Privacy Policy
Effective Date: 28 May 2026
Onlyscience Ltd ("Onlyscience," "we," "us," or "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, platform, and services.
1. About Us
Onlyscience Ltd
Company Number: 15446635
Registered Office:
3 Highpath Way
Basingstoke
RG24 9SU
United Kingdom
Contact: info@onlyscience.io
2. Scope of this Policy
This Privacy Policy applies to:
- visitors to our website;
- users of the Service;
- prospective customers;
- business contacts.
This Policy does not apply to third-party websites or services.
3. Personal Data We Collect
3.1 Account Information
We may collect:
- name;
- email address;
- account credentials;
- organisation details.
3.2 Billing Information
Payments are processed through third-party payment providers such as Stripe. We may receive limited billing information associated with your subscription. We do not store full payment card details.
3.3 Usage and Technical Data
We may collect:
- IP address;
- browser type;
- device information;
- operating system;
- usage activity;
- session information;
- log data.
3.4 Customer Data
Users may upload datasets to the Service. These datasets may contain personal data depending on the Customer's use of the platform. Customers are responsible for ensuring they have lawful grounds to upload and process such data.
3.5 Communications
We may collect information contained in:
- support requests;
- onboarding discussions;
- communications with us.
4. How We Use Personal Data
We may use personal data to:
- provide and operate the Service;
- authenticate users;
- manage subscriptions and billing;
- provide support;
- maintain platform security;
- improve the Service;
- analyse usage trends;
- comply with legal obligations;
- enforce our Terms.
We may also use aggregated and anonymised analytics for product improvement and internal business purposes.
5. Legal Bases for Processing
Where UK GDPR or EU GDPR applies, we rely on the following legal bases:
Contractual Necessity
Processing necessary to:
- provide the Service;
- manage subscriptions;
- fulfil contractual obligations.
Legitimate Interests
Processing necessary for:
- improving the Service;
- fraud prevention;
- maintaining security;
- business operations;
- analytics.
Legal Obligations
Processing necessary to comply with applicable law.
Consent
Where required, we rely on consent for:
- certain cookies;
- optional marketing communications.
6. Cookies and Tracking Technologies
We use cookies and similar technologies. These may include:
- strictly necessary cookies;
- analytics cookies;
- marketing cookies.
Please review our Cookie Policy for further information.
7. Data Sharing
We may share personal data with trusted service providers involved in operating the Service. These providers may include:
- Supabase;
- Google Cloud;
- Stripe;
- HubSpot;
- Vercel;
- Render;
- GitHub.
We may also disclose information:
- where legally required;
- to protect our legal rights;
- in connection with corporate transactions.
We do not sell personal data.
8. International Transfers
Personal data may be processed outside the United Kingdom or European Economic Area. Where required, we implement appropriate safeguards, which may include:
- Standard Contractual Clauses;
- transfers to countries with adequacy decisions;
- contractual protections with providers.
9. Data Retention
We retain personal data only for as long as reasonably necessary. Typical retention periods may include:
- active account data: for the duration of the subscription;
- inactive accounts: up to 24 months;
- logs and technical records: up to 90 days;
- backups: approximately 30 days;
- Customer Data after termination: up to 30 days.
We may retain information longer where legally required.
10. Security
We implement reasonable technical and organisational measures designed to protect personal data. These may include:
- encryption in transit;
- encryption at rest;
- access controls;
- logical segregation of customer data;
- audit logging.
No method of transmission or storage is completely secure.
11. Your Rights
Depending on applicable law, you may have rights to:
- access personal data;
- correct inaccurate data;
- request deletion;
- restrict processing;
- object to certain processing;
- request portability;
- withdraw consent.
Requests may be submitted to: info@onlyscience.io
You may also have the right to complain to a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).
12. Customer Responsibilities
Customers are responsible for:
- ensuring uploaded data is lawfully collected;
- obtaining necessary permissions and consents;
- complying with applicable data protection laws.
Onlyscience does not independently verify the legality of Customer Data uploaded to the Service.
13. Children
The Service is not intended for individuals under 18 years old.
14. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email where appropriate.
15. Contact
Questions regarding this Privacy Policy may be sent to:
Email: info@onlyscience.io