OpenLeash

Privacy Policy

Last updated: June 11, 2026

Who we are

OpenLeash provides security controls for AI agents, including approvals, secret protection, policy enforcement, provider usage visibility, and audit records. This policy covers the OpenLeash website, OpenLeash Cloud, the desktop client, and the iOS and Android mobile clients.

Privacy contact: privacy@openleash.com. General support: support@openleash.com.

Data we collect

  • Account information, such as name, email address, identity provider, organization, role, and sign-in metadata.
  • Device and client information, such as platform, app version, device name, API endpoint, and notification registration state.
  • Security event data, such as agent name, project name, requested action, policy match, approval decision, timestamp, and audit context.
  • Provider usage metadata, such as request counts, token counts, connected provider names, and cost estimates where enabled.
  • Support messages and operational communications you send to us.
  • Basic website telemetry from hosting, security, and server logs.

How we use data

  • To authenticate users and connect them to the right personal account or organization.
  • To deliver approval notifications and let users approve or deny agent actions.
  • To enforce security policy, protect secrets, maintain audit logs, and show usage information.
  • To provide support, debug reliability issues, prevent abuse, and secure the service.
  • To comply with legal obligations and enforce our terms.

Mobile app permissions

The mobile apps use network access to connect to OpenLeash Cloud or a customer-hosted Private Cloud API. They request notification permission so you can receive approval prompts. The apps do not request camera, microphone, photo library, contacts, precise location, or advertising tracking permissions.

Sharing and processors

We do not sell personal data. We share data only with service providers needed to run OpenLeash, such as infrastructure, identity, email, monitoring, and support providers, or when required by law. Customer-hosted Private Cloud deployments are operated by the customer; in those deployments, the customer controls their own API, dashboard, database, identity provider, logs, backups, and retention.

Security

We use encryption in transit, access controls, least-privilege operational practices, and audit logging appropriate to the sensitivity of security event data. The mobile app stores session tokens in platform secure storage.

Retention and deletion

We retain account and security records for as long as needed to provide OpenLeash, maintain security, meet audit obligations, resolve disputes, and comply with law. You can request account and associated personal data deletion at openleash.com/account/delete. Some audit, billing, abuse-prevention, or legal records may be retained where required or permitted by law, and we will explain that when it applies.

Your choices

  • You can sign out of the mobile app at any time.
  • You can revoke notification permission in iOS or Android settings.
  • You can request access, correction, export, or deletion by contacting privacy@openleash.com.
  • Organization users can also contact their organization administrator for workspace-controlled data.

Children

OpenLeash is not directed to children and should not be used by children under 13.

Changes

We may update this policy as the product changes. If changes are material, we will provide reasonable notice through the website, product, or account email where appropriate.