opencrater

Policy

Two promises hold this whole thing up: cards developers don't resent, and privacy we can state in one screen. Last updated June 2026.

Ad content policy

Every campaign is reviewed before it can serve. Sponsor cards are plain text rendered in working terminals, so the bar is higher than for web display ads.

Allowed

  • Developer tools, infrastructure, and cloud services
  • AI/ML products, security tooling, SaaS for engineers
  • Education, courses, conferences, books
  • Open-source projects and foundations
  • Hiring for engineering roles

Never allowed

  • Gambling, adult content, weapons, tobacco, recreational drugs
  • Cryptocurrency token sales, airdrops, or yield schemes
  • Misleading claims, fake urgency, impersonation of tools or brands
  • Malware, exploit tooling marketed for abuse, or "growth hacking" spam
  • Political or religious advocacy
  • Anything illegal in a targeted region — campaigns are additionally geo-restricted per country and US state where regulations require it

Formats: text only today. Future image/GIF formats will require a text fallback and will never autoplay audio or video. Sponsors get clicks measured by signed single-use tokens; fraudulent clicks are discarded and never billed.

Privacy

We never collect prompts, code, credentials, file paths, or anything typed into your terminal. Full stop.

What the SDK sends

  • Anonymous install ID — a random UUID generated on your machine, stored in ~/.config/opencrater/state.json. It contains no personal information and you can delete or reset it at any time.
  • Serve metadata — publisher key, package name, placement, and SDK version, so we know which card to serve and whom to pay.

IP addresses

Your IP is used to resolve a coarse region (country, and US state where resolvable) for rate cards and geo policy, and for fraud detection. Raw IPs are retained for at most 72 hours for fraud analysis, then dropped — only a one-way hash is kept afterwards. We never sell or share IP data.

Opting out

Set OPENCRATER_DISABLE=1 or run npx opencrater off. Opted-out machines send nothing — not even the install ID.

Publishers & sponsors

Dashboard accounts store the email and name from your OAuth provider (GitHub, Google, or GitLab), payout details you provide, and an audit log of money-touching actions. Sessions use httpOnly cookies; publisher keys are stored as argon2 hashes and cannot be recovered — only rotated.

Questions or deletion requests: privacy@opencrater.to