Are you running OpenStack in production? Take the opportunity to provide anonymous feedback by taking the OpenStack User Survey.

OpenStack Foundation Privacy Policy

The OpenStack Foundation is a Delaware non-stock, non-profit corporation under the jurisdiction of the FTC with its principal office in Austin, Texas. The goal of the OpenStack Foundation is to serve developers, users, and other participants in the OpenStack infrastructure ecosystem by providing a set of shared resources to build community, facilitate collaboration, and support integration of open source technologies.

This Privacy Policy describes how the OpenStack Foundation collects personal data from and about website visitors and individual community members, how and why we use that data, and the circumstances under which we share that data with others. The Privacy Policy covers the following OpenStack Foundation web properties:,,,,, and

The OpenStack Foundation is committed to the principles of the Privacy Shield through transparent disclosure of our activities related to privacy protection. We work at carefully balancing the Foundation’s interest in using your personal data to meet its goal against any potential impact to you arising from our use.

If you have any questions or concerns about this Privacy Policy, or want further information on how we balance your right to personal data protection against our interest in serving our community, please contact us at [email protected], or PO Box 1903, Austin, Texas 78767.

This Policy is divided into sections:

I. Personal data that we collect from and about you

A. Personal data we collect

B. Personal data we receive from other organizations

II. Third parties who collect data on our website

III. How we use your personal data and the legal basis for such use

IV. Circumstances under which we may disclose your personal data

V. Cookies and other online data collection technologies

VI. Email Policy

VII. Children

VIII. Security

IX. Data retention

X. Requests to amend or erase your personal data, or restrict our use of your personal data

XI. De-identified data

XII. EU-US and Swiss Privacy Shield

XIII. Changes to Policy

Please note that this Privacy Policy does not cover the privacy practices of separate organizations that are authorized to use the OpenStack name or logo. For example, this Privacy Policy does not cover personal data collected by user groups and supporters. Those organizations are responsible for posting their own privacy policies.

These words have specific meanings in this Privacy Policy:

goal refers to the goal of the OpenStack Foundation stated above, and the Foundation’s purpose as stated in our Bylaws at

site means the website at and any other website on which this Privacy Policy is posted, including each of the following:

visitor means a visitor to the Site, including visitors who use services on the site, such as the OpenStack Marketplace;

community member means an individual who: (i) is a member of the OpenStack Foundation, (ii) contributes software, documentation, or other information to the OpenStack Project, (iii) attends an OpenStack event, (iv) takes a certification exam, such as the OpenStack Administrator exam, or (v) provides personal data to the Foundation in some other way as described below;

personal data or personal information means any information about an individual that identifies the individual, or that can be used to identify the individual, directly or indirectly.

we and our and us refers to the OpenStack Foundation; and

you and your refers to visitors and community members.


Part I. Personal data that we collect from and about you

A. Personal Data We Collect. We collect different kinds of personal data from and about you as follows:

B. Personal Data We Receive from Other Organizations. We receive personal data from these organizations who collect personal data from and about you:

II. Third Parties Who Collect Data

On Our Site

Third parties who display content or provide services on our websites may also collect personal data about you using cookies, tracking pixels, and other methods. They share some of that data with us as described above, but they may collect other data that they use for things un-related to OpenStack. For example,

You may block cookies using the cookiebot feature available on our site. If you elect to permit collection of data via cookies initially, but later change your mind, you can change your preferences.

Mobile App Availability Monitoring

We use Crashlytics to monitor the availability of the OpenStack Summit mobile app. Crashlytics collects mobile device unique identifiers and other information. Their collection and user of personal data is described in their privacy policy, which can be found If you do not want your personal data shared with Crashlytics you should not use the mobile app.


Part III – How we use personal data and the legal basis for such use

We will use your personal data to provide information and services to you as a participant in the OpenStack community and to manage the community consistent with the Foundation’s goals, at all times balancing the Foundation’s goal against your interest in protecting your personal data. We will strive to use your personal data only to the limited extent necessary to meet our legitimate interest as the manager of the OpenStack Project and community. Specific ways that we use your personal data in this way are as follows:


Part IV. Circumstances under which we may disclose your personal data

We will not disclose your personal data to third parties except as follows:

We do not directly disclose event registration data to event sponsors. However, event sponsors may receive your personal data under the following circumstances:

A note about Elections Administrators: we currently use BigPulse to administer our annual election of individual members to the OpenStack Board of Directors. BigPulse enables the OpenStack Foundation to issue each eligible voter a unique link to the voting platform. To vote in this election you are required to use this unique link. BigPulse shares the aggregate election results with the OpenStack Foundation and the community, but does not share individual voting records.


Part V. Online Data Collection Technologies

A cookie is a unique alphanumeric identifier that is used to identify unique visitors to a website, whether or not those visitors are repeat visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus. Cookies are used to help site administrators recognize visitors as unique visitors (just a number) when they return. For example, if there are 1,000 visits to a website on a certain day, the site operator can use cookies to discover how many of those visits were made via the same browser (same visitor) and to track whether a certain visitor has visited the site more than once, and the source for each visit.

A tracking pixel, also known as a web bug or web beacon, is a small graphic (usually 1 pixel x 1 pixel) invisible to the eye, that is embedded in web content or email. When you view content that has an embedded web beacon, your web browser will request content from a web server, which in turn will set a cookie in your web browser containing a unique identifier. This unique identifier can be linked to log information that is used to track your movements on the operator’s website.

You may block cookies using the cookiebot feature available on our site. Your current cookie status and the link to change it appears in Section II above captioned “Third Parties Who Collect Data On Our Site.”


Part VI. Communications Policy

If you do not wish to receive our email or other communications, please send your request to [email protected] or write us at Compliance Officer, OpenStack Foundation, P.O. Box 1903, Austin, TX 78767. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.


Part VII. Children

None of our websites, mobile applications or services are intended for children. Do not attempt to register as a services user unless you are at least 18 years old. Do not submit information about yourself using our websites or applications if you are under 13. If you are the parent or guardian of a child under 13 who may have submitted information to us please contact us at [email protected].


Part VIII. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost or accessed in an unauthorized manner, including being altered or disclosed.

We have put in place procedures to handle security incidents, including a process for making notifications to you or a data breach as required by law.

We require our service providers to comply with appropriate security measures and to give us notice of security events as necessary for us to meet our security obligations to you.


Part IX. Data Retention

We will retain your personal data only for as long as reasonably necessary to fulfil the purpose for which it was collected, and to comply with our legal obligations. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Please contact us at [email protected] if you would like more information about our data retention policies


Part X. Requests to amend or erase your personal data, or restrict our use of your personal data

Our policies for complying with your requests to amend, erase, restrict or take other action with respect to your personal data are stated below. We will comply with the applicable legal requirements for these types of requests. You should communicate your request to [email protected].


Part XI. De-identified data

In some circumstances we may use or disclose de-identified data about our community members to third parties, including aggregate data, such as the size of our community, the demographic make-up of the community, the proportionate number of users vs. developers, and like information. Provided that we have de-identified this data in a way that it cannot be re-identified to any individual, we do not consider this type of information to be “personal data” subject to this policy.


Part XII. EU-US and Swiss Privacy Shield

The OpenStack Foundation participates in the EU-US and Swiss Privacy Shield frameworks regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified with the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, visit here. Our certification appears here.


In compliance with the Privacy Shield Principles, The OpenStack Foundation commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact The OpenStack Foundation at [email protected] and give us the opportunity to resolve your complaint. We will respond to your complaint promptly.

The OpenStack Foundation has further committed to refer unresolved Privacy Shield complaints to Privacy Trust, an alternate dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information or to raise a privacy shield complaint with PrivacyTrust. The services of Privacy Trust are provided at no cost to you.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, OpenStack remains liable.

Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Please see the additional information provided by the U.S. Department of Commerce here on resolving complaints.


Part XIII. Changes to Policy

We may revise our Privacy Policy at any time by posting a revision on our website. However, the version of the Privacy Policy posted on our site at the time of the collection of your personal data will continue to apply to the personal data collected while that version was published.