Your data is yours

The Openistic Pledge is a simple promise for software and sites: No saving user data and no selling or sharing it.

Read the pledge Add it to your site

Seal is cryptographically verifiable and bound. Developed using badgemax.pro

Openistic is vendor-neutral. Anyone can adopt the pledge and display a verifiable badge.

The Openistic Pledge

No save: Personal data is not stored server-side (except minimal, disclosed security data such as fraud/abuse controls).
No sell/share: No ads data brokers, no cross-context sharing, no monetization of personal data.
Tracker-free: No third-party profiling scripts. If analytics are used, they must be first-party and aggregate.
Local-first: Prefer on-device storage and end-to-end encryption for sync so providers can’t read plaintext.
Public proof: Publish a plain-English data-flow summary and a machine-readable /openistic.txt.
Accountability: Commit to periodic independent review and publish results.

Organizations that change posture must remove the badge immediately and update their public proof.

How it works

Adopt the pledge. Make sure your product actually follows the rules above.
Publish proof. Ship a short data-flow on your site and an /openistic.txt file (see below).
Embed the badge. Paste your badge snippet in the placeholder on your pages.

Copy-paste badge embed code

<object data="https://openistic.neocities.org/1540DF79B1B70A7BF506.svg"
        type="image/svg+xml"
        style="display:block;margin:0 auto;border-radius:12px;overflow:hidden;background:transparent">
  <img src="https://openistic.neocities.org/1540DF79B1B70A7BF506.svg">
</object>

Example openistic.txt (put at /openistic.txt on your site)

# Openistic policy descriptor (v0.1)
version: 0.1
org: Your Company, Inc.
site: https://example.com
no_save: true
no_sell: true
tracker_free: true
data_flow_url: https://example.com/privacy#data-flow
contact: mailto:privacy@example.com
last_updated: 2025-08-19

FAQ

Is this legally binding?

It’s a public promise. Misuse can be treated as deceptive marketing in many jurisdictions. We also recommend linking your data-flow and openistic.txt from your legal pages for added clarity.

What about security logs and abuse prevention?

Limited, short-lived security data (e.g., rate limiting counters) may be kept if strictly necessary and disclosed in your data-flow. Long-term personal data storage is not allowed under the pledge.

Can I use privacy-preserving analytics?

Yes—first-party, aggregate, and non-fingerprinting only. No third-party trackers or cross-site identifiers.

Do I need an audit?

Audits aren’t required to display the badge, but they are strongly recommended. If you publish an audit, link it from /openistic.txt.

Contact

Questions or adoption requests? Email security@qvlx.com.