Privacy Policy

Data Processing Activities

Contacting us

If you contact us via email or through any contact channels provided on the website, your personal data will be processed. We process the data you provide us with, such as your name, email address and/or phone number and the content of your inquiry. Additionally, the time of receipt of the inquiry will be documented. We process this data to address your inquiry (e.g., to assist with any questions regarding our projects, informing you on how to support us, query about volunteering etc.).

For website users in the EEA, the legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in addressing your inquiry or, if your inquiry is aimed at the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Article 6(1)(b) of the GDPR.

Newsletter Subscription

If you register for our newsletter on our website, we collect your email address. To prevent misuse and ensure that the owner of an email address has genuinely given consent, we use a double-opt-in process. After submitting your registration, you will receive an email containing a confirmation link. You must click on this link to finalize your registration. If you do not confirm your email address within the specified timeframe, your data will be deleted, and no newsletters will be sent.

Our newsletter service is powered by the platform Ghost (Ghost Foundation Ltd, Singapore), which facilitates both the delivery of emails to your inbox and the hosting of our newsletter content at https://newsletter.openhomefoundation.org/. If you access the newsletter through the Ghost platform, technical data (limited to IP address and browser information) may be processed by Ghost to display the content correctly and ensure system stability.

For website users in the EEA, the legal basis for the processing of personal data in connection with the newsletter and the statistical analysis of user behavior is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

For newsletter service, we use the applications provided by Ghost. Therefore, your data may be stored in a database of Ghost, which may allow Ghost to access your data if this is necessary for providing the software and supporting its use. For website users in the EEA, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in using the services of third-party providers.

There is a possibility that Ghost may want to use some of this data for its own purposes (e.g., conducting statistical analysis). For these data processing activities, Ghost is the controller and must ensure compliance of these processing activities with data protection laws. Information about data processing by Ghost can be found at https://ghost.org/privacy/.

Job applications

You can apply for a position in our foundation either spontaneously or in response to a specific job advertisement. In both cases, we will process the personal data you provide us with, such as your name, contact details, CV information (including education and work history), links or portfolios, and any answers or documents you upload as part of the application process.

We use this data to assess your application and suitability for employment. For applicants in the EEA, the legal basis for this data processing is the implementation of the necessary pre-contractual or contractual measures within the meaning of Article 6(1)(b) of the GDPR.

Application documents from unsuccessful applicants will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period. For applicants in the EEA, the legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You may withdraw your consent anytime.

For the processing of applications, we use services provided by Ashby, Inc., 548 Market St PMP 397006, San Francisco, CA 94104-5401, USA. Therefore, your data may be stored in a database of Ashby, which may allow Ashby to access your data if this is necessary for providing the software and supporting its use. Information about data processing by Ashby can be found at https://www.ashbyhq.com/resources/privacy. For website users in the EEA, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in using the services of third-party providers.

Participation in user research

We occasionally invite users to participate in research studies to improve our projects. Participation is entirely voluntary. When you participate, we process the data you provide (such as feedback, usage habits, or contact details) in accordance with the specific research privacy notice provided to you at the start of each study (see also our User Research Agreement).

The legal basis for the processing of personal data in connection with participation in user research is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

Volunteer reimbursements

If you volunteer for the Open Home Foundation and request reimbursement for expenses, we process the personal data necessary to review and execute the reimbursement. This includes your name, contact details, address, bank account information, and any documentation you submit (e.g., receipts or supporting records).

We use this data to verify your reimbursement request, contact you in case of questions, and execute the payment of the reimbursement. For volunteers in the EEA, the legal basis for this data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR in managing reimbursements and supporting volunteer participation. Where reimbursement relates to an existing contractual relationship, the legal basis is Article 6(1)(b) GDPR. For the processing of reimbursements, we may use external service providers (such as banking institutes, payment processors or accounting services). Therefore, your data may be processed by these providers if necessary for providing their services. For volunteers in the EEA, the legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in using the services of third-party providers.

Support us

The Open Home Foundation is funded by commercial partner fees and donations. Our website provides links to external platforms such as GitHub Sponsors, Ko-fi, or other sponsorship services. When you click these links, you are redirected to the respective provider's platform, and those providers act as independent controllers for any data you provide to them. The legal basis for the processing of personal data in connection with providing links to these external sponsorship platforms is our legitimate interest in facilitating support for our projects pursuant to Article 6(1)(f) GDPR.

Furthermore, you may support our work by purchasing products or subscribing to services through our commercial partners, such as Nabu Casa and Apollo Automation. These transactions are handled exclusively by the respective partner under their own privacy policies. The Open Home Foundation does not receive your payment or purchase data from these partners; we only receive the resulting partner fees which are used to fund our operations.

Visitor data and analytics

We collect minimal personal data when you visit our website, which is processed for two main purposes: website stability and security, and usage analysis.

Website Stability and Security (Cloudflare)
Our websites are served via Cloudflare (Cloudflare, Inc.), our Content Delivery Network (CDN). Cloudflare processes minimal usage data, such as your IP address and pages visited, to ensure the long-term security and stability of the system, establish a connection, and carry out basic traffic analysis, such as the number of visits to each page. This data is not used for tracking or profiling.

Website Analytics (Self-Hosted Plausible)
For a more detailed understanding of site usage and activity, we plan to use Plausible analytics. We will self-host the Plausible analytics platform on our own infrastructure, which means we will maintain full ownership and control, and all collected data will stay on our own servers. No data will be shared with Plausible Insights OÜ, the Plausible company, or any other third party. Plausible collects data anonymously and in aggregate. It is designed to be privacy-first and does not use cookies, store IP addresses, or collect personal data, persistent identifiers, or cross-site tracking.

The data we will collect and process for analytics includes:

• Information about your browser, network, and device
• Web pages you visited prior to coming to this website
• Web pages you view while on this website
• Approximate country/region (derived from your IP address, which is immediately discarded and never stored)

This information may also include aggregate details about your use of this website, for error and performance analysis and optimization:

• Clicks
• Internal links
• Scrolling/Scroll depth
• Searches
• Timestamps/Time on page
• Referral sources

For website visitors from the EEA, the legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.

Social Network Profiles

Our website contains links to our profiles on the social networks of the following providers:

• Fosstodon Foundation, Privacy Policy;
• Bluesky Social, PBC, 113 Cherry St, Seattle, WA 98104, United States, Privacy Policy;
• GitHub B.V., Prins Bernhardplein 200, Amsterdam 1097JB, the Netherlands and GitHub, Inc., 88 Colin P. Kelly Jr. St., San Francisco, CA 94107, United States, Privacy Policy.

If you click on the icons of the social networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the social network receives information that you have visited our website with your IP address and clicked on the link. This may also involve the transfer of data to servers abroad, e.g., in the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see the Section below on International Data Transfers).

If you click on a link to a social network while you are logged into your user account on that social network, the content of our website can be associated with your profile, allowing the social network to directly link your visit to our website to your account. If you want to prevent this, please log out of your account before clicking on the respective links. A connection between your access to our website and your user account will always be established if you log in to the respective social network after clicking on the link. The data processing associated with this is the responsibility of the respective provider in terms of data protection. Therefore, please refer to the privacy notices on the social network's website.

International Data Transfers

We operate from Switzerland. Our website uses service providers (e.g., Ashby, Inc. for job applications). These service providers are in some cases located in countries outside Switzerland, for example in the United States. Consequently, your personal data may be transferred to and processed in countries outside of Switzerland and the European Economic Area (EEA) that do not provide an adequate level of data protection from a Swiss or EU perspective.

We ensure the transfers of data to the United States rely on legal frameworks recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the European Commission, such as the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) and will, if necessary, ensure additional appropriate safeguards are in place so that your data is adequately protected at our third-party service providers.

Retention Periods

We only store personal data for as long as it is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interests.

For contractual data, we are required by law to retain business communication, concluded contracts, and accounting documents. According to these regulations, records must be retained for up to 10 years. If we no longer need this data to provide services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists.

Your Rights

Under the GDPR and FADP, you have the right to:

To exercise any of these rights, please contact us at [email protected].

Effective Date

This privacy policy was last updated on 2026-05-07.