What we collect
We collect only what we need to run the Service:
- Account info — name, email, profile photo (Google sign-in).
- Billing info — handled by Stripe; we never see your card number.
- Content — pages, posts, leads, and knowledge files you upload.
- Usage data — pages viewed, clicks, AI generations (analytics events).
- Device data — browser, OS, IP address, approximate geo (city / country).
- Support messages — when you chat with us or send a support case.
How we use your data
We use your data to:
- Provide and improve the Service (account management, AI generation, analytics dashboards);
- Bill you for paid plans (via Stripe);
- Send service communications (transactional emails, outage notices);
- Respond to support requests;
- Detect and prevent abuse / fraud;
- Comply with legal obligations.
Selling & AI training
Cookies & analytics
We use cookies for authentication, session management, and basic visitor analytics. The visitor analytics use a first-party cookie (_ou_vid) plus a hashed IP fingerprint for de-duplication — no third-party trackers without your consent.
You can manage cookie preferences via the consent banner. See our Cookie Policy for the full list.
Vendors we rely on
We rely on a small set of trusted vendors to operate:
- Google Cloud / Firebase — hosting, auth, database, storage.
- Stripe — billing.
- OneUnit AI models — our own proprietary AI systems and agents power all content generation. Where we use external compute or model providers, they act only as infrastructure under contract and process data solely to deliver our generation — they do not receive your data for their own use.
- Stock media providers — for optional stock imagery (we proxy requests so the upstream never sees your IP).
- Geo-lookup provider — IP-to-country lookup for geo analytics only.
Each vendor has its own privacy policy. We share only the minimum data needed for them to perform the service (e.g. an IP address for geo lookup).
Google API access
When you connect a Google account (Google Calendar, Google Meet) to OneUnit, we request OAuth access to specific Google API scopes:
calendar.readonlyTo read your calendar availability so visitors to your landing page can see open booking slots.calendar.eventsTo create a single confirmed-booking calendar event (with an attached Google Meet link) when a visitor books a meeting from your page.openid · email · profileTo identify the connected Google account and display its email / avatar in your dashboard.OneUnit's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We do NOT sell Google user data;
- We do NOT use Google user data for serving advertisements;
- We do NOT allow humans to read Google user data except (i) with your explicit consent, (ii) for security investigations or to comply with applicable law, or (iii) where the data has been aggregated and anonymized;
- We do NOT use Google user data to develop, improve, or train generalized or non-personalized AI / ML models.
OAuth tokens and any cached calendar data are stored encrypted in Firestore and are accessible only to your account. You may revoke OneUnit's access at any time from /dashboard/connectors (Disconnect) or from your Google account at myaccount.google.com/permissions.
Where your data is stored
Your data is stored on Google Cloud servers in the United States (us-central1). If you use OneUnit from outside the US, your data will be transferred to and processed in the US.
Data retention
We keep data only as long as needed:
Inactivity & automatic pausing of generation
Daily content (posts, images, and videos) is generated for you automatically using paid AI and compute resources. To avoid wasting these resources on accounts that are no longer in use, the Service automatically pauses daily content generation for an account that has been inactive for 7 consecutive days — meaning no login, no content download, no post approval or rejection, and no settings change during that period.
When generation is paused, your previously generated content remains available in your dashboard History. We will notify you, and you can resume generation at any time by clicking the I'm active button in your dashboard (or by simply using the Service again).
Generation resumes with the next scheduled daily batch. We are not obligated to generate or retain content for accounts that remain inactive.
Your rights
If you live in the EU, UK, California, or another jurisdiction with similar laws, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your data ("right to be forgotten");
- Export your data;
- Object to certain processing;
- Withdraw consent (where processing is based on consent).
To exercise any of these rights, email [email protected]. We respond within 30 days.
Children's privacy
OneUnit is not intended for users under 18. We do not knowingly collect data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us — we will delete it.
Security
We use industry-standard security: HTTPS everywhere, Firebase security rules, server-side rate limits, IP-based abuse detection, and SSRF defences on all media-proxy endpoints. No system is perfectly secure, but we will notify you within 72 hours if we discover a breach affecting your account.
Changes to this policy
We will post any changes to this Policy on this page and update the "last updated" date above. Material changes will be notified by email at least 7 days before they take effect.
Contact
Privacy questions? Email [email protected].
Questions about your privacy?
We're happy to help — reach out and we'll get back to you within 30 days.
Email [email protected]