Onlyscience Logo

Privacy Policy

Effective Date: 28 May 2026

Onlyscience Ltd ("Onlyscience," "we," "us," or "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, platform, and services.

1. About Us

Onlyscience Ltd

Company Number: 15446635

Registered Office:
3 Highpath Way
Basingstoke
RG24 9SU
United Kingdom

Contact: info@onlyscience.io

2. Scope of this Policy

This Privacy Policy applies to:

  • visitors to our website;
  • users of the Service;
  • prospective customers;
  • business contacts.

This Policy does not apply to third-party websites or services.

3. Personal Data We Collect

3.1 Account Information

We may collect:

  • name;
  • email address;
  • account credentials;
  • organisation details.

3.2 Billing Information

Payments are processed through third-party payment providers such as Stripe. We may receive limited billing information associated with your subscription. We do not store full payment card details.

3.3 Usage and Technical Data

We may collect:

  • IP address;
  • browser type;
  • device information;
  • operating system;
  • usage activity;
  • session information;
  • log data.

3.4 Customer Data

Users may upload datasets to the Service. These datasets may contain personal data depending on the Customer's use of the platform. Customers are responsible for ensuring they have lawful grounds to upload and process such data.

3.5 Communications

We may collect information contained in:

  • support requests;
  • onboarding discussions;
  • communications with us.

4. How We Use Personal Data

We may use personal data to:

  • provide and operate the Service;
  • authenticate users;
  • manage subscriptions and billing;
  • provide support;
  • maintain platform security;
  • improve the Service;
  • analyse usage trends;
  • comply with legal obligations;
  • enforce our Terms.

We may also use aggregated and anonymised analytics for product improvement and internal business purposes.

5. Legal Bases for Processing

Where UK GDPR or EU GDPR applies, we rely on the following legal bases:

Contractual Necessity

Processing necessary to:

  • provide the Service;
  • manage subscriptions;
  • fulfil contractual obligations.

Legitimate Interests

Processing necessary for:

  • improving the Service;
  • fraud prevention;
  • maintaining security;
  • business operations;
  • analytics.

Legal Obligations

Processing necessary to comply with applicable law.

Consent

Where required, we rely on consent for:

  • certain cookies;
  • optional marketing communications.

6. Cookies and Tracking Technologies

We use cookies and similar technologies. These may include:

  • strictly necessary cookies;
  • analytics cookies;
  • marketing cookies.

Please review our Cookie Policy for further information.

7. Data Sharing

We may share personal data with trusted service providers involved in operating the Service. These providers may include:

  • Supabase;
  • Google Cloud;
  • Stripe;
  • HubSpot;
  • Vercel;
  • Render;
  • GitHub.

We may also disclose information:

  • where legally required;
  • to protect our legal rights;
  • in connection with corporate transactions.

We do not sell personal data.

8. International Transfers

Personal data may be processed outside the United Kingdom or European Economic Area. Where required, we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses;
  • transfers to countries with adequacy decisions;
  • contractual protections with providers.

9. Data Retention

We retain personal data only for as long as reasonably necessary. Typical retention periods may include:

  • active account data: for the duration of the subscription;
  • inactive accounts: up to 24 months;
  • logs and technical records: up to 90 days;
  • backups: approximately 30 days;
  • Customer Data after termination: up to 30 days.

We may retain information longer where legally required.

10. Security

We implement reasonable technical and organisational measures designed to protect personal data. These may include:

  • encryption in transit;
  • encryption at rest;
  • access controls;
  • logical segregation of customer data;
  • audit logging.

No method of transmission or storage is completely secure.

11. Your Rights

Depending on applicable law, you may have rights to:

  • access personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to certain processing;
  • request portability;
  • withdraw consent.

Requests may be submitted to: info@onlyscience.io

You may also have the right to complain to a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

12. Customer Responsibilities

Customers are responsible for:

  • ensuring uploaded data is lawfully collected;
  • obtaining necessary permissions and consents;
  • complying with applicable data protection laws.

Onlyscience does not independently verify the legality of Customer Data uploaded to the Service.

13. Children

The Service is not intended for individuals under 18 years old.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email where appropriate.

15. Contact

Questions regarding this Privacy Policy may be sent to:

Onlyscience