Privacy Policy

Last updated: 2025-08-01

1. Overview

Oneplane Inc. ("Oneplane," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use our website, products, and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

We collect information in the following ways:

a. Information You Provide
  • Account Information: Name, email address, authentication credentials, organization name, and other registration details.
  • Billing Information: Payment information(processed securely through third-party payment processors).
  • Support and Communication: Messages, feedback, and other communications sent to our support channels.
b. Information We Collect Automatically
  • Usage Data: Pages visited, features used, clickstream data, access times, and other diagnostic data.
  • Device & Technical Data: IP address, browser type, operating system, device type, screen resolution, language preferences.
c. Information from Third-Party Services

If you connect third-party accounts (e.g., GitHub, cloud providers), we may receive information as permitted by your settings with those services.

3. How We Use Your Information

We use your personal information to support and enhance your experience with the Service. This includes:

  • Providing, operating, and maintaining the Service;
  • Authenticating and managing your account access;
  • Processing payments and managing subscriptions and billing;
  • Responding to support requests and user inquiries;
  • Sending important service-related communications and updates;
  • Access logs and usage patterns
  • Detecting, investigating, and preventing fraudulent or malicious activity;
  • Fulfilling legal, regulatory, and compliance obligations.

4. Data Sharing and Disclosure

We do not sell your personal data. However, we may share your information under the following circumstances:

a. Service Providers
We engage trusted third-party service providers to support our operations, including:

  • Cloud infrastructure hosting and management (e.g., AWS, Azure, GCP);
  • Payment processing and billing;
  • Customer support and communication tools;
  • Analytics and performance monitoring;
  • Security and compliance auditing.

These providers are contractually obligated to use your data only as necessary to deliver services and maintain confidentiality and security.

b. Cloud Provider Integration
As a multi-cloud orchestration platform, Oneplane enables users to provision and manage infrastructure across multiple cloud providers. To ensure secure integration, we:

  • Do not store your cloud provider credentials in plain text;
  • Use encrypted and secure connections to interact with your cloud accounts;
  • Provision infrastructure directly within your own cloud environment;
  • Maintain audit logs of all orchestration-related activity;
  • Do not store or copy your application data or workload contents.

c. Legal Requirements and Business Transfers
We may disclose your personal information:

  • To comply with legal obligations, government requests, or court orders;
  • To protect and defend the rights, property, or safety of Oneplane, our users, or others;
  • To investigate violations of our Terms of Service or to detect and prevent fraud or security issues;
  • In the event of a merger, acquisition, reorganization, or sale of assets. Your information may be transferred to the acquiring entity under protections consistent with this policy.

5. Data Retention and Deletion

We retain your personal information only as long as necessary to provide the Service, comply with our legal obligations, and fulfill the purposes outlined in this policy.

a. Retention Periods

  • Account Information: Retained while your account remains active.
  • Usage Data & Logs: Retained for up to 24 months for diagnostics and operational analysis.
  • Billing Information: Retained for 7 years to comply with accounting and tax regulations.
  • Support Communications: Retained for 3 years to assist with ongoing support and quality assurance.
  • Security Logs: Retained for 12 months for security auditing and incident response.

b. Data Deletion

You may request deletion of your personal data by:

  • Using the account deletion feature available in your dashboard;
  • Contacting our support team at [email protected];
  • Following our documented data portability and deletion procedures.

Upon account deletion, we will remove your personal information within 30 days, unless a longer retention period is required by applicable law. Certain anonymized activity events may be retained for auditing purposes and are permanently deleted.

6. Data Security and Protection

a. Security Measures

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and secure access controls
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance and ongoing monitoring
  • Automated threat detection and response systems

b. Cloud Provider Security

  • We follow the principle of least privilege for cloud access
  • We maintain separate encryption keys per customer
  • Regular rotation of access tokens and credentials

c. Access Controls

  • Role-based access control (RBAC) limits data access
  • Audit logs track all data access and modifications
  • Two-factor authentication required for sensitive operations
  • Regular access reviews and permission updates

7. Your Rights and Choices

a. Access and Control

  • Access and review your personal information
  • Update or correct inaccurate data
  • Export your data in standard formats
  • Delete your account and associated data
  • Opt-out of marketing communications

b. Cookie Preferences

  • Manage cookies through browser settings and preferences
  • Use our cookie consent management system
  • Opt-out tools for analytics and advertising cookies

c. Data Portability

  • Export infrastructure configurations and templates
  • Export deployment history and logs
  • Export team settings and permissions
  • Export usage analytics and reports

8. International Data Transfers

Oneplane does not transfer or store your personal data outside the region in which the service is used. All data is processed and retained within the deployment region selected by the user or defaulted to the nearest supported infrastructure region. We ensure that data remains within jurisdictional boundaries aligned with privacy expectations.

9. Children's Privacy

Our Service is not directed to or intended for use by individuals under the age of 13 (or the age of digital consent in your jurisdiction, if higher). We do not knowingly collect or solicit personal information from children.

If we become aware that a child has provided us with personal information, we will take reasonable steps to delete such information promptly. If you believe that a child under the applicable age has submitted personal data to us, please contact us at [email protected].

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of our Service.

When we make material changes, we will notify you through the Service interface, email, or other appropriate communication channels. The revised policy will include an updated “Effective Date” at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

11. Contact

For any questions, concerns, or data requests related to this Privacy Policy, please contact Oneplane at Contact and select the "Legal" option.