Effective date: March 21, 2018
OnePrivacy S.A. (“OnePrivacy”, “us”, “we”, or “our”) is committed to the privacy and security of your information and communications.
We collect personal information about you in the following ways:
In order to use our Products, you need to create an account with some Account Information. This information are always created by you. This information is required to letting you communicate securely with other users of our Products. Personal information that you may provide through the Service or otherwise communicate with us includes:
Your Account Information consists in:- a name (e.g. a username);
- a valid email address;
- an account public key;
- and a device public key.
This personal information is only kept for the duration of your account lifetime. You can change or delete your profile information at any time. The legal basis for the processing of your personal data mentioned above is your fulfilment of the contract.
You may optionally add other information to your account, such as profile picture or online status. This information is end-to-end encrypted and not exploitable by us.
We cannot decrypt and thus access the content of your messages (including your chats, photos, videos, files, and calls). We store the encrypted version of your messages on our servers for:
- delivery to recipients who are temporarily offline;
- secured backup of your messages in robust data centers, so that you can always retrieve your data if one of your devices is damaged;
- synchronization of your messages across all your devices.
You can delete any message individually at any time, both on your devices and on our servers.
For invoicing and determining the VAT we collect for paid Products:
- the domicile of the customer (country)
- the invoicing address
- the VAT identification number (only for business customers of some countries)
For the execution of credit card payments your credit card data will be shared with our payment service provider Paymill (Germany). When collaborating with Paymill, OnePrivacy receives access to the following banking and financial information about the Website users:
- first name and family name of the user;
- type of bank card;
- the last four digits of the bank card number and
- bank card validity date.
For more information about PayMill, please visit: https://www.paymill.com/en/privacy-policy/.
On the web pages related to our Products, we offer the opportunity to get in contact with us via email or contact form. In doing so personal data is voluntarily transferred to us, stored automatically and only used for the purpose of dealing with the request and getting in contact with the affected person. We will not disclose this personal data to third parties.
In order to maintain our Products servers in an healthy mode (error diagnosis, prevention of abuse), we may store Log Data. These logs contain sender and recipient identifiers and time of connection but no IP addresses. These logs are kept for a maximum of 3 months, for the sole purpose of facilitating troubleshooting and preventing abuse.
We also collect the information that your browser sends whenever you visit our websites. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the Products pages that you visit, the time and date of your visit. However, we don’t use any Analytics Tools and Log Data are kept for a maximum of 72 hours, for the sole purpose of facilitating troubleshooting and preventing abuse.
- To provide and maintain our Service. Your Account Information is used to provide the Service to you and other users. E.g. Your email address is used to validate your account, your public key is used to make you searchable in our user directory. Your email address is never disclosed to other users of the Service until you accept them as part of your contacts.
- To communicate with you. We will use your Account Information to notify you about changes to our Service, to provide you with newsletters through our Product or via your email address. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. Our Products also enable communications between you and others. In particular, sending and delivering invitations, between you and the person who invites you or whom you invited.
To provide you customer support. You may provide us with information related to your use of our Products. For example, you may send us an email with information relating to our app performance or other issues. If you contact us by email or by phone to help you with some troubleshooting, any personal data you may share with us is kept only for the purposes of researching the issue and contacting you about your case.
OnePrivacy S.A. will retain your Personal Data only for as long as is necessary
Personal Data to the extent necessary to comply with our legal obligations
(for example, if we are required to retain your data to comply with applicable
laws), resolve disputes, and enforce our legal agreements and policies.
Your information, including Personal Data, may be transferred to — and
maintained on — computers located outside of your state, province, country or
other governmental jurisdiction where the data protection laws may differ than
those from your jurisdiction.
If you are located outside Luxembourg and choose to provide information to us,
please note that we transfer the data, including Personal Data, to Luxembourg
and process it there.
information represents your agreement to that transfer.
Under certain circumstances, OnePrivacy S.A. may be required to disclose your
Personal Data if required to do so by law or in response to valid requests by
public authorities (e.g. a court or a government agency).
OnePrivacy S.A. may disclose your Personal Data in the good faith belief that such
action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of OnePrivacy S.A.
- To prevent or investigate possible wrongdoing in connection with the
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Our Service may contain links to other sites that are not operated by us. If
you click on a third party link, you will be directed to that third party’s
We have no control over and assume no responsibility for the content, privacy
policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone
under the age of 18. If you are a parent or guardian and you are aware that
your Children has provided us with Personal Data, please contact us. If we
become aware that we have collected Personal Data from children without
verification of parental consent, we take steps to remove that information
from our servers.
We will let you know via email and/or a prominent notice on our Service, prior
to the change becoming effective and update the “effective date” at the top of
All definitions bellow shall have the meaning of the Regulation (EU) 2016/679 (General Data Protection Regulation; hereinafter – “GDPR”).
Personal Data means data about a living individual (“Data Subject”) who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Data Controller means a person who (either alone or jointly or in common with
other persons) determines the purposes for which and the manner in which any
personal data are, or are to be, processed.
Data Processor (or Service Provider) means any person (other than an employee
of the Data Controller) who processes the data on behalf of the Data
Data Subject is any living individual who is the subject of Personal Data.
The User is the individual using our Service. The User corresponds to the Data
Subject, who is the subject of Personal Data.