Privacy policy

Effective Date: Sep 30th 2025
  
At OneDeck Ltd. ("OneDeck", "we", "us", or "our"), we are committed to protecting your privacy and securing your data. This Privacy Policy explains how we collect, use, store, and share your personal information when you interact with our website, platform, and mobile applications.

1. Who This Policy Covers

This policy applies to:
  • Public Website: www.onedeck.com (informational site; may use cookies and analytics tools).
  • OneDeck Platform: Available via web, iOS, and Android apps (all using the same servers and infrastructure).

2. Information We Collect

  • Account Information: Name and email address.
    • If you sign up using standard registration, we store your encrypted password.
    • If you sign up using Google Sign-In, no password is stored.
  • Payment Information: Processed securely via Chargebee. We do not store payment details.
  • Usage Information: Includes IP address, device type, browser information, and activity logs.
  • Cookies and Tracking:
    • Strictly Necessary Cookies: Used to maintain your active session securely and provide core features.
    • Preference Cookies: Store user preferences for a personalized experience.
    • Security & Anti-Abuse Cookies (reCAPTCHA): We use Google reCAPTCHA on forms (e.g., Contact Us) to protect against spam and automated abuse. As part of this service, Google may set cookies such as _GRECAPTCHA, AEC, DV, NID. These are strictly necessary for security and proper form operation.
    • Analytics Cookies (e.g., Google Analytics): Help us understand usage and improve performance. Used only after you provide consent.
    • Marketing & Attribution Cookies (e.g., Facebook/Meta, FirstPromoter): Measure campaigns and referrals. Used only after you provide consent.
    • Chat & Support Cookies (e.g., Intercom): Enable real-time support. Used only after you provide consent.
  • Cookies & Consent
    When you visit our website, you are asked to accept or decline non-essential cookies.
    If you accept, we set a consent cookie on the onedeck.com top-level domain so your choice applies across our subdomains (e.g., auth.onedeck.com and customer workspaces like *.onedeck.com).
    Session cookies expire when you close your browser. Persistent cookies remain for up to 12 months unless you clear them earlier.
    If you decline, only strictly necessary cookies (including security cookies like reCAPTCHA) remain active.
    You may withdraw or change your consent at any time by clearing cookies in your browser settings or via a “Manage Cookies” link in our footer (where available).
For website visitors, we may also collect data via Google Analytics and Facebook Pixel for marketing and traffic analysis purposes.

3. Customer Content and Data Responsibility

You may upload or store content such as company details, documents, board records, and other materials ("Customer Content").
You retain full ownership of your Customer Content. We do not access, use, or share this content except:
  • To provide and maintain our services.
  • When explicitly authorized by you.
  • When required by law.
You are responsible for ensuring that your content complies with applicable laws.

4. How We Use Your Information

  • To provide and improve our services.
  • To manage your account and provide customer support.
  • To communicate service updates and important notifications.
  • To comply with legal obligations.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: to provide and manage your account and services.
  • Legitimate interest: to ensure security, prevent abuse (e.g., reCAPTCHA), and improve core functionality.
  • Consent: for analytics, marketing, and support cookies and related tools, which are only activated after you provide explicit consent.
  • Legal obligation: where processing is necessary to comply with applicable laws.

5. How We Share Your Information

We do not sell your personal data. We may share data with trusted third-party providers:
  • Hosting & Infrastructure: Google Cloud, AWS, DigitalOcean.
  • Payment Processing: Chargebee.
  • Analytics, Marketing & Support Tools: Google Analytics, Google Ads, Facebook (Meta), FirstPromoter (affiliate tracking), Intercom (customer support chat). These tools are activated only after you provide cookie consent, except for strictly necessary functionality (e.g., security/reCAPTCHA).
All providers are contractually obligated to handle your data securely.

6. Data Storage and International Transfers

Your data is securely stored on servers located in New York, USA. By using our services, you consent to the transfer of your data internationally, including to Israel and the United States.

7. Data Retention and Deletion

  • We do not automatically delete any account data, even after subscription cancellation.
  • Accounts can remain inactive indefinitely, allowing you to reactivate them at any time.
  • We reserve the right to delete data from long-term inactive accounts at our discretion, but this is not automated.
  • You can request deletion of your data at any time by contacting us at [email protected].
Some data may be retained to comply with legal, tax, or regulatory obligations.

8. Data Security

We employ industry-standard security measures, including:
  • Encrypted password storage.
  • Secure hosting environments.
  • Advanced access controls and continuous monitoring.
While we take every reasonable precaution, no system can guarantee absolute security.

9. Data Breach Notification Policy

In the event of a data breach that affects your personal information, we will:
  • Notify you promptly via email or through the platform.
  • Provide details on what data was involved and steps you should take.
  • Outline the measures we are taking to prevent future incidents.
Your trust and security are our top priorities.

10. Your Rights

You have the right to:
  • Access and review your personal data.
  • Correct or update your information.
  • Request deletion of your account and associated data.

Withdrawal of Consent

You have the right to withdraw your consent for non-essential cookies or processing activities at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Supervisory Authority

You also have the right to lodge a complaint with a supervisory authority in the European Union if you believe your rights under data protection laws have been violated.

To exercise these rights, contact us at [email protected].

11. Children's Privacy

OneDeck is intended for businesses and individuals aged 18 and older. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a new effective date. Changes to our cookie practices will also be reflected here with an updated effective date. Continued use of OneDeck after updates constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions or concerns, please contact us:
OneDeck Ltd.
Email: [email protected]
Address: Kibutz Yifat, 3658300, Israel