Privacy Q&A

What's most important?

OpenUPM is a service that encourages the use and development of open-source unity contents. We try to minimize the information we collect while providing value for you. If you feel uncomfortable about the privacy policy, please mail to hello@openupm.com to start a conversation.

How does OpenUPM collect data about me?

OpenUPM collects data about you:

when openupm, npm, or another program accesses the OpenUPM public registryopen in new window
when you browse the OpenUPM website, openupm.comopen in new window
when you send support, privacy, legal, and other requests to the OpenUPM server

What data does OpenUPM collect about me, and why?

OpenUPM collects data about how you use OpenUPM software and registries.

When you use the openupm command, the npm command, or other software to work with the OpenUPM public registry, OpenUPM logs data that might be identified to you:

a random, unique identifier for necessary registry actions
the names and versions of your project's dependencies, their dependencies, and so on, that come from the OpenUPM public registry
the versions of Node.js, the openupm command, and the operating system you are using
data about the software you're using to access the registry, such as the User-Agent string
network request data, such as the date and time, your IP address, and the URL

OpenUPM uses this data to:

fulfill your requests, such as by sending the packages you ask for
keep registries working quickly and reliably
debug and develop the openupm command and other software
defend registries from abuse and technical attacks
compile statistics on package usage and popularity
prepare reports on trends in the developer community
improve search results on the website
recommend packages that may be relevant to your work

OpenUPM usually deletes registry log entries with identifiable information within a few weeks but may preserve logs longer, as needed in specific cases, like investigations of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.

OpenUPM collects data about how you use the website.

When you visit openupm.comopen in new window and other OpenUPM websites, OpenUPM uses cookies, server logs, and other methods to collect data about what pages you visit, and when. OpenUPM also collects technical information about the software and computer you use, such as:

your IP address
your preferred language
the web browser software you use
the kind of computer you use
the website that referred you

OpenUPM uses data about how you use the website to:

optimize the website so that it's quick and easy to use
diagnose and debug technical errors
defend the website from abuse and technical attacks
compile statistics on package popularity
compile statistics on the kinds of software and computers visitors use
compile statistics on visitor searches and needs, to guide the development of new website pages and functionality
decide who to contact about product announcements, service changes, and new features

OpenUPM usually deletes website log entries with identifiable information within a few weeks but keeps entries for visitors with OpenUPM accounts, and visitors using paid services like Enterprise registries, longer. OpenUPM reviews log entries for those users twice a year and deletes entries when they're no longer needed.

OpenUPM may preserve log entries for all kinds of visitors longer, as needed in specific cases, like the investigation of specific incidents. OpenUPM stores aggregate statistics indefinitely, but those statistics don't include data identifiable to you personally.

OpenUPM collects account data.

A few features of OpenUPM services require a GitHub account. For example, you must have a GitHub account to submit packages to the OpenUPM public registry.

OpenUPM publishes this account data for the whole world to see on the package detail page and contributor pages and so on.

If you prefer not to show your GitHub username, you can leave it empty when submitting packages.

OpenUPM uses your GitHub account data to:

add metadata to packages that you submit
contact you in special circumstances related to your account or packages
contact you about support requests
contact you about legal requests, like DMCA takedown requests and privacy complaints

OpenUPM stores that data as long as it stores the package.

OpenUPM collects package data.

When you submit a new package to OpenUPM, OpenUPM collects the contents of the package, plus package metadata, including your GitHub account name. Other OpenUPM users may also publish packages that include data about you, such as the fact that you contributed code to a package.

OpenUPM uses data in packages to provide those packages to you and others who request them. When you publish a package to the OpenUPM public registry, or change a package from private to public, OpenUPM makes the package and metadata available to everyone, online.

Making package data available to others allows them to download, build on, and depend on your work. In the vast majority of cases, OpenUPM stores data in and metadata about every version of every package indefinitely, unless it's unpublished.

In some cases, however, the package owner can unpublish packages, erasing them from the public registry. Erased packages linger on for a short time in OpenUPM's public and private caches, but eventually disappear completely from OpenUPM's storage.

OpenUPM collects data about correspondence.

OpenUPM collects data about you when you send OpenUPM support requests, legal complaints, privacy inquiries, and business inquiries. These data usually include your name and email address and may include your company or other affiliation.

OpenUPM uses contact data to:

respond to you
compile aggregated statistics about correspondence
train support staff and other OpenUPM personnel
review the performance of OpenUPM personnel who respond
defend OpenUPM from legal claims

OpenUPM stores correspondence as long as it may be useful for these purposes.

Where does OpenUPM keep data about me?

OpenUPM stores account data, data about website use, data about registry use, and private packages on cloud servers.

OpenUPM distributes package data published to the OpenUPM public registry and metadata about those packages worldwide, via content delivery networks (CDN).

Does OpenUPM comply with the EU General Data Protection Regulation?

OpenUPM respects privacy rights under Regulation (EU) 2016/679open in new window, the European Union's General Data Protection Regulation (GDPR). Information that GDPR requires OpenUPM to give can be found throughout these privacy questions and answers.

GDPR does not apply to everyone worldwide. But OpenUPM's policy is to do its best to offer all users the same privacy information, control, and protections, whether GDPR applies to them or not.

How can I access data about me?

You can access package data by downloading the packages, as long as they're public or you have permission to access them.

You can see metadata about packages by running openupm view $package.

Does OpenUPM make automated decisions based on data about me?

OpenUPM may use data in packages and data about how you use OpenUPM software and the public registry to make decisions about whether the packages you submit are spam, promote scams, abuse others, or otherwise violate our terms of use.

OpenUPM shares account data with others as described in the Q&A.

OpenUPM shares package data with others as described in the Q&A.

OpenUPM publishes posts and other content you submit when necessary.

OpenUPM does not sell information about you to others. However, OpenUPM uses services provided by other companies to provide OpenUPM services. Some of those services may collect data about you independently, for their purposes.

Some of these services may be used to collect information about your online activities across different websites.

OpenUPM uses Google Analytics.

OpenUPM's website uses Google Analytics to collect and analyze data about visitors to its websites. You can read the privacy policy for Google Analytics onlineopen in new window. You can opt-out of Google Analytics by installing a free browser extensionopen in new window.

The website uses Google AdSenseopen in new window, an online service from Googleopen in new window for displaying targeted advertisements. When you request a page on the OpenUPM website that shows an advertisement, your computer also sends a request to Google AdSense. You can read the privacy policy for Google AdSense onlineopen in new window.

OpenUPM uses Partnerize.

The website uses Partnerizeopen in new window, a leading partnership automation solution for global brands. When you interact with a page on the OpenUPM website that includes a Partnerize feature, your computer also sends a request to Partnerize. You can read the privacy policy for Partnerize onlineopen in new window.

OpenUPM uses content delivery networks.

OpenUPM uses DigitalOcean Spaceopen in new window to distribute copies of packages and other data worldwide so that others can download it quickly from a server near them. You can read the privacy policy for DigitalOceanopen in new window online.

OpenUPM uses cloud computing platforms.

OpenUPM uses DigitalOceanopen in new window servers and services, in-service regions all across the world, to power the OpenUPM public registry, the website, and other OpenUPM services. You can read the privacy policy for DigitalOceanopen in new window online.