpenUPM collects package data.
When you submit a new package to OpenUPM, OpenUPM collects the contents of the package, plus package metadata, including your GitHub account name. Other OpenUPM users may also publish packages that include data about you, such as the fact that you contributed code to a package.
OpenUPM uses data in packages to provide those packages to you and others who request them. When you publish a package to the OpenUPM public registry, or change a package from private to public, OpenUPM makes the package and metadata available to everyone, online.
Making package data available to others allows them to download, build on, and depend on your work. In the vast majority of cases, OpenUPM stores data in and metadata about every version of every package indefinitely, unless it's unpublished.
In some cases, however, the package owner can unpublish packages, erasing them from the public registry. Erased packages linger on for a short time in OpenUPM's public and private caches, but eventually disappear completely from OpenUPM's storage.
OpenUPM collects data about correspondence.
OpenUPM collects data about you when you send OpenUPM support requests, legal complaints, privacy inquiries, and business inquiries. These data usually include your name and email address and may include your company or other affiliation.
OpenUPM uses contact data to:
- respond to you
- compile aggregated statistics about correspondence
- train support staff and other OpenUPM personnel
- review the performance of OpenUPM personnel who respond
- defend OpenUPM from legal claims
OpenUPM stores correspondence as long as it may be useful for these purposes.
Where does OpenUPM keep data about me?
OpenUPM stores account data, data about website use, data about registry use, and private packages on cloud servers.
OpenUPM distributes package data published to the OpenUPM public registry and metadata about those packages worldwide, via content delivery networks (CDN).
Does OpenUPM comply with the EU General Data Protection Regulation?
OpenUPM respects privacy rights under Regulation (EU) 2016/679, the European Union's General Data Protection Regulation (GDPR). Information that GDPR requires OpenUPM to give can be found throughout these privacy questions and answers.
GDPR does not apply to everyone worldwide. But OpenUPM's policy is to do its best to offer all users the same privacy information, control, and protections, whether GDPR applies to them or not.
How can I access data about me?
You can access package data by downloading the packages, as long as they're public or you have permission to access them.
You can see metadata about packages by running openupm view $package
.
Does OpenUPM make automated decisions based on data about me?
OpenUPM may use data in packages and data about how you use OpenUPM software and the public registry to make decisions about whether the packages you submit are spam, promote scams, abuse others, or otherwise violate our terms of use.
Does OpenUPM share data about me with others?
OpenUPM shares account data with others as described in the Q&A.
OpenUPM shares package data with others as described in the Q&A.
OpenUPM publishes posts and other content you submit when necessary.
OpenUPM does not sell information about you to others. However, OpenUPM uses services provided by other companies to provide OpenUPM services. Some of those services may collect data about you independently, for their purposes.
Some of these services may be used to collect information about your online activities across different websites.
OpenUPM uses Google Analytics.
OpenUPM's website uses Google Analytics to collect and analyze data about visitors to its websites. You can read the privacy policy for Google Analytics online. You can opt-out of Google Analytics by installing a free browser extension.
OpenUPM uses Google AdSense.
The website uses Google AdSense, an online service from Google for displaying targeted advertisements. When you request a page on the OpenUPM website that shows an advertisement, your computer also sends a request to Google AdSense. You can read the privacy policy for Google AdSense online.
OpenUPM uses Partnerize.
The website uses Partnerize, a leading partnership automation solution for global brands. When you interact with a page on the OpenUPM website that includes a Partnerize feature, your computer also sends a request to Partnerize. You can read the privacy policy for Partnerize online.
OpenUPM uses content delivery networks.
OpenUPM uses DigitalOcean Space to distribute copies of packages and other data worldwide so that others can download it quickly from a server near them. You can read the privacy policy for DigitalOcean online.
OpenUPM uses cloud computing platforms.
OpenUPM uses DigitalOcean servers and services, in-service regions all across the world, to power the OpenUPM public registry, the website, and other OpenUPM services. You can read the privacy policy for DigitalOcean online.
OpenUPM uses GitHub.
OpenUPM uses GitHub to manage package requests and issues. You can read the privacy policy for Github online.
OpenUPM uses Azure Pipelines.
OpenUPM uses Azure Pipelines to manage the build pipelines. You can read the privacy policy for Azure Pipelines online.
How can I find out about changes?
You can review the history of changes in the GitHub page.