Privacy Policy

Last updated: 15 April 2026

1. Introduction

OneConnecter ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. OneConnecter is a platform that connects AI agents and applications to third-party services through a unified API, enabling users to interact with their data across multiple platforms via natural language.

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information (email address, name)
  • OAuth tokens and refresh tokens for third-party services you connect (we never collect or store your passwords)
  • Usage data and API request logs
  • Communications with us

3. Google User Data

When you connect your Google account, OneConnecter may request access to the following Google services depending on the features you choose to enable:

  • Gmail — Read, compose, send, and manage your email messages and labels (gmail.readonly, gmail.modify, gmail.send)
  • Google Calendar — View and manage your calendar events (calendar.readonly, calendar)
  • Google Drive — View and manage your files stored in Google Drive (drive.readonly, drive)
  • Google Docs — View and manage your Google Docs documents (documents)
  • Google Sheets — View and manage your Google Sheets spreadsheets (spreadsheets)

You choose which services to connect and can revoke access to any service at any time from your OneConnecter dashboard or from your Google Account permissions page at myaccount.google.com/permissions.

4. How We Use Google User Data

OneConnecter accesses your Google data solely to fulfil your explicit requests made through our platform. Specifically:

  • Pass-through processing — When you ask OneConnecter to read an email, list calendar events, search Drive files, or perform other actions, we relay your request to the relevant Google API, return the response to you, and do not retain the content of that response.
  • No persistent storage of Google content— We do not store the body of your emails, the content of your documents, your calendar event details, or your Drive files on our servers. Data is fetched in real time to serve your request and is not cached or persisted.
  • No advertising or profiling — We do not use your Google data for advertising, marketing, analytics profiling, or any purpose unrelated to providing the OneConnecter service to you.
  • No AI/ML model training — Your Google user data is not used to train, improve, or develop machine learning or artificial intelligence models.

5. Google User Data Sharing

We do not sell, rent, or share your Google user data with third parties except in the following limited circumstances:

  • At your direction — When you explicitly instruct OneConnecter to perform an action (e.g. send an email, create a document), we transmit the necessary data to Google APIs to carry out that action on your behalf.
  • AI processing — Your requests and the corresponding Google API responses may be sent to AI model providers (such as Anthropic or OpenAI) within the same session to generate a natural language response for you. This data is processed in transit and is subject to the AI provider's data handling policies. We select providers that do not use API inputs for model training.
  • Legal requirements — We may disclose data if required by law, regulation, or legal process.

OneConnecter's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Shopify Merchant Data

When you connect your Shopify store, OneConnecter requests access via OAuth 2.0 to your store's Admin API. The scopes we request cover products, orders, customers, inventory, fulfillments, shipping, content, themes, discounts, gift cards, locations, reports, price rules, order edits, and returns. You grant these permissions once during installation and can revoke them at any time by uninstalling the app.

How Shopify data is handled:

  • Pass-through processing — Data from your Shopify store (orders, products, customers, inventory levels) is fetched in real time via the Admin API to fulfil your explicit requests and is not persisted on our servers.
  • No customer PII storage — We do not store your customers' names, emails, phone numbers, addresses, or order details beyond the in-session processing needed to answer your query.
  • Access tokens — Your Shopify offline access token and shop domain are encrypted at rest (AES-256-CBC) and used solely to make API calls on your behalf.
  • Write actions require your approval — Any action that modifies your store (creating products, orders, adjusting inventory, issuing discounts) is gated by an explicit approval step. Nothing changes without your confirmation.
  • No advertising or profiling — Shopify data is never used for advertising, marketing, analytics profiling, or sold to third parties.
  • No AI/ML model training — Your Shopify data is not used to train, improve, or develop machine learning models.

GDPR compliance webhooks:

OneConnecter implements all three mandatory Shopify compliance webhooks:

  • customers/data_request — When a customer requests their data, we acknowledge and confirm that no customer PII is retained by OneConnecter.
  • customers/redact — When a customer requests erasure, we acknowledge and purge any linked records (none currently retained).
  • shop/redact — Fired 48 hours after you uninstall the app. We delete your encrypted Shopify access token and any shop-scoped records from our systems.

When you uninstall the OneConnecter app from your Shopify store, your access token is immediately revoked and our connection to your store is severed. Full shop data erasure completes within 48 hours per Shopify's compliance requirements.

7. Data Storage and Protection

We implement appropriate technical and organisational measures to protect your information:

  • OAuth tokens and refresh tokens are encrypted at rest and stored in a secured database with row-level security
  • All data in transit is encrypted using TLS/HTTPS
  • API keys are hashed and never stored in plain text
  • Access to production systems is restricted to authorised personnel only
  • Google user content (emails, documents, files) is not stored on our servers — it is fetched in real time and returned directly to you

8. Data Retention and Deletion

We retain your information as follows:

  • Account data (email, name) is retained for as long as your account is active
  • OAuth tokens are retained until you disconnect the service or delete your account
  • API request logs are retained for up to 90 days for debugging and abuse prevention, then automatically deleted
  • Google user content is never stored and therefore requires no deletion

You can request deletion of your account and all associated data at any time by contacting us at support@oneconnecter.io. Upon receiving a deletion request, we will delete your account data, revoke and delete all stored OAuth tokens, and purge any remaining logs within 30 days.

9. Third-Party Services

Our service allows you to connect to third-party services including Google, Slack, and others. When you connect these services, we securely store OAuth tokens to facilitate API calls on your behalf. We do not access or store your passwords for these services. You can disconnect any service at any time from your dashboard. Each third-party service is governed by its own terms of service and privacy policy.

10. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data and account
  • Disconnect any third-party service integration at any time
  • Revoke Google access via your Google Account permissions
  • Export your data

11. Cookies

We use cookies and similar tracking technologies to maintain your session and preferences. You can control cookies through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@oneconnecter.io