Legal

Privacy Policy

Effective Date: April 6, 2025 · Last Updated: April 6, 2025

Onederous Inc. ("Onederous," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-native brand strategy platform at onederous.ai and any associated services (collectively, the "Service").

Please read this policy carefully. By using the Service, you agree to the practices described here.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: Name, email address, company name, and password when you register.
  • Project inputs: Brand briefs, strategic inputs, uploaded documents, and any content you submit to our AI agents to process.
  • Communications: Messages you send to our support team or via in-product feedback tools.
  • Billing information: Payment details processed securely through our third-party payment processor. We do not store full credit card numbers.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, click patterns, and workflow interactions within the platform.
  • Device and log data: IP address, browser type, operating system, referring URLs, and error logs.
  • Cookies and similar technologies: See Section 7 (Cookie Policy) for full details.

1.3 Information from Third Parties

  • Authentication providers: If you sign in via Google or another SSO provider, we receive basic profile data (name, email) as permitted by your settings with that provider.
  • Analytics partners: Aggregated, de-identified usage statistics from analytics services we use to improve the platform.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Process your inputs through our AI agent system and deliver strategy and creative outputs.
  • Improve platform performance: Analyze aggregated interaction patterns to refine system behavior. See Section 3 for our specific AI training policy.
  • Personalize your experience: Remember your preferences, project history, and settings.
  • Communicate with you: Send transactional emails, product updates, and, with your consent, marketing communications.
  • Ensure security and prevent fraud: Monitor for suspicious activity and protect the integrity of the platform.
  • Comply with legal obligations: Respond to lawful requests from regulatory or law enforcement authorities.

3. Our AI Training Policy — What We Will and Won't Do

Onederous will never use your customer content to train our AI models.

"Customer content" means any proprietary data you provide to the platform: your brand briefs, uploaded documents, strategic inputs, creative outputs, or any other material specific to your business or your clients' businesses.

Onederous's platform learns from process-level interaction patterns — such as how users navigate between agents, which workflow steps generate the most iteration, and where users tend to pause or refine outputs. This behavioral and operational data is aggregated and de-identified; it contains no proprietary brand content. It is used solely to improve the speed, accuracy, and usability of the platform's underlying workflows.

This distinction matters: we improve the system, not the model, using your data.

Automated Decision-Making and Profiling

Under GDPR Article 22, you have rights related to automated decision-making, including profiling. The AI-generated Outputs from the Service are recommendations for your consideration — they do not constitute automated decisions that produce legal effects concerning you. All Outputs require your independent review, judgment, and decision-making before use.

Certain subscription tiers may involve automated detection of your usage activity to calculate and apply the correct charges to your account. Because billing decisions may have financial effects on you, you have the right to request a clear explanation of how any automated billing determination was calculated, contest any charge you believe was applied in error, and request human review of any automated billing decision.

To exercise any of these rights, contact us at support@onederous.ai.

4. How We Share Your Information

We do not sell your personal data. We may share information as follows:

  • Service providers: Vendors who help us operate the platform, including cloud infrastructure, AI model providers, payment processing, email delivery, and analytics. These providers are contractually required to handle your data only as directed by us.
  • AI infrastructure partners: Our platform uses third-party AI model providers for inference. Data processed through these services is governed by our data processing agreements, which prohibit use of your data for their own model training.
  • Business transfers: If Onederous merges with or is acquired by another company, your information may be transferred. We will provide notice before such a transfer takes effect.
  • Legal compliance: If required by law, subpoena, or to protect the rights, property, or safety of Onederous or others.
  • With your consent: For any other purpose with your explicit permission.

If you require a Data Processing Agreement for GDPR compliance, contact privacy@onederous.ai.

5. Data Retention

  • Account information: Retained for as long as your account is active. Deleted within 90 days of account deletion, except as required for legal compliance.
  • Customer Content and Outputs: Retained while your account is active. Deleted within 90 days after the post-termination retrieval period expires.
  • Billing and transaction records: Retained for up to 7 years after account closure to comply with financial reporting obligations.
  • Usage and analytics data: Retained in identifiable form for up to 24 months, then deleted or permanently de-identified.
  • Communications and support data: Retained for up to 3 years after your last interaction.
  • Server and security logs: Retained for up to 12 months.

You may request deletion of your account and associated data at any time by contacting privacy@onederous.ai. Upon termination, you have 30 days to export your data before deletion.

6. Your Rights

6.1 Rights for All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to certain exceptions.
  • Data portability: Request your data in a structured, machine-readable format.
  • Opt-out of marketing: Unsubscribe from marketing emails at any time.

6.2 Additional Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under GDPR, including the right to object to processing, the right to restrict processing, the right to withdraw consent, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact privacy@onederous.ai.

6.3 Your Rights Under U.S. State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Virginia, Texas, or another U.S. state with a comprehensive consumer privacy law, you may have additional rights regarding your personal information, including the right to know, delete, correct, and opt out of sale. We do not sell your personal information. To submit a privacy rights request, email privacy@onederous.ai with the subject line "Privacy Rights Request."

7. Cookie Policy

Cookies are small text files placed on your device when you visit a website. We use strictly necessary cookies (required for the Service to function), analytics and performance cookies, functional cookies, and, sparingly, marketing cookies. When you first visit onederous.ai, a cookie banner will appear allowing you to accept, decline, or customize your preferences.

8. Data Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security audits. No method of transmission over the internet is 100% secure. In the event of a data breach involving your personal data, we will notify affected users and relevant authorities consistent with applicable law.

9. International Data Transfers

Onederous is based in the United States. If you are accessing the Service from the EEA, UK, or other regions with data transfer restrictions, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for such transfers in compliance with GDPR.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to the address associated with your account.

12. Contact Us

Onederous Inc.
Privacy Contact: Mark Evans, Co-Founder
Email: privacy@onederous.ai

This document is a working draft. It is not legal advice and should be reviewed by qualified legal counsel before publication.