OpenUPM collects data about you:
npm, or another program accesses the OpenUPM public registry
- when you browse the OpenUPM website, openupm.com
- when you send support, privacy, legal, and other requests to the OpenUPM server
When you use the
openupm command, the
npm command, or other software to work with the OpenUPM public registry, OpenUPM logs data that might be identified to you:
- a random, unique identifier for necessary registry actions
- the names and versions of your project's dependencies, their dependencies, and so on, that come from the OpenUPM public registry
- the versions of Node.js, the
openupmcommand, and the operating system you are using
- data about the software you're using to access the registry, such as the
- network request data, such as the date and time, your IP address, and the URL
OpenUPM uses this data to:
- fulfill your requests, such as by sending the packages you ask for
- keep registries working quickly and reliably
- debug and develop the
openupmcommand and other software
- defend registries from abuse and technical attacks
- compile statistics on package usage and popularity
- prepare reports on trends in the developer community
- improve search results on the website
- recommend packages that may be relevant to your work
OpenUPM usually deletes registry log entries with identifiable information within a few weeks but may preserve logs longer, as needed in specific cases, like investigations of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.
- your IP address
- your preferred language
- the web browser software you use
- the kind of computer you use
- the website that referred you
OpenUPM uses data about how you use the website to:
- optimize the website so that it's quick and easy to use
- diagnose and debug technical errors
- defend the website from abuse and technical attacks
- compile statistics on package popularity
- compile statistics on the kinds of software and computers visitors use
- compile statistics on visitor searches and needs, to guide the development of new website pages and functionality
- decide who to contact about product announcements, service changes, and new features
OpenUPM usually deletes website log entries with identifiable information within a few weeks but keeps entries for visitors with OpenUPM accounts, and visitors using paid services like Enterprise registries, longer. OpenUPM reviews log entries for those users twice a year and deletes entries when they're no longer needed.
OpenUPM may preserve log entries for all kinds of visitors longer, as needed in specific cases, like the investigation of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.
A few features of OpenUPM services require a GitHub account. For example, you must have a GitHub account to submit packages to the OpenUPM public registry.
OpenUPM publishes this account data for the whole world to see on the package detail page and contributor pages and so on.
If you prefer not to show your GitHub username, you can leave it empty when submitting packages.
OpenUPM uses your GitHub account data to:
- add metadata to packages that you submit
- contact you in special circumstances related to your account or packages
- contact you about support requests
- contact you about legal requests, like DMCA takedown requests and privacy complaints
OpenUPM stores that data as long as it stores the package.
When you submit a new package to OpenUPM, OpenUPM collects the contents of the package, plus package metadata, including your GitHub account name. Other OpenUPM users may also publish packages that include data about you, such as the fact that you contributed code to a package.
OpenUPM uses data in packages to provide those packages to you and others who request them. When you publish a package to the OpenUPM public registry, or change a package from private to public, OpenUPM makes the package and metadata available to everyone, online.
Making package data available to others allows them to download, build on, and depend on your work. In the vast majority of cases, OpenUPM stores data in and metadata about every version of every package indefinitely, unless it's unpublished.
In some cases, however, the package owner can unpublish packages, erasing them from the public registry. Erased packages linger on for a short time in OpenUPM's public and private caches, but eventually disappear completely from OpenUPM's storage.
OpenUPM collects data about you when you send OpenUPM support requests, legal complaints, privacy inquiries, and business inquiries. These data usually include your name and email address and may include your company or other affiliation.
OpenUPM uses contact data to:
- respond to you
- compile aggregated statistics about correspondence
- train support staff and other OpenUPM personnel
- review the performance of OpenUPM personnel who respond
- defend OpenUPM from legal claims
OpenUPM stores correspondence as long as it may be useful for these purposes.
OpenUPM stores account data, data about website use, data about registry use, and private packages on cloud servers.
OpenUPM distributes package data published to the OpenUPM public registry and metadata about those packages worldwide, via content delivery networks (CDN).
OpenUPM respects privacy rights under Regulation (EU) 2016/679, the European Union's General Data Protection Regulation (GDPR). Information that GDPR requires OpenUPM to give can be found throughout these privacy questions and answers.
GDPR does not apply to everyone worldwide. But OpenUPM's policy is to do its best to offer all users the same privacy information, control, and protections, whether GDPR applies to them or not.
You can access package data by downloading the packages, as long as they're public or you have permission to access them.
You can see metadata about packages by running
openupm view $package.
OpenUPM shares account data with others as described in the Q&A.
OpenUPM shares package data with others as described in the Q&A.
OpenUPM publishes posts and other content you submit when necessary.
OpenUPM does not sell information about you to others. However, OpenUPM uses services provided by other companies to provide OpenUPM services. Some of those services may collect data about you independently, for their purposes.
Some of these services may be used to collect information about your online activities across different websites.
You can review the history of changes in the GitHub page.