This page describes what we collect, how single-file publishes and projects behave, and what gets stored so sharing, collaboration, security review, and abuse prevention can work on openwrap.
openwrap handles a few categories of data. If you create an account, that includes account and workspace information such as your email, name, username, org membership, and collaborator lists. If you upload or publish content, that includes the files themselves plus project metadata, share settings, and publishing history needed to deliver the product.
We also keep operational data such as session tokens, share-access tokens, basic request logs, rate-limit signals, and activity records that help us run the service, detect abuse, and troubleshoot failures.
Single-file publishes create an unlisted share link on the share surface. Folders and multi-file uploads open as editable projects in the app, where saved work, collaboration, access control, and custom slugs can be managed.
Unlisted is not the same as private. If someone has the URL to an unlisted share link, they may be able to open it unless you later move the project into a stricter sharing mode such as email, domain, org, or member-only access.
We retain uploaded content and related metadata for as long as needed to operate published links, editable projects, collaboration, recovery, access control, and abuse prevention during early access. We do not present the public product as a zero-retention service.
Retention and deletion controls will get tighter as the platform matures. Until those controls are fully surfaced, avoid uploading highly sensitive or specially regulated data unless you have confirmed the handling requirements with us first.
Short version: if openwrap is serving a share link, restoring a project, or enforcing access rules, we are storing the content and metadata required to do that.
We use session tokens and cookies to keep you signed in, remember project access, and support the handoff between the app and the share surface. Shared wraps may also rely on revocable link tokens, email allowlists, domain allowlists, org access, or project membership depending on how the owner configured sharing.
If you have questions about data handling or need help with a specific project, use the support page or email support@openwrap.ai.