OneUnit AI ("we", "us") operates the OneUnit platform at oneunit.ai. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have. Contact: admin@oneunit.ai
We collect: - Account info — name, email, profile photo (Google sign-in) - Billing info — handled by Stripe; we never see your card number - Content — pages, posts, leads, knowledge files you upload - Usage data — pages viewed, clicks, AI generations (analytics events) - Device data — browser, OS, IP address, approximate geo (city / country) - Support messages — when you chat with us or send a support case
We use your data to: - Provide and improve the Service (account management, AI generation, analytics dashboards) - Bill you for paid plans (via Stripe) - Send service communications (transactional emails, outage notices) - Respond to support requests - Detect and prevent abuse / fraud - Comply with legal obligations We do NOT sell your personal data. We do NOT use Your Content to train external AI models.
We use cookies for authentication, session management, and basic visitor analytics. The visitor analytics use a first-party cookie (_ou_vid) plus a hashed IP fingerprint for de-duplication — no third-party trackers without your consent. You can manage cookie preferences via the consent banner. See our Cookie Policy for the full list.
We rely on a small set of trusted vendors to operate: - Google Cloud / Firebase — hosting, auth, database, storage - Stripe — billing - Google Gemini, xAI Grok, Venice — AI generation - Pexels, Pixabay — stock media (we proxy requests so the upstream never sees your IP) - ipapi.co — IP-to-country lookup for geo analytics Each vendor has its own privacy policy. We share only the minimum data needed for them to perform the service (e.g. an IP address for geo lookup).
When you connect a Google account (Google Calendar, Google Meet) to OneUnit, we request OAuth access to specific Google API scopes: (a) https://www.googleapis.com/auth/calendar.readonly — to read your calendar availability so visitors to your landing page can see open booking slots (b) https://www.googleapis.com/auth/calendar.events — to create a single confirmed-booking calendar event (with an attached Google Meet link) when a visitor books a meeting from your page (c) openid, email, profile — to identify the connected Google account and display its email / avatar in your dashboard. OneUnit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: - We do NOT sell Google user data - We do NOT use Google user data for serving advertisements - We do NOT allow humans to read Google user data except (i) with the affected user's explicit consent, (ii) for security investigations or to comply with applicable law, or (iii) where the data has been aggregated and anonymized - We do NOT use Google user data to develop, improve, or train generalized or non-personalized AI / ML models OAuth tokens and any cached calendar data are stored encrypted in Firestore and are accessible only to your account. You may revoke OneUnit's access at any time from /dashboard/connectors (Disconnect) or from your Google account at https://myaccount.google.com/permissions.
Your data is stored on Google Cloud servers in the United States (us-central1). If you use OneUnit from outside the US, your data will be transferred to and processed in the US.
Account data: kept for the life of your account, plus 30 days after account closure. Billing records: 7 years (US tax law). Support cases: 2 years. Analytics events: 365 days (after which they're aggregated and the raw events deleted).
If you live in the EU, UK, California, or another jurisdiction with similar laws, you have the right to: - Access the personal data we hold about you - Correct inaccurate data - Delete your data ("right to be forgotten") - Export your data - Object to certain processing - Withdraw consent (where processing is based on consent) To exercise any of these rights, email admin@oneunit.ai. We respond within 30 days.
OneUnit is not intended for users under 18. We do not knowingly collect data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us — we will delete it.
We use industry-standard security: HTTPS everywhere, Firebase security rules, server-side rate limits, IP-based abuse detection, and SSRF defences on all media-proxy endpoints. No system is perfectly secure, but we will notify you within 72 hours if we discover a breach affecting your account.
We will post any changes to this Policy on this page and update the "last updated" date below. Material changes will be notified by email at least 7 days before they take effect.
Privacy questions? Email admin@oneunit.ai.