Privacy Policy

Last updated: 2026-03-22

This Privacy Policy explains how OneKitPlus ("we", "us") collects, uses and protects personal data when you visit onekitplus.com or use the apps available on the platform (for example: Budget).

We built this policy to cover the main global privacy frameworks (GDPR/UK GDPR, Swiss FADP, Brazil LGPD, US state privacy laws such as CCPA/CPRA, etc.). Local rules may also apply depending on where you live and how you use the service.

Quick summary
  • We store your app data inside our WordPress database and keep it separated per user.
  • We do not sell your personal information.
  • You can request access, export and deletion of your data.
  • Some features use third parties (Cloudflare, Google login). Details below.

1) Who we are

Controller: OneKitPlus (onekitplus.com)

Contact: https://onekitplus.com/contact/

If you have privacy questions or requests, use our contact page. For security we may ask you to verify ownership of the account before we act on a request.

2) What data we collect

  • Account data: email, username, password hash (never your plain password), verification tokens/hashes, and basic profile data you choose to provide.
  • App data: data you enter in the tools (for example: income/expense transactions, categories, notes, dates, amounts).
  • Technical data: IP address, user agent, device/browser info, timestamps, and basic security logs.
  • Cookies/local storage: WordPress authentication cookies, our language preference cookie (onekit_lang), and similar technical storage needed for the platform.
  • Google login (optional): if you choose "Continue with Google", we receive your Google email and basic profile info, plus a Google identifier used to link the account.

Important: do not enter sensitive data (for example: bank card numbers, government IDs, health data) inside notes. The tools are designed for everyday tracking, not for storing sensitive documents.

3) How we use data (purposes)

  • Provide the platform and apps, create and manage your account, and keep your data saved.
  • Authenticate you, prevent abuse/fraud, and keep the service secure.
  • Send essential emails (for example: email verification, password reset, important security notices).
  • Improve performance and fix bugs (using logs and aggregated metrics).
  • Comply with legal obligations and enforce our terms.

4) Legal bases (EEA/UK - GDPR/UK GDPR)

If you are in the EEA/UK, our processing is based on one or more of these legal bases:

  • Contract: to provide the service you requested (account + apps).
  • Legitimate interests: to secure the platform, prevent abuse, and improve reliability.
  • Consent: only when required (for example optional features or certain cookies, if enabled).
  • Legal obligation: when we must comply with laws and regulations.

5) Sharing and third parties

We share data only when needed to run the service:

  • Hosting/infrastructure: our server provider and database storage.
  • CDN / security: Cloudflare may process network traffic and IP addresses to protect the website.
  • Email delivery: we may use an email provider (SMTP) to send verification/security emails.
  • Google OAuth: used only if you choose Google login.

No sale: we do not sell personal information. If we ever change this, we will update this policy and provide required opt-out mechanisms.

6) International transfers

Depending on the providers you use (for example Cloudflare and Google), your data may be processed outside your country. Where required (EEA/UK), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

7) Retention

We keep personal data only as long as needed for the purposes described above:

  • Account and app data: kept while your account is active. You can request deletion.
  • Security logs: kept for a limited time to prevent abuse and debug issues.
  • Backups: may persist for a short period until they rotate out.

8) Security

We use reasonable technical and organizational measures (TLS/HTTPS, access controls, least privilege, backups) to protect your data. No system can be 100% secure, but we take security seriously and continuously improve.

9) Your rights

Your rights depend on your location. We honor applicable requests, including:

  • GDPR/UK GDPR/Swiss FADP: access, rectification, deletion, restriction, portability, objection, and the right to lodge a complaint with your authority.
  • Brazil LGPD: confirmation, access, correction, anonymization, portability, deletion, information about sharing, and consent withdrawal when applicable.
  • United States (CCPA/CPRA and similar state laws): right to know, delete, correct, and opt-out of "sale" or "sharing" (we do not sell data). You may also have the right to non-discrimination for exercising your rights.

To exercise a request, contact us via the contact page. We may need to verify your identity.

10) Affiliate links disclosure

Some pages may contain affiliate links. This means the platform could earn a commission if you click a link and make a purchase, at no extra cost to you. Affiliate links do not affect how we handle your personal data, but third-party sites have their own privacy policies.

11) Children

OneKitPlus is not intended for children under 13. If you are in the EEA/UK, local rules may require a higher age for consent. If you believe a child provided data, contact us and we will take appropriate action.

12) Changes

We may update this Privacy Policy. We will change the "Last updated" date and, when required, provide additional notice.

Questions?
Use the contact page for privacy requests, data export or account deletion.