1. Information We Collect

We collect the following types of information when you use our Services:

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the One Connect platform.
• Facilitate communication and collaboration through integrations (e.g., Gmail API).
• Customize and improve user experience.
• Provide customer support and respond to inquiries.
• Ensure security, fraud prevention, and compliance.
• Analyze usage for business insights and product development.
• Send service-related updates and notifications.

3. Payments

When you subscribe or purchase services through One Connect, payments are processed by Stripe, a third-party payment processor.

• We do not store or have access to your full credit card details.
• Stripe collects and processes your payment information in accordance with its own Privacy Policy and PCI DSS (Payment Card Industry Data Security Standard) compliance requirements.
• Payment information may include your name, billing address, card details, and transaction history, which is securely transmitted directly to Stripe.
• We only receive limited information from Stripe, such as payment status, transaction ID, and subscription details, to confirm and manage your account.

By using our Services, you also agree to Stripe's Privacy Policy, available at: https://stripe.com/privacy

4. Gmail API Integration and Google Data Compliance

If you connect your Gmail account with One Connect:

• We use OAuth 2.0 to request access to your Gmail data.
• Access is limited to the scope necessary to provide features (e.g., sending/receiving emails, syncing communications, attaching documents).

We do not:

• Use Gmail data for advertising.
• Sell Gmail data to third parties.
• Share Gmail data except as required to provide the Service or by law.

Compliance with Gmail API Services User Data Policy

• Data obtained via Gmail API will only be used to provide user-facing features within One Connect.
• We will not transfer Gmail data to others unless it is necessary to provide or improve features, comply with applicable law, or as part of a merger/acquisition.
• We implement industry-standard security measures to protect Gmail data (encryption in transit and at rest, limited internal access, logging, and monitoring).
• Users can disconnect Gmail integration at any time, and data will no longer be accessed.

5. How We Share Information

We may share information in the following circumstances:

• With Service Providers: Third-party vendors that provide hosting, cloud infrastructure, payment processing (Stripe), analytics, or customer support.
• For Legal Reasons: To comply with applicable laws, regulations, or legal requests.
• In Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you authorize us to share information with third parties.

We do not sell your personal data.

6. Data Retention

• Business and account data are retained for as long as your account is active.
• If you delete your account, we will delete your data within 30 days.
• Gmail API data is stored only as long as necessary for the features enabled and is not retained beyond the intended use.
• Stripe may retain your payment records for compliance with tax, accounting, and legal obligations.

7. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Data encryption (in transit and at rest).
• Role-based access control.
• Regular audits and penetration testing.
• Secure data centers and cloud infrastructure.

However, no system is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have rights under applicable privacy laws (GDPR, CCPA, etc.), including:

• Right to access and obtain a copy of your personal data.
• Right to rectify incorrect or incomplete data.
• Right to delete your personal data ("right to be forgotten").
• Right to restrict or object to processing.
• Right to data portability.
• Right to withdraw consent for Gmail integration or other connected services.

To exercise these rights, contact us at info@oneconnect.qa.

9. International Data Transfers

As a global service provider, we may process and store your data in locations outside your country of residence. We ensure appropriate safeguards (e.g., Standard Contractual Clauses under GDPR) are in place.

10. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be effective as of the "Last Updated" date.

12. Data Ownership and ERP Modules

All data entered into One Connect's ERP modules (including Sales, Projects, HRM, Accounting, Supply Chain, and Chats) remains the sole property of the customer (you or your organization).

We do not access, view, or use the business, financial, HR, or communication data stored in your account, except:

• When you explicitly request support and grant us temporary access.
• When required by law or legal order.

ERP modules may contain sensitive information, such as employee payroll, financial records, customer databases, or internal communications. We treat all such information as confidential and ensure it is encrypted, secured, and inaccessible to unauthorized parties, including our staff.

You control who in your organization has access to the data by managing your user accounts and permissions within the platform.

13. Contact Us

For questions about these Terms, please contact us at: