Your MQTT cloud - that actually just works

Last updated: November 24, 2025

Welcome to OpenMQTT ("the Service"). By creating an account, accessing the Service, or using any part of our platform, you agree to these Terms of Service ("Terms"). If you do not agree, do not use the Service.

1. Overview

OpenMQTT provides cloud-hosted MQTT brokers and related tools for building IoT projects, prototyping, automation, and non-critical data messaging.

• The Service is designed for hobby, educational and general-purpose IoT use.
• OpenMQTT is not intended for mission-critical or safety-essential systems.

2. Eligibility

You must:

• be at least 16 years old
• provide accurate account information
• comply with all applicable laws

If you create an account on behalf of a company, you confirm that you have authority to bind that entity.

3. Account Responsibilities

You are responsible for:

• maintaining the confidentiality of your login credentials
• all activity under your account
• securing your IoT devices and MQTT clients
• ensuring that no sensitive personal data is sent through your brokers

You must notify us immediately if you suspect unauthorized access.

4. Use of the Service

You may use OpenMQTT for:

• IoT experiments
• maker projects
• Home Assistant integrations
• ESP32 / microcontroller telemetry
• hobby or educational automation

You may not use OpenMQTT for:

• medical devices or healthcare systems
• life-safety or emergency systems
• vehicle control or autonomous systems
• industrial machinery with safety implications
• military equipment or weapons
• illegal activity
• denial-of-service testing or traffic abuse
• spam messaging or abnormal high-frequency traffic

We reserve the right to suspend accounts engaged in abuse or illegal behavior.

5. Data and Message Delivery

MQTT does not guarantee message delivery, ordering, or timeliness. Accordingly:

• We do not guarantee 100% uptime
• Messages may be delayed, lost, duplicated, or dropped
• Brokers may undergo maintenance or restarts
• Debugging features may temporarily store message payloads

You are solely responsible for handling MQTT behavior in your devices and applications.

6. Logging, Debugging & Retention

Depending on your subscription plan and settings, the Service may store:

• connection logs
• last-will and online/offline events
• metadata (timestamps, QoS, topic)
• message payloads if you explicitly enable logging or dashboards

We do not inspect or process MQTT payloads except to operate the Service you request. Retention periods vary by plan and are documented on the Pricing page.

7. Service Modifications

We may modify, suspend or discontinue:

• features
• pricing tiers (including free tiers)
• limits
• regions
• service levels

We will provide reasonable notice when practical.

8. Subscriptions and Billing

Paid plans are billed through Stripe. By subscribing, you agree that:

• charges recur automatically until cancelled
• you can cancel anytime via your billing portal
• partial periods are not refunded
• taxes may apply depending on your region
• pricing and limits are described on our Pricing page

If payment fails, your plan may be downgraded or suspended.

9. Intellectual Property

All software, branding, dashboards, visuals, source code, and platform tools are owned by us or our licensors. You may not reverse engineer, copy, or redistribute the Service.

10. Third-Party Services

We use trusted subprocessors including:

• hosting providers (e.g., Hetzner, AWS, or similar)
• analytics providers
• Stripe for payments
• Cloudflare or equivalent for security/CDN

Use of the Service implies acceptance of their terms where applicable.

11. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind. We explicitly disclaim:

• uninterrupted or error-free operation
• loss-free MQTT delivery
• fitness for critical or safety-essential use
• merchantability
• suitability for high-risk environments

You use the Service at your own risk.

12. Limitation of Liability

To the fullest extent permitted by law:

• We are not liable for lost data, device malfunction, downtime, message loss, indirect damages, or consequential damages.
• Our total liability will not exceed the amount paid in the last 12 months of your subscription (or €10 for free plans).

This limitation applies regardless of legal theory.

13. Termination

You may close your account at any time. We may suspend or terminate accounts that:

• violate these Terms
• cause security risks
• abuse resources
• engage in illegal or harmful activity

Upon termination, your brokers and stored data may be deleted.

14. Governing Law

These Terms are governed by the laws of Sweden. Any disputes shall be resolved in the courts of Stockholm, unless mandatory law specifies otherwise.

15. Contact

Email: support@openmqtt.com

Last updated: November 24, 2025

This Privacy Policy explains how OpenMQTT ("we", "us", "our") collects, uses, stores and protects personal data in connection with the OpenMQTT cloud MQTT service ("the Service"). We are committed to processing personal data in compliance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is OpenMQTT. Email: privacy@openmqtt.com

If you are using OpenMQTT as a business customer and request a Data Processing Agreement (DPA), we may act as a data processor for MQTT payloads and device data.

2. Data We Collect

We collect the minimum information necessary to operate a secure, reliable MQTT service.

2.1 Account Information

• Email address
• Password (hashed and salted)
• Name (optional)
• Country/region (optional)
• Subscription plan / billing details

2.2 Billing Information (via Stripe)

When subscribing to a paid plan, billing information is processed by our payment processor: Stripe Payments Europe, Ltd. (Stripe Privacy Policy). We do not store full credit card numbers on our servers.

2.3 MQTT Metadata

To operate your broker, we process:

• connection timestamps
• client IDs
• IP addresses
• TLS fingerprint
• QoS
• topic names
• online/offline events
• retained flag
• error codes

2.4 Message Payloads

By default, we do not store the contents of MQTT messages. Payloads may be stored only if you explicitly enable:

• Debug/Inspector
• Dashboard logging
• Historical data retention
• Flow recording

2.5 Log Data / Device Telemetry

We may process device IP, reconnect attempts, authentication success/failure, and usage statistics (traffic, sessions, quotas). This helps ensure stability, performance, and abuse prevention.

2.6 Cookies & Analytics

We use cookies for login sessions, user preferences, and website analytics (anonymised). We may use tools such as Plausible Analytics, Google Analytics (optional, consent-based), and Cloudflare.

3. How We Use Personal Data

We process data exclusively for:

• operating your MQTT brokers
• securing and stabilising the Service
• account authentication
• billing and subscription management
• detecting abuse, spam or attacks
• providing support
• improving the Service
• analytics (aggregate, non-identifiable)

We do not sell or share data with advertisers.

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

4.1 Contractual necessity (Art. 6(1)(b))

To provide the Service: account creation, MQTT broker operation, dashboards, logs, flows, billing

4.2 Legitimate interest (Art. 6(1)(f))

Security monitoring, abuse prevention, analytics for product improvement

4.3 Consent (Art. 6(1)(a))

Optional analytics, optional logging of MQTT payloads, optional newsletters

4.4 Legal obligation (Art. 6(1)(c))

Bookkeeping, anti-fraud safeguards, tax/VAT documentation

5. Sharing of Data

We only share data with trusted subprocessors necessary to operate the Service:

• Stripe (payments)
• Cloudflare (security/CDN)
• Hosting provider (Hetzner, AWS, or equivalent EU-based computing)
• Email provider (Mailgun, Postmark, or equivalent)
• Analytics provider (Plausible, optional)

We ensure all subprocessors sign GDPR-compliant DPAs and operate under European data protection standards. We never sell personal data.

6. International Transfers

If data is transferred outside the EU/EEA, we ensure Standard Contractual Clauses (SCCs), supplemental safeguards, and GDPR-compatible protection levels. Most user data is stored within the EU (depending on region/plan).

7. Data Retention

We retain data only as long as necessary:

You may request deletion at any time (see Section 9).

8. Security

We implement industry-standard security measures:

• TLS encryption for all MQTT traffic
• Password hashing (bcrypt/argon2)
• Firewall and rate-limiting
• Brute-force protection
• Network isolation per broker
• Monitoring for suspicious activity
• Two-factor authentication (optional)

However, no service is 100% secure. You are responsible for securing your IoT devices and client code.

9. Your Rights (GDPR)

You have the right to:

• access personal data we store
• request correction
• request deletion ("right to be forgotten")
• object to certain processing
• request data portability
• withdraw consent
• file complaints with your local supervisory authority (IMY in Sweden)

To exercise rights: privacy@openmqtt.com

10. Children

The Service is not intended for children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy. If changes are significant, we will notify you via email or in-app message.

12. Contact

For privacy inquiries: privacy@openmqtt.com

Last updated: November 24, 2025

This Acceptable Use Policy ("AUP") describes activities that are prohibited when using OpenMQTT ("the Service"). This AUP applies to all users and all MQTT brokers created under an account. By using the Service, you agree to this AUP.

1. General Principles

The Service is designed for:

• hobby projects
• prototyping
• maker applications
• education and research
• non-critical IoT solutions

You must not use the Service for any activity that violates law, harms the platform, or puts people at risk.

2. Prohibited Uses

2.1 Critical or Safety-Critical Systems

You may NOT use OpenMQTT for:

• medical devices or patient monitoring
• life-support or emergency equipment
• vehicle/drone/autonomous systems
• fire alarms, security alarms or access control
• industrial machinery where failure may cause injury
• any system where MQTT failure could endanger people

OpenMQTT is not a real-time guaranteed or safety-certified service.

2.2 Illegal or Harmful Activity

You must not use the Service to:

• engage in illegal activity
• distribute malware or harmful software
• perform unauthorized access to devices or networks
• harvest personal data without consent
• control or monitor individuals illegally
• violate privacy or data protection laws

2.3 Network Abuse

The following is strictly prohibited:

• sending excessive or abusive MQTT traffic
• attempting denial-of-service attacks
• exploiting service limits or trying to bypass quotas
• running stress tests, load tests or fuzzing
• brute-force attacks against MQTT credentials
• using the platform to host command-and-control systems

2.4 SPAM or Misuse

You must not:

• generate spam messages
• flood topics
• create looping message storms
• run cryptomining, botnets or automation abuse through brokers

2.5 Dangerous Physical Automations

Automation that may cause physical risk if messages are delayed, lost or duplicated is strictly forbidden. Examples:

• controlling heaters without safety constraints
• controlling pumps or valves without fallback
• controlling electrical relays with high-risk outputs

3. Resource Usage Limits

You agree to comply with:

• plan limits
• message quotas
• bandwidth limits
• connection/session limits
• fair use standards

We may throttle, restrict or suspend accounts exceeding acceptable usage.

4. Security Requirements

You must:

• secure your devices and firmware
• use strong passwords
• avoid sharing credentials
• not expose your broker credentials publicly

5. Enforcement

We may take the following actions:

• warn the user
• suspend or delete brokers
• throttle or limit traffic
• terminate accounts
• report illegal activity to authorities

We determine violations at our sole discretion.

6. Changes to the AUP

We may update this AUP from time to time. Continued use of the Service constitutes acceptance of changes.

7. Contact

Questions about this AUP: abuse@openmqtt.com

Last updated: November 24, 2025

Welcome to OpenMQTT ("the Service"). By creating an account, accessing the Service, or using any part of our platform, you agree to these Terms of Service ("Terms"). If you do not agree, do not use the Service.

1. Overview

OpenMQTT provides cloud-hosted MQTT brokers and related tools for building IoT projects, prototyping, automation, and non-critical data messaging.

• The Service is designed for hobby, educational and general-purpose IoT use.
• OpenMQTT is not intended for mission-critical or safety-essential systems.

2. Eligibility

You must:

• be at least 16 years old
• provide accurate account information
• comply with all applicable laws

If you create an account on behalf of a company, you confirm that you have authority to bind that entity.

3. Account Responsibilities

You are responsible for:

• maintaining the confidentiality of your login credentials
• all activity under your account
• securing your IoT devices and MQTT clients
• ensuring that no sensitive personal data is sent through your brokers

You must notify us immediately if you suspect unauthorized access.

4. Use of the Service

You may use OpenMQTT for:

• IoT experiments
• maker projects
• Home Assistant integrations
• ESP32 / microcontroller telemetry
• hobby or educational automation

You may not use OpenMQTT for:

• medical devices or healthcare systems
• life-safety or emergency systems
• vehicle control or autonomous systems
• industrial machinery with safety implications
• military equipment or weapons
• illegal activity
• denial-of-service testing or traffic abuse
• spam messaging or abnormal high-frequency traffic

We reserve the right to suspend accounts engaged in abuse or illegal behavior.

5. Data and Message Delivery

MQTT does not guarantee message delivery, ordering, or timeliness. Accordingly:

• We do not guarantee 100% uptime
• Messages may be delayed, lost, duplicated, or dropped
• Brokers may undergo maintenance or restarts
• Debugging features may temporarily store message payloads

You are solely responsible for handling MQTT behavior in your devices and applications.

6. Logging, Debugging & Retention

Depending on your subscription plan and settings, the Service may store:

• connection logs
• last-will and online/offline events
• metadata (timestamps, QoS, topic)
• message payloads if you explicitly enable logging or dashboards

We do not inspect or process MQTT payloads except to operate the Service you request. Retention periods vary by plan and are documented on the Pricing page.

7. Service Modifications

We may modify, suspend or discontinue:

• features
• pricing tiers (including free tiers)
• limits
• regions
• service levels

We will provide reasonable notice when practical.

8. Subscriptions and Billing

Paid plans are billed through Stripe. By subscribing, you agree that:

• charges recur automatically until cancelled
• you can cancel anytime via your billing portal
• partial periods are not refunded
• taxes may apply depending on your region
• pricing and limits are described on our Pricing page

If payment fails, your plan may be downgraded or suspended.

9. Intellectual Property

All software, branding, dashboards, visuals, source code, and platform tools are owned by us or our licensors. You may not reverse engineer, copy, or redistribute the Service.

10. Third-Party Services

We use trusted subprocessors including:

• hosting providers (e.g., Hetzner, AWS, or similar)
• analytics providers
• Stripe for payments
• Cloudflare or equivalent for security/CDN

Use of the Service implies acceptance of their terms where applicable.

11. Disclaimer of Warranties

The Service is provided "as is" and "as available" without warranties of any kind. We explicitly disclaim:

• uninterrupted or error-free operation
• loss-free MQTT delivery
• fitness for critical or safety-essential use
• merchantability
• suitability for high-risk environments

You use the Service at your own risk.

12. Limitation of Liability

To the fullest extent permitted by law:

• We are not liable for lost data, device malfunction, downtime, message loss, indirect damages, or consequential damages.
• Our total liability will not exceed the amount paid in the last 12 months of your subscription (or €10 for free plans).

This limitation applies regardless of legal theory.

13. Termination

You may close your account at any time. We may suspend or terminate accounts that:

• violate these Terms
• cause security risks
• abuse resources
• engage in illegal or harmful activity

Upon termination, your brokers and stored data may be deleted.

14. Governing Law

These Terms are governed by the laws of Sweden. Any disputes shall be resolved in the courts of Stockholm, unless mandatory law specifies otherwise.

15. Contact

Email: support@openmqtt.com

Last updated: November 24, 2025

This Privacy Policy explains how OpenMQTT ("we", "us", "our") collects, uses, stores and protects personal data in connection with the OpenMQTT cloud MQTT service ("the Service"). We are committed to processing personal data in compliance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is OpenMQTT. Email: privacy@openmqtt.com

If you are using OpenMQTT as a business customer and request a Data Processing Agreement (DPA), we may act as a data processor for MQTT payloads and device data.

2. Data We Collect

We collect the minimum information necessary to operate a secure, reliable MQTT service.

2.1 Account Information

• Email address
• Password (hashed and salted)
• Name (optional)
• Country/region (optional)
• Subscription plan / billing details

2.2 Billing Information (via Stripe)

When subscribing to a paid plan, billing information is processed by our payment processor: Stripe Payments Europe, Ltd. (Stripe Privacy Policy). We do not store full credit card numbers on our servers.

2.3 MQTT Metadata

To operate your broker, we process:

• connection timestamps
• client IDs
• IP addresses
• TLS fingerprint
• QoS
• topic names
• online/offline events
• retained flag
• error codes

2.4 Message Payloads

By default, we do not store the contents of MQTT messages. Payloads may be stored only if you explicitly enable:

• Debug/Inspector
• Dashboard logging
• Historical data retention
• Flow recording

2.5 Log Data / Device Telemetry

We may process device IP, reconnect attempts, authentication success/failure, and usage statistics (traffic, sessions, quotas). This helps ensure stability, performance, and abuse prevention.

2.6 Cookies & Analytics

We use cookies for login sessions, user preferences, and website analytics (anonymised). We may use tools such as Plausible Analytics, Google Analytics (optional, consent-based), and Cloudflare.

3. How We Use Personal Data

We process data exclusively for:

• operating your MQTT brokers
• securing and stabilising the Service
• account authentication
• billing and subscription management
• detecting abuse, spam or attacks
• providing support
• improving the Service
• analytics (aggregate, non-identifiable)

We do not sell or share data with advertisers.

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

4.1 Contractual necessity (Art. 6(1)(b))

To provide the Service: account creation, MQTT broker operation, dashboards, logs, flows, billing

4.2 Legitimate interest (Art. 6(1)(f))

Security monitoring, abuse prevention, analytics for product improvement

4.3 Consent (Art. 6(1)(a))

Optional analytics, optional logging of MQTT payloads, optional newsletters

4.4 Legal obligation (Art. 6(1)(c))

Bookkeeping, anti-fraud safeguards, tax/VAT documentation

5. Sharing of Data

We only share data with trusted subprocessors necessary to operate the Service:

• Stripe (payments)
• Cloudflare (security/CDN)
• Hosting provider (Hetzner, AWS, or equivalent EU-based computing)
• Email provider (Mailgun, Postmark, or equivalent)
• Analytics provider (Plausible, optional)

We ensure all subprocessors sign GDPR-compliant DPAs and operate under European data protection standards. We never sell personal data.

6. International Transfers

If data is transferred outside the EU/EEA, we ensure Standard Contractual Clauses (SCCs), supplemental safeguards, and GDPR-compatible protection levels. Most user data is stored within the EU (depending on region/plan).

7. Data Retention

We retain data only as long as necessary:

You may request deletion at any time (see Section 9).

8. Security

We implement industry-standard security measures:

• TLS encryption for all MQTT traffic
• Password hashing (bcrypt/argon2)
• Firewall and rate-limiting
• Brute-force protection
• Network isolation per broker
• Monitoring for suspicious activity
• Two-factor authentication (optional)

However, no service is 100% secure. You are responsible for securing your IoT devices and client code.

9. Your Rights (GDPR)

You have the right to:

• access personal data we store
• request correction
• request deletion ("right to be forgotten")
• object to certain processing
• request data portability
• withdraw consent
• file complaints with your local supervisory authority (IMY in Sweden)

To exercise rights: privacy@openmqtt.com

10. Children

The Service is not intended for children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy. If changes are significant, we will notify you via email or in-app message.

12. Contact

For privacy inquiries: privacy@openmqtt.com

Last updated: November 24, 2025

This Acceptable Use Policy ("AUP") describes activities that are prohibited when using OpenMQTT ("the Service"). This AUP applies to all users and all MQTT brokers created under an account. By using the Service, you agree to this AUP.

1. General Principles

The Service is designed for:

• hobby projects
• prototyping
• maker applications
• education and research
• non-critical IoT solutions

You must not use the Service for any activity that violates law, harms the platform, or puts people at risk.

2. Prohibited Uses

2.1 Critical or Safety-Critical Systems

You may NOT use OpenMQTT for:

• medical devices or patient monitoring
• life-support or emergency equipment
• vehicle/drone/autonomous systems
• fire alarms, security alarms or access control
• industrial machinery where failure may cause injury
• any system where MQTT failure could endanger people

OpenMQTT is not a real-time guaranteed or safety-certified service.

2.2 Illegal or Harmful Activity

You must not use the Service to:

• engage in illegal activity
• distribute malware or harmful software
• perform unauthorized access to devices or networks
• harvest personal data without consent
• control or monitor individuals illegally
• violate privacy or data protection laws

2.3 Network Abuse

The following is strictly prohibited:

• sending excessive or abusive MQTT traffic
• attempting denial-of-service attacks
• exploiting service limits or trying to bypass quotas
• running stress tests, load tests or fuzzing
• brute-force attacks against MQTT credentials
• using the platform to host command-and-control systems

2.4 SPAM or Misuse

You must not:

• generate spam messages
• flood topics
• create looping message storms
• run cryptomining, botnets or automation abuse through brokers

2.5 Dangerous Physical Automations

Automation that may cause physical risk if messages are delayed, lost or duplicated is strictly forbidden. Examples:

• controlling heaters without safety constraints
• controlling pumps or valves without fallback
• controlling electrical relays with high-risk outputs

3. Resource Usage Limits

You agree to comply with:

• plan limits
• message quotas
• bandwidth limits
• connection/session limits
• fair use standards

We may throttle, restrict or suspend accounts exceeding acceptable usage.

4. Security Requirements

You must:

• secure your devices and firmware
• use strong passwords
• avoid sharing credentials
• not expose your broker credentials publicly

5. Enforcement

We may take the following actions:

• warn the user
• suspend or delete brokers
• throttle or limit traffic
• terminate accounts
• report illegal activity to authorities

We determine violations at our sole discretion.

6. Changes to the AUP

We may update this AUP from time to time. Continued use of the Service constitutes acceptance of changes.

7. Contact

Questions about this AUP: abuse@openmqtt.com