Privacy Policy

1. Information We Collect

Information You Provide:

• Account information (name, email, phone number)
• Company details (business name, address, industry)
• Payment information (processed securely through Stripe)
• Content you upload or create within the platform
• Communications with our support team

Information Collected Automatically:

• Device information (browser type, operating system)
• Usage data (features accessed, actions taken)
• IP addresses and location data
• Cookies and similar tracking technologies

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process transactions and send billing communications
• Send service-related notifications and updates
• Respond to your inquiries and provide customer support
• Analyze usage patterns to enhance user experience
• Detect and prevent fraud or security threats
• Comply with legal obligations

3. Data Storage and Security

Your data is stored securely using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). We implement appropriate technical and organizational measures to protect your personal information, including:

• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures

4. Data Sharing

We do not sell your personal information.

We may share data with:

• Service Providers: Third parties who assist in operating our platform (cloud hosting, payment processing, email delivery)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law, court order, or government request
• With Your Consent: When you explicitly authorize sharing

Third-Party Services We Use:

• Stripe (payment processing)
• Microsoft Azure (cloud infrastructure)
• SendGrid (email delivery)
• Analytics providers

5. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Restriction: Request limitation of processing
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@oneapp.today.

6. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with a supervisory authority
• Right to be informed about automated decision-making
• Right not to be subject to solely automated decisions with legal effects

Our legal bases for processing include: contract performance, legitimate interests, consent, and legal compliance.

7. CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to equal service and price (non-discrimination)

We do not sell personal information as defined by the CCPA.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze usage and improve performance
• Provide personalized experiences

Types of Cookies:

• Essential: Required for basic platform functionality
• Analytics: Help us understand how users interact with our service
• Preferences: Remember your settings and choices

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit platform functionality.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account closure:

• Account data is retained for 30 days, then deleted
• Backup copies may be retained for up to 90 days
• Certain information may be retained longer as required by law (e.g., financial records)

10. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States, where our servers are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.

11. Marketing Communications

We may send you marketing communications about our services. You can opt out at any time by:

• Clicking “unsubscribe” in any marketing email
• Adjusting your notification preferences in account settings
• Contacting us at privacy@oneapp.today

Service-related communications (billing, security alerts) are not affected by marketing opt-outs.

12. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification at least 30 days before taking effect. The “Last Updated” date at the top reflects the most recent revision.

14. Contact Us

For privacy inquiries or to exercise your rights, contact us at:

• Email: privacy@oneapp.today
• Address: OneApp, 7633 S Main St, Midvale, UT 84047
• Data Protection Officer: dpo@oneapp.today

For EU residents, you may also contact our EU representative at eu-representative@oneapp.today.