ONA Main LogoGet Started

Privacy Policy

Last updated: 18 June 2025 Effective date: 18 June 2025

Welcome to The ONA – AI Assistant ("The ONA", "we", "our", "us"). We operate the productivity platform available at https://theona.ai and related mobile and desktop applications (collectively, the "Services"). This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your information when you use the Services.

Important: This Policy is provided for general informational purposes and does not constitute legal advice. Because privacy requirements vary by jurisdiction and industry, you should consult qualified counsel before publishing or relying on this Policy.

1. Scope

This Policy applies to personal data we process when you:

  • Create an account or profile;
  • Connect third‑party data sources to The ONA (e.g., email, calendar, cloud storage);
  • Interact with our large‑language‑model (LLM) features (including prompts, chat, and generated outputs);
  • Visit our websites, dashboards, or communications channels; or
  • Communicate with us in any manner.

2. The Information We Collect

Category Examples Source
Account Data Name, email, password (hashed), avatar, preferred language You
Connected Content Emails, calendar events, documents, files, notes, task lists, metadata You / linked services with your authorization
Usage Data Feature interactions, time stamps, clicks, queries, crash logs Your device / in‑app events
Device & Log Data IP address, browser type, device identifiers, OS version Your device
Cookies & Similar Tech Session cookies, preference cookies, analytics beacons Your browser

You may choose not to provide certain information, but doing so can limit core functionality.

3. How We Use Your Information

We process your information to:

  1. Provide the Services and fulfill our contract with you;
  2. Power LLM‑based features (e.g., summarising emails, drafting content, retrieving answers) using context from your connected data;
  3. Personalise your experience (e.g., recommended tasks, adaptive UI);
  4. Improve and develop new features, algorithms, and safety systems;
  5. Communicate with you about updates, security alerts, and support requests;
  6. Protect the integrity of the platform, enforce terms, and prevent fraud; and
  7. Comply with legal obligations or respond to lawful requests.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on:

  • Performance of a contract – to deliver the Services you request;
  • Legitimate interests – to maintain and improve our platform, balanced against your rights and freedoms;
  • Consent – for optional connections, marketing emails, and certain analytics/cookies; and
  • Legal obligation – where required to meet applicable laws.

5. Sharing & Disclosure

We never sell your personal data. We may share limited information:

  • Service Providers & Sub‑Processors – cloud hosting, ML infrastructure, customer support, analytics, subject to strict confidentiality and data‑processing agreements;
  • Large Language Model Providers – your prompts and relevant context may be routed through LLM APIs (OpenAI or comparable vendors). Where feasible, data are truncated, pseudonymised, or encrypted in transit, and are not used by the vendor to train their base models unless you opt‑in;
  • Integrations – with services you choose to connect (e.g., Google Workspace, Microsoft 365). Data flows two‑way under their respective terms;
  • Corporate Events – merger, acquisition, or asset sale, subject to continuing protections; and
  • Legal & Safety – when required by law or to protect rights, property, or safety of users or the public.

6. International Transfers

We are headquartered in the United States and use service providers located in the United States and European Union. When we transfer personal data outside the EEA/UK, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful mechanisms. A copy of the relevant transfer mechanism is available on request.

7. Data Retention

We keep personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law:

  • Account data – until your account is deleted + 30 days (for recovery);
  • Connected content – retained while the integration is active; upon disconnection we delete cached copies within 24 hours;
  • LLM prompts & outputs – stored ephemerally (<30 days) solely for debugging and abuse prevention, unless you save them;
  • Analytics logs – 13 months (aggregated thereafter).

8. Security

We implement industry‑standard administrative, technical, and organisational measures, including:

  • End‑to‑end TLS encryption in transit;
  • AES‑256 encryption at rest;
  • Role‑based access controls and audit logs;
  • Regular penetration testing and code reviews;

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold;
  • Rectify inaccurate or incomplete data;
  • Erase data ("right to be forgotten");
  • Restrict or object to processing;
  • Data Portability;
  • Withdraw consent at any time;
  • Lodge a complaint with your supervisory authority (in the EU, you can contact your local data‑protection authority).

Submit requests by emailing support@theona.ai or via the in‑app privacy dashboard. We may need to verify your identity before responding.

10. Children’s Privacy

The ONA is not directed to children under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided data, please contact us and we will delete it.

11. Cookies & Tracking Technologies

We use essential cookies to maintain sessions and preferences, and optional analytics cookies (with your consent) to understand usage patterns. You can manage cookie preferences through our banner or your browser settings. See our separate Cookie Policy for details.

12. Changes to This Policy

We may update this Policy to reflect changes to our practices, technology, or legal requirements. We will notify you of material changes at least 30 days in advance via email or prominent in‑app notice. The "Last updated" date at the top indicates when the latest changes were made.

13. Contact Us

If you have questions, concerns, or would like to exercise your rights, contact our Data Protection Officer:

The ONA, Inc. (remote‑first company registered in Delaware, USA) Email: support@theona.ai\n

Thank you for trusting The ONA with your data. We are committed to protecting your privacy while helping you work smarter.

Ready to reinvent work?

Start today
PricingBlogIntegrationsTemplates
Privacy PolicyTerms of Service
Join the Cognitive Revolution Discord logo - Join our community server