Your Privacy, Our Responsibility

1.1. Information You Provide

When you use OnePush, we collect information that you provide directly to us, including:

• Account information (name, email address, company details)
• Payment information (processed securely through Stripe)
• Email content and subscriber lists
• Communication preferences and settings

1.2. Automatically Collected Information

We automatically collect certain information when you use our services, including:

• Log data (IP address, browser type, device information)
• Usage data (features used, time spent, interactions)
• Email delivery statistics and analytics
• Cookies and similar tracking technologies

We use the collected information for various purposes, including:

• Providing and maintaining our services
• Processing your payments and managing your account
• Sending you important updates and notifications
• Improving and optimizing our platform
• Analyzing usage patterns and trends
• Detecting and preventing fraud or abuse
• Complying with legal obligations

We may share your information with:

• Service providers who assist in operating our platform
• Payment processors (Stripe) for handling transactions
• Email delivery services you choose to use
• Law enforcement when required by law
• Third parties with your explicit consent

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Secure data storage and backup systems
• Employee training on data protection

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

• **Right of Access**: You can request a copy of the personal data we hold about you
• **Right to Rectification**: You can request correction of inaccurate or incomplete data
• **Right to Erasure**: You can request deletion of your personal data ("right to be forgotten")
• **Right to Restrict Processing**: You can request limitation of how we process your data
• **Right to Data Portability**: You can request your data in a structured, machine-readable format
• **Right to Object**: You can object to processing based on legitimate interests
• **Right to Withdraw Consent**: You can withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@onepush.app. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not handled your personal data in accordance with GDPR.

We use cookies and similar tracking technologies for the following purposes:

**Essential Cookies** (Required for site functionality):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance

**Analytics Cookies** (Optional, require consent):

• Website usage analytics
• Feature usage tracking
• Performance monitoring

**Third-Party Cookies**:

• Google Fonts: We load fonts from Google Fonts CDN. Google may set cookies. See Google's Privacy Policy for details.

**Cookie Management**:

• You can control cookies through your browser settings
• You can withdraw consent for non-essential cookies at any time
• Disabling essential cookies may affect platform functionality

**Cookie Retention**:

• Session cookies: Deleted when you close your browser
• Persistent cookies: Retained for up to 12 months or until you delete them

For detailed information about specific cookies we use, please contact us at privacy@onepush.app.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data: Retained for the duration of your account and up to 7 years after account closure for legal and tax purposes
• Email tracking data: Retained for 30 days after email delivery
• Email logs: Retained for 90 days for delivery troubleshooting
• Marketing communications: Retained until you unsubscribe or request deletion
• Payment records: Retained for 7 years as required by tax and accounting laws

After the retention period expires, we will securely delete or anonymize your personal data.

OnePush stores all data within the European Union (EU) and European Economic Area (EEA). Our infrastructure is hosted by EU/EEA-based companies.

If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

We do not transfer personal data to countries without adequate data protection laws unless appropriate safeguards are implemented.

We process your personal data based on the following legal grounds under GDPR:

• **Contract Performance**: Processing necessary to fulfill our service agreement with you
• **Legitimate Interests**: Processing for business operations, security, fraud prevention, and service improvement
• **Consent**: Processing based on your explicit consent (e.g., marketing communications, optional tracking)
• **Legal Obligation**: Processing required to comply with legal obligations (e.g., tax records)

You can withdraw consent at any time by contacting us or using the unsubscribe options provided.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights
• Provide clear information about the nature of the breach, likely consequences, and measures taken

We maintain incident response procedures and regularly test our security measures to prevent breaches.

We use the following categories of third-party service providers who act as data processors:

• **Payment Processing**: Stripe (payment processing) - Data Processing Agreement in place
• **Hosting & Infrastructure**: EU/EEA-based hosting providers - Data Processing Agreements in place
• **Email Delivery**: Email delivery services you choose to integrate - Subject to your configuration
• **Analytics**: Optional analytics services (only if you enable tracking)

All third-party processors are bound by Data Processing Agreements (DPAs) that comply with GDPR requirements. We regularly review and audit our processors to ensure compliance.

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@onepush.app, and we will delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will:

• Post the updated policy on this page with a new "Effective Date"
• Notify you via email if changes are material
• Provide a summary of key changes when significant updates are made

Your continued use of OnePush after changes to this policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you may close your account.