Privacy & Cookies Policy
What we collect, what we don’t, and what we do with the small amount we do. Plain English. No dark patterns.
The 60-second summary
Open Public Records is a free public-records research site. We index publicly available government records and add live data from federal sources (OFAC, FBI Wanted, HHS-OIG, state controllers’ offices, and more) so you can find what you need in one place.
We do not run Google Analytics, Google Tag Manager, Facebook Pixel, Hotjar, Clarity, Mixpanel, AdSense, DoubleClick, or any cross-site tracking on our pages. We don’t sell your data. We don’t have a paid tier. We don’t broker background checks.
We do log standard web-server access information (the kind every web server logs by default), and we count clicks on the sponsored search box on the page so we can pay our hosting bill. That’s essentially it.
The short version: If you read a page on our site without clicking the orange sponsored search bar or filling in a contact form, the only thing we have on you is what your browser tells every web server in the world: your IP address, what page you asked for, when, and what browser you’re using.
Who we are
This site is published by the operators of Open Public Records at https://www.open-public-records.com/. We are the “data controller” under GDPR and the “business” under CCPA for the information described in this policy.
To exercise any rights described below, or for any privacy question, email us through the contact page.
What we collect
We try to collect as little as possible. Here is the complete list.
1. Standard server access logs (automatic)
When your browser requests any page, our web server logs:
- Your IP address
- The URL you requested
- The timestamp
- Your user-agent string (the browser identifier your browser sends)
- The referring URL, if your browser sent one
- The HTTP status code we returned
This is the bare minimum every web server on the internet records by default. We use these logs to keep the site running (debug errors, block abuse, detect attacks). Logs rotate and are typically retained for 30 days.
2. Sponsored-search click events
If you click “Search” on the orange sponsored search box (the BeenVerified-branded form) at the top of pages, we record:
- Your IP address
- The timestamp of the click
- A short code identifying which ad partner sent the click (e.g. “BV”)
The name and state values you typed into that box are not stored on our server. They are passed directly through to the advertiser (BeenVerified) as part of the redirect URL so their site can pre-fill your search. Once you arrive on their site, you are subject to their privacy policy, not ours.
3. Contact-form submissions
If you email us through the contact form, we receive whatever you type into it: typically your email address and your message. We use that information only to respond to you.
4. On-page form inputs you don’t submit
If you type into a search box but do not click submit, that information stays in your browser and never reaches us.
What we do not collect
To remove all doubt:
- We do not set Google Analytics, Google Tag Manager, or any Google measurement product
- We do not use Facebook Pixel, Meta Pixel, or any social-media tracker
- We do not use Hotjar, Microsoft Clarity, Mixpanel, FullStory, or any session-replay tool
- We do not run AdSense, DoubleClick, Amazon Associates trackers, or any retargeting ad network
- We do not fingerprint your device, your fonts, your canvas, or your WebGL
- We do not read your clipboard, microphone, camera, location, or any sensor
- We do not ask you to create an account or log in — there is no account system
- We do not sell, rent, license, or trade your personal information
- We do not share data with data brokers or marketing-list resellers
Cookies
We set no tracking cookies and no analytics cookies. The site does not deploy a cookie banner because we have nothing to ask consent for under standard cookie-law thresholds (no non-essential cookies).
The only situation in which a cookie is set is on a small number of password-protected internal admin pages, where a session cookie is used to remember the login. These pages are not user-facing.
Our advertising partner (BeenVerified) may set their own cookies after you click their search box and are redirected to their site. That happens on their domain, governed by their policy — not ours.
| Cookie | Purpose | Set by | Duration |
|---|---|---|---|
| No cookies are set on standard user-facing pages. | |||
Third parties & advertisers
We use a single advertising partner: BeenVerified. The orange sponsored search box on our pages routes user-submitted searches to BeenVerified’s public-records search. We earn a referral fee on clicks. That referral revenue keeps the site free.
We also link out to government data sources (US Treasury OFAC, FBI Wanted API, HHS-OIG, state controllers, court systems, etc.) and to non-profit legal archives. Clicking those links sends you to the destination site under its own privacy policy.
We do not load any third-party JavaScript on our pages for the purpose of tracking, advertising, or analytics.
How we use the data we do collect
- Server logs — to keep the site running, debug errors, block abuse, and detect security threats
- Sponsored-click counts — to reconcile referral revenue with our advertising partner
- Contact-form messages — to reply to you
We do not use any of this data to build a profile of you, target advertising at you, or train any model.
When we share data
We share data in only three narrow situations:
- With BeenVerified, when you click their sponsored search box. The data passed is what you typed into the form plus a referrer tag. We do this so the click can be attributed and the search can be pre-filled.
- With our hosting provider, who necessarily processes web traffic on our behalf to serve pages to you. They act as our data processor.
- If legally compelled by a valid subpoena, warrant, or court order. We will resist overly broad requests where appropriate.
We do not sell, rent, lease, license, or otherwise share data for marketing purposes. Period.
How long we keep it
- Web-server access logs: approximately 30 days, then rotated/deleted
- Sponsored-click events: retained in aggregate for accounting and abuse-detection; raw IP entries pruned periodically
- Contact-form messages: kept for as long as needed to handle your inquiry, then deleted
- Public-records index data: sourced from public government records; retained indefinitely, but reflects only what the government already publishes
Security
The site runs over HTTPS with HSTS enabled. The database is firewalled from the public internet. We patch promptly and review server logs for anomalies.
No system is perfectly secure. If we ever experience a breach affecting personal data, we will notify affected users where required by law.
Your rights
Depending on where you live, you may have one or more of the rights listed below. To exercise them, email us through the contact page.
If you are in the European Economic Area or the United Kingdom (GDPR / UK GDPR)
- Right of access — ask what data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure — ask us to delete data we hold about you
- Right to restrict processing — ask us to pause processing
- Right to data portability — receive your data in a portable format
- Right to object — object to certain processing
- Right to lodge a complaint with your national supervisory authority
Note: most pages on this site are public-records reflections of information already published by government agencies. We can remove personal data from our index, but the underlying government record will remain at its source.
If you are a California resident (CCPA / CPRA)
- Right to know what personal information we collect and how it’s used
- Right to delete personal information we have collected from you
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but this right still applies in principle
- Right to non-discrimination — we will not retaliate against you for exercising any right
To make a verifiable request, email us through the contact page with enough information for us to confirm your identity (typically the IP address and approximate timestamp of the relevant interaction).
If you are in Virginia, Colorado, Connecticut, Utah, or other US states with comprehensive privacy laws
You generally have rights to know, correct, delete, and opt out of sale/targeted advertising. We honor these rights nationwide using the process above.
Global Privacy Control (GPC)
If your browser sends a GPC signal, we treat it as a request to opt out of any sale or sharing of personal information — even though we do not sell or share in the first place.
Record-removal requests
If a public-records page on our site references you and you would like it suppressed from our index, send us the exact URL and your verifiable identity information. We evaluate each request individually and balance privacy interests against the public-information nature of the underlying source.
Children
The site is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact us and we will delete it.
FCRA disclaimer
This site is not a Consumer Reporting Agency as defined by the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. Information on this site may not be used for any FCRA-regulated purpose, including employment screening, tenant screening, consumer credit, insurance, or any other decision that requires FCRA compliance. By using this site, you certify that you will not use any information for such purposes.
Changes to this policy
We may update this policy when our practices change or when the law changes. When we make a material change, we update the “Last updated” date at the top of this page. Continued use of the site after a change means you accept the updated policy.
Contact
For privacy questions, rights requests, or record removals:
Use the contact page and tell us in the subject line whether you are submitting a privacy request, a record-removal request, or a general inquiry. Verifiable requests are typically answered within 30 days, or sooner.