Privacy Policy
Last updated: 7 April 2026
This Privacy Policy explains how the Open EWS platform (open-ews.com) handles personal data. Open EWS is operated by Open EWS, a data controller based in Spain (the "Operator"). For any privacy-related request you can contact info@open-ews.com.
1. Data we collect
- Account data: the email address you use to sign in, an internal user identifier, and the date your account was created and last verified.
- Authentication data: short-lived magic-link tokens (deleted as soon as you sign in or after 24 hours) and a session record tied to a secure HTTP-only cookie.
- Operational logs: standard server logs (IP address, user-agent, request path, timestamp) kept for security and abuse prevention. No third-party advertising or analytics trackers are used.
- Project content: the hydraulic models, scenarios and observed data you choose to upload to your projects.
2. How we use it
- To authenticate you and keep you signed in.
- To run the simulations, alerts and dashboards you request inside the platform.
- To monitor the service, prevent abuse, and debug failures.
- To contact you about service-related events such as security advisories. We do not send marketing emails.
3. Where it lives
Data is stored on Google Cloud infrastructure in theeurope-west1region (Belgium). The database is Cloud SQL for PostgreSQL with PostGIS, accessed through a private VPC.
4. Third-party processors
- Google Cloud Platform — hosting, database, container registry, networking. EU region.
- Resend — sends magic-link sign-in emails. The only data shared is the recipient email address and the single-use token.
- Ionos — DNS for the open-ews.com domain.
We do not sell or share personal data with any other party.
5. Cookies
The site sets only the strictly necessary cookies required to keep you signed in (an HTTP-only session cookie and a CSRF token cookie managed by Auth.js). It does not set advertising, analytics or tracking cookies.
6. Your rights (GDPR)
If you are in the European Economic Area you have the right to access, rectify, delete, restrict or port your personal data, and to object to processing. You can exercise these rights, or close your account entirely, by writing to info@open-ews.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).
7. Retention
Account data is kept for as long as your account exists. Authentication tokens are kept for at most 24 hours. Server logs are kept for 30 days. When you delete your account all personal data is removed within 30 days, except where retention is required by law.
8. Changes
We may update this Privacy Policy from time to time. Material changes will be notified by email or through a notice on the platform before they take effect.