Privacy policy
Effective Date: January 2026
At OneDeck Ltd. (“OneDeck”, “we”, “us”, or “our”), we are committed to protecting privacy, safeguarding personal data, and complying with applicable data protection laws, including the Israeli Protection of Privacy Law, 1981, its amendments (including Amendment No. 13), and related regulations.
This Privacy Policy explains how we collect, use, store, secure, and disclose personal information when you interact with our website, platform, and mobile applications.
1. Scope of This Policy
This Privacy Policy applies to:
• Public Website: https://www.onedeck.com
• OneDeck Platform: Web-based platform and mobile applications (iOS and Android), operating on shared infrastructure.
This policy applies to users, customers, prospects, and visitors, as applicable.
2. Information We Collect
Account and Contact Information
• Name, email address, phone number (where provided);
• Company name, address, and registration number (where applicable);
• Encrypted password (for standard sign-up);
• No password is stored when using Google Sign-In.
Payment and Billing Information
Payments are processed by Chargebee.
OneDeck does not store credit card details.
Usage and Technical Information
• IP address;
• Device and browser information;
• Logs, timestamps, and system activity records.
Cookies and Similar Technologies
Described in detail in Section 15 below.
3. Database Ownership, Roles and Legal Responsibility
Controller and Processor Roles
For the purposes of the Israeli Protection of Privacy Law and, where applicable, the GDPR:
• Customers are the Data Controllers of all personal data and content uploaded or processed within their OneDeck accounts (“Customer Content”).
• OneDeck Ltd. acts as a Data Processor with respect to Customer Content and processes such data only on documented customer instructions, solely to provide the services, ensure security, and comply with legal obligations.
OneDeck does not determine the purposes or means of processing Customer Content and does not claim ownership of such data.
OneDeck-Owned Databases
OneDeck is the Data Controller with respect to its own business databases, including:
• Customer and prospect contact details;
• Contractual, billing, and support information;
• Operational, administrative, and compliance records.
Database Registration
As of the effective date of this policy, OneDeck’s databases are not registered with the Israeli Registrar of Databases.
If registration becomes legally required, OneDeck will comply accordingly.
4. Customer Content
Customers retain full ownership and responsibility for Customer Content.
OneDeck accesses Customer Content only:
• To provide and maintain the services;
• Upon customer authorization;
• Where required by law.
Customers are solely responsible for ensuring lawful collection, processing, disclosure, and use of Customer Content.
5. Purposes of Processing
Personal data is processed for the following purposes:
• Providing, operating, and improving the platform;
• Account management and customer support;
• Security, fraud prevention, abuse prevention, and incident detection;
• Service communications and system notifications;
• Legal compliance and enforcement of agreements.
6. Legal Bases for Processing
Processing is based on one or more of the following legal grounds:
• Contractual necessity
• Legitimate interests (security, stability, service improvement)
• Consent (analytics, marketing, cookies, where required)
• Legal obligations
7. Disclosure of Information
OneDeck does not sell personal data.
Information may be shared with trusted service providers, including:
• Cloud infrastructure providers (Google Cloud, AWS, DigitalOcean);
• Payment processors (Chargebee);
• Analytics, marketing, and support tools (Google, Meta, FirstPromoter, Intercom).
All providers are bound by contractual obligations to protect personal data and process it solely for authorized purposes.
8. International Data Transfers
Personal data may be stored or processed in Israel, the United States, and other jurisdictions where service providers operate.
Transfers are conducted in accordance with applicable law and subject to appropriate safeguards.
9. Information Security Measures
In accordance with the Israeli Protection of Privacy Regulations (Information Security), 2017, OneDeck implements reasonable and proportionate technical and organizational safeguards, including:
• Personal user accounts for employees (no shared credentials);
• Role-based access controls and least-privilege access;
• System-level logging and monitoring;
• Automated daily backups;
• Separation of application production environments from development and testing;
• Secure cloud infrastructure;
• No human access to customer data by external providers.
While reasonable measures are implemented, no system is completely secure, and OneDeck cannot guarantee absolute protection against unauthorized access, misuse, or loss.
10. Incident Response and Data Breach Notification
OneDeck maintains internal procedures for handling personal data security incidents.
In the event of a personal data breach, OneDeck will:
• Investigate and contain the incident;
• Assess potential risks to individuals;
• Notify affected users and relevant supervisory authorities where required by applicable law;
• Provide information reasonably necessary to mitigate potential harm.
11. Data Retention
Personal data is retained only for as long as reasonably necessary for:
• Service provision and account continuity;
• Legal, tax, and accounting compliance;
• Security investigations and dispute resolution.
Accounts are not automatically deleted upon cancellation.
Deleted data may remain in encrypted backups for a limited period and will be removed according to backup retention cycles.
12. Data Subject Rights
Subject to applicable law, individuals may exercise rights to:
• Access personal data;
• Correct or update inaccurate data;
• Request deletion;
• Restrict or object to processing;
• Withdraw consent.
Requests should be sent to [email protected].
OneDeck will make reasonable efforts to respond to verified requests within 30 days.
Where permitted by law, this period may be extended due to the complexity or volume of the request.
Requests relating to Customer Content must be addressed to the relevant customer as Data Controller.
13. Accountability and Governance (Amendment 13 Alignment)
OneDeck maintains internal policies and procedures designed to ensure compliance with applicable data protection laws, including access controls, security monitoring, incident documentation, and corrective actions where required.
14. Information Security and Privacy Responsibility
OneDeck has appointed an internal role responsible for information security and privacy compliance.
The designated person is:
Koren Tarshish, CEO of OneDeck Ltd.
This role includes oversight of data protection practices, information security measures, handling of data subject requests, and coordination of incident response and regulatory communications where required by applicable law.
15. Cookies and Tracking Technologies
OneDeck uses cookies and similar technologies.
Strictly Necessary Cookies
Required for authentication, session management, and security (including Google reCAPTCHA).
Functional and Preference Cookies
Store user preferences.
Analytics Cookies
Used for analytics (e.g., Google Analytics) and activated only after user consent, where required.
Marketing and Attribution Cookies
Used for marketing measurement (e.g., Meta, FirstPromoter) and activated only after user consent, where required.
Users may manage cookie preferences via browser settings or available consent tools.
16. Children’s Privacy
OneDeck services are intended for users aged 18 and older.
We do not knowingly collect personal data from children.
17. Updates to This Policy
This Privacy Policy may be updated periodically.
Updates will be posted with a revised effective date. Continued use of the services constitutes acceptance of the updated policy.
18. Contact Information
OneDeck Ltd.
Kibbutz Yifat, 3658300, Israel
📧 [email protected]
