Privacy Policy

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Register for an account or join our waitlist
• Schedule a demo or request information
• Use our Services to analyze marketing data
• Contact us for support or inquiries

This information may include:

• Contact Information: Name and email address
• Account Credentials: Password and authentication information
• Communications: Information you provide when you contact us or respond to our communications

2.2 Information Collected Automatically

When you access and use our Services, we automatically collect certain information about your device and usage patterns:

• Device Information: Device type, operating system, browser type and version, unique device identifiers
• Usage Information: Pages visited, time and date of visits, time spent on pages, clickstream data, features used
• Technical Information: IP address, internet service provider, referring/exit pages, date/time stamps
• Location Information: General geographic location based on IP address
• Analytics Data: Information about how you interact with our Services, including navigation paths and feature usage

We collect this information using cookies and similar tracking technologies. For more details, please see our Cookie Policy.

2.3 Data You Upload to Our Services

When you use our marketing analytics platform, you may upload various types of data for analysis:

• Marketing Campaign Data: Campaign performance metrics, audience information, conversion data
• Customer Analytics: Customer behavior data, segmentation information, purchase patterns
• Financial Data: Budget allocations, cost per acquisition, ROI metrics
• Custom Data: Any other business data you choose to upload for analysis

Important: You are responsible for ensuring you have the necessary rights and consents to upload and process this data through our Services. We act as a data processor for this data on your behalf. See our Data Processing Agreement for more information.

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Authentication Services: If you use single sign-on (SSO) or social login features
• Marketing Partners: Information from co-marketing activities or joint promotions
• Public Sources: Publicly available information to supplement your profile
• Service Providers: Information from our vendors and service providers

3.1 Provide and Manage Services

• Create and manage your account
• Authenticate users and maintain secure sessions
• Process your data uploads and generate analytics reports
• Provide marketing optimization recommendations
• Deliver customer support and respond to your inquiries
• Process transactions and send transaction confirmations
• Enable collaboration features and data sharing within your organization

3.2 Improve and Develop Services

• Monitor and analyze usage patterns and trends
• Conduct research and development to enhance our Services
• Test new features and improvements
• Understand how users interact with our platform
• Identify and fix technical issues and bugs
• Optimize performance and user experience

3.3 Communicate with You

• Send you service-related announcements and updates
• Provide technical notices and security alerts
• Respond to your comments, questions, and support requests
• Send you marketing communications (with your consent)
• Invite you to participate in surveys or provide feedback
• Notify you about changes to our Services or policies

3.4 Security and Compliance

• Detect, prevent, and address fraud, security breaches, and technical issues
• Protect the rights, property, or safety of Onlyscience, our users, and the public
• Enforce our Terms of Service and other agreements
• Comply with legal obligations and regulatory requirements
• Respond to law enforcement requests and legal processes

3.5 Personalization and Marketing

• Customize your experience based on your preferences
• Provide personalized content and recommendations
• Conduct marketing and promotional activities
• Measure the effectiveness of our marketing campaigns
• Display relevant advertisements (where applicable)

4.1 Service Providers and Partners

We engage trusted third-party service providers to assist us in operating our Services. These providers only have access to your information as necessary to perform their functions and are obligated to maintain its confidentiality and security:

• Supabase: Authentication, database, and backend infrastructure services
• Cloud Hosting Providers: Data storage and hosting infrastructure
• Analytics Services: Google Analytics and similar tools for website analytics and performance monitoring
• Payment Processors: Secure payment processing and billing services
• Email Service Providers: Email delivery and communication services
• Customer Support Tools: Help desk and support ticket management
• Security Services: Fraud detection, security monitoring, and threat prevention

We require all service providers to enter into data processing agreements that ensure they comply with applicable data protection laws and maintain appropriate security measures.

4.2 Business Transfers

If Onlyscience is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Respond to lawful requests by public authorities, including national security or law enforcement
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Onlyscience, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Defend against legal claims or disputes

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize integration with third-party services or participate in co-marketing activities.

4.5 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include industry benchmarks, usage statistics, or trends that help us improve our Services or for research purposes.

5.1 Security Measures

Our security measures include:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Multi-factor authentication, role-based access controls, and least privilege principles
• Authentication: Secure authentication mechanisms including password hashing and session management
• Network Security: Firewalls, intrusion detection/prevention systems, and regular security monitoring
• Infrastructure Security: Secure data centers with physical security controls and environmental protections
• Regular Assessments: Periodic security audits, vulnerability scans, and penetration testing
• Incident Response: Dedicated security incident detection and response procedures
• Backups: Regular automated backups with disaster recovery capabilities
• Employee Training: Regular security awareness training for all team members
• Vendor Management: Due diligence and security requirements for third-party service providers

5.2 Your Responsibility

While we implement robust security measures, you also play a crucial role in protecting your information:

• Keep your account credentials confidential and use strong, unique passwords
• Enable multi-factor authentication when available
• Do not share your account with others
• Log out of your account when using shared devices
• Report any suspicious activity or security concerns immediately
• Keep your contact information up to date for security notifications

5.3 Limitations

Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security. You acknowledge and accept that you provide your information at your own risk.

5.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will include information about the nature of the breach, the data affected, and steps you can take to protect yourself.

6.1 Retention Periods

• Account Data: We retain your account information for as long as your account is active or as needed to provide Services
• Usage Data: Analytics and usage data is typically retained for 24-36 months
• Communication Records: Support communications and correspondence are retained for 3-7 years
• Transaction Data: Payment and transaction records are retained as required by tax and accounting regulations (typically 7 years)
• Marketing Data: Marketing communications records are retained until you unsubscribe or request deletion
• Uploaded Data: Data you upload to our Services is retained according to your subscription plan and deleted within 30 days of account termination

6.2 Account Deletion

When you delete your account or request deletion of your personal information:

• We will delete or anonymize your personal information within 30 days
• Backup copies may persist for an additional 90 days in our backup systems
• Some information may be retained where required by law or for legitimate business purposes (e.g., to prevent fraud, resolve disputes, enforce agreements, or comply with legal obligations)
• De-identified or aggregated data may be retained indefinitely for analytics and improvement purposes

6.3 Legal Holds

In some cases, we may be required to retain your information for longer periods due to legal obligations, litigation holds, or regulatory requirements. We will notify you if your deletion request cannot be immediately fulfilled for these reasons.

7.1 Access and Portability

You have the right to:

• Request access to the personal information we hold about you
• Obtain a copy of your personal information in a structured, commonly used, and machine-readable format
• Request transmission of your data to another service provider (data portability)

You can access much of your information through your account dashboard. For additional information or a comprehensive data export, contact us at info@onlyscience.io.

7.2 Correction and Update

You have the right to:

• Correct inaccurate or incomplete personal information
• Update your personal information and preferences

You can update most of your information directly through your account settings. For assistance, contact our support team.

7.3 Deletion ("Right to be Forgotten")

You have the right to request deletion of your personal information. We will comply with deletion requests except where we have a legitimate reason to retain the information, such as:

• Completing a transaction or providing a service you requested
• Detecting and resolving security incidents or fraud
• Complying with legal obligations
• Exercising free speech or ensuring another consumer's right to free speech
• Engaging in research in the public interest
• Internal uses reasonably aligned with your expectations

7.4 Restriction of Processing

You have the right to request that we limit how we use your personal information in certain circumstances, such as:

• While we verify the accuracy of your information
• When processing is unlawful but you don't want the data deleted
• When we no longer need the data but you need it for legal claims
• While we verify our legitimate grounds for processing

7.5 Objection to Processing

You have the right to object to:

• Processing based on legitimate interests
• Direct marketing and profiling for marketing purposes
• Processing for research or statistical purposes

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us.

7.6 Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

7.7 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or significantly affects you. Our Services use automated analytics, but significant decisions require human review.

7.8 Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the European Union member state of your habitual residence, place of work, or place of the alleged infringement if you believe our processing of your personal information violates applicable law.

7.9 Exercising Your Rights

To exercise any of these rights, please contact us at info@onlyscience.io. We may need to verify your identity before fulfilling your request. We will respond to your request within 30 days (or as required by applicable law).

We will not discriminate against you for exercising your privacy rights.

8.1 What Are Cookies

Cookies are small text files stored on your device that help websites remember information about your visit. We use both first-party cookies (set by us) and third-party cookies (set by our service providers).

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the Services to function properly, including authentication and security
• Analytics Cookies: Help us understand how visitors use our Services (e.g., Google Analytics)
• Functional Cookies: Enable enhanced functionality and personalization
• Marketing Cookies: Used to track visitors and display relevant advertisements

8.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner when you first visit our website
• Your browser settings (though this may affect functionality)
• Opt-out tools provided by third-party analytics services

For detailed information about our use of cookies, please see our Cookie Policy.

8.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Because there is no common understanding of how to interpret DNT signals, our Services do not currently respond to DNT signals.

9.1 Legal Basis for Transfers

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to other countries, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with our service providers
• Adequacy Decisions: We transfer to countries deemed to provide adequate protection by relevant authorities
• Binding Corporate Rules: Where applicable with corporate affiliates
• Your Consent: We may obtain your explicit consent for certain transfers

9.2 Data Processing Locations

Our primary data processing facilities are located in:

• United States (primary)
• European Union (for EU customers, where available)

Our service providers may process data in additional jurisdictions. We maintain a list of Sub-processors in our Data Processing Agreement.

9.3 Your Rights

Regardless of where your data is processed, you retain the rights described in this Privacy Policy. If you have questions about international transfers, contact us at info@onlyscience.io.

12.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Sources from which we collect personal information
• Purposes for collecting or selling personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have collected about you

12.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

12.3 Right to Opt-Out

We do not sell your personal information in the traditional sense. However, under California law, sharing data for certain advertising purposes may be considered a "sale." You can opt out of such sharing through our cookie preferences.

12.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing a different level or quality of services
• Suggesting you will receive a different price or level of service

12.5 Shine the Light

California's "Shine the Light" law permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes.

13.1 Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract: To perform our contract with you (e.g., providing Services)
• Consent: Where you have given explicit consent
• Legitimate Interests: For our legitimate business interests (e.g., improving Services, fraud prevention)
• Legal Obligation: To comply with legal requirements

13.2 Your GDPR Rights

Under GDPR, you have the rights described in Section 7 (Your Rights and Choices), including:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Rights related to automated decision-making

13.3 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at info@onlyscience.io.

13.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.