Privacy Infrastructure at Scale
Legal documents that live in your repo, stay in sync with your code, and prove compliance on demand. Built on the open-source OpenPolicy framework — cloud-backed consent tracking, versioning, and audit trail from day one.
GDPR (EU)
CCPA / CPRA
LGPD (Brazil)
PIPEDA (Canada)
APPI (Japan)
PDPA (Singapore)
Privacy Act (AU)
DPDP (India)
POPIA (South Africa)
Everything you need for policy compliance
Write once in TypeScript, get correctly-worded policies in every language and jurisdiction — with consent tracking built in.
TypeScript-first policies
Define your privacy policy, terms, and cookie policy in code. Version-controlled, diffable, and reviewable like any other source file.
Multi-jurisdiction support
GDPR, CCPA, UK GDPR, LGPD, and more. OpenPolicy generates the right language for each region automatically — no manual copy-paste.
User consent tracking
Know which users have accepted which version of each policy. Surface compliance gaps before they become audit findings.
Auto-versioning & rollout
Every policy change creates a new version. Roll out updates progressively, prompt only affected users, and track acceptance in real time.
Always in sync
Policies are regenerated on every build by the Vite plugin. Your privacy policy can never drift out of date with your actual data practices — enforced by the build pipeline.
Drop-in integrations
PostHog, Linear, GitHub, and more. Pipe compliance signals directly into the tools your team already uses.
From config to compliance in minutes
1
Define your policy
Add an OpenPolicy config to your project. Describe your data practices, jurisdictions, and service details in TypeScript.
2
Connect to OpenPolicy+
Push your config. We generate legally-worded documents as build-time artifacts and give you a typed client and consent API to embed in your app.
3
Track consent automatically
Every user acceptance is recorded. Dashboards show compliance rates by policy, version, and jurisdiction at a glance.
import config from "#/lib/openpolicy";
import { createClient } from "@openpolicy/plus";
const client = createClient(config);
// Record consent when a user accepts your policies
await client.consent({
user: { id: user.id, email: user.email, plan: user.plan },
});
// Check if policies changed since the user last consented
const changes = await client.changes(user.id);
if (changes.length > 0) {
// Prompt the user to review and re-accept
}
// Check the current user's jurisdiction
const jurisdiction = await client.jurisdiction(user.id);
if (jurisdiction === "gdpr") {
// Show cookie banner
}
Consent tracking
Know exactly who has accepted what, and when.
Every policy acceptance is timestamped and tied to a specific document version. Filter by policy, jurisdiction, or cohort — and export a full audit trail whenever compliance or legal asks for it.
- Per-user acceptance history across all policy types
- Version-aware: know if a user is on v3 or still on v1
- Jurisdiction-level compliance rates at a glance
- Export to CSV for legal and audit workflows
Compliance overview — last 30 days
847
Users on latest version
12
Pending re-consent (v3.1)
Privacy Policy v3.1847 / 859 users
Terms of Service v2.0831 / 859 users
Active rollout
72% complete
Privacy Policy v3.2
CCPA / CPRA71% · 198 / 279
Grace period ends in 4 days
Update management
Roll out policy changes without the scramble.
When your legal team updates your privacy policy, OpenPolicy+ creates a new version, surfaces a re-consent prompt to affected users, and tracks rollout progress in real time — so you're never left guessing who still needs to sign.
- Automatic versioning on every policy change
- Targeted re-consent: only prompt users who need to re-accept
- Live rollout progress by segment and jurisdiction
- Configurable grace periods before enforcement
PR bot
Catch compliance drift before it merges.
The OpenPolicy+ GitHub bot reviews pull requests that touch your policy config. It summarises what changed in plain English, flags jurisdiction gaps, and posts a diff of the generated document — keeping your legal team in the loop without pulling them into every code review.
- Automatic PR comments on policy config changes
- Plain-English summary of what changed legally
- Rendered document diff so reviewers see the real impact
- Optional approval gate before merging policy changes
openpolicy.config.ts
thirdParties: [
{ name: 'Stripe', purpose: 'payments' },
+ { name: 'Meta Pixel', purpose: 'advertising' },
],
dataTypes: [
+ 'behavioral_targeting',
],
OP
openpolicy-botflagged 2 issues
⚠
Meta Pixel requires explicit opt-in under GDPR
Advertising processors must be listed in your cookie policy with a consent gate — currently missing.
✕
behavioral_targeting not disclosed under CCPA
This data type requires a "Do Not Sell" opt-out link. Merge blocked until resolved.
import { defineConfig } from "@openpolicy/sdk";
import { dataCollected, thirdParties } from "@openpolicy/sdk";
export default defineConfig({
company: {
name: "OpenPolicy",
},
effectiveDate: "2026-01-01",
jurisdictions: ["eu", "us"],
dataCollected,
thirdParties,
});
Built for developers
Policies that live in your repo, not a dashboard.
Define everything in TypeScript — fully typed, diff-friendly, and reviewable in your normal code review flow. OpenPolicy+ takes care of the legal rendering, consent tracking, and compliance reporting so your team stays in their IDE, not a legal portal.
- Fully typed config — autocomplete for jurisdictions, data types, and third parties
- Vite plugin — generates documents as part of your existing build pipeline
- Typed client — consume your policy metadata from any TypeScript app
- Open source core — the OpenPolicy framework is open-source and GPL3 licensed
See OpenPolicy+ in action
Book a 20-minute walkthrough and we'll show you how teams ship compliant products with OpenPolicy+.