Onairos← Back to Home

Privacy Policy

Last Updated: January 29, 2026 | Effective Date: January 29, 2026

1. Introduction

Onairos ("we," "our," or "us") is committed to protecting your privacy and ensuring you have control over your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Our Core Philosophy: We don't want your data—we help you use it. Your data never leaves your control. Onairos exists to put you in the driver's seat, providing infrastructure that lets you leverage your personal data on your terms, for your benefit. We never see it. We never store it. We never sell it.

This policy applies to all users of Onairos services, including residents of the European Economic Area (EEA), United Kingdom, and California. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Information

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller is:

Onairos

Email: [email protected]

Data Protection Inquiries: [email protected]

3. Information We Collect

We practice strict data minimization and only collect information that is necessary for our services:

3.1 Information You Provide

  • Account Information: Email address, username, and authentication credentials when you create an account.
  • Profile Information: Optional information you choose to provide to enhance your experience.
  • Communications: Information you provide when contacting our support team.

3.2 Information Collected Automatically

  • Usage Data: Basic interaction data with our platform for service improvement.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP address, access times, and pages viewed for security purposes.

3.3 Data You Process Through Our Platform

Important: Personal data that you choose to process through our platform remains under your complete control. This data is processed ephemerally and is never stored on our servers. Our privacy-preserving architecture is designed to minimize data exposure and ensure we do not retain your processed data.

4. Google API Services User Data

Onairos uses Google API Services to access certain user data with your explicit consent. This section describes our use and protection of Google user data in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Data We Access

With your explicit consent, we may access the following Google user data:

  • Basic profile information (name, email address, profile picture)
  • Account identifiers for authentication purposes
  • Other data you explicitly authorize during the consent flow

4.2 How We Use Google User Data

Google user data is used solely for the following purposes:

  • Personality Analysis: To generate insights about your preferences and personality traits based on data you choose to share, enabling personalized experiences.
  • Personalization: To customize your experience on our platform and provide relevant recommendations tailored to your interests.
  • Authentication: To verify your identity and provide secure access to your account.

4.3 Limited Use Disclosure

Onairos's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data for providing or improving user-facing features that are prominent in our application's user interface.
  • We do not transfer Google user data to third parties unless necessary to provide or improve user-facing features, as required by law, or with your explicit consent.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes, to comply with applicable law, or for our internal operations (and even then, only when the data has been aggregated and anonymized).

4.4 Data Storage and Security

Google user data is protected with the same security measures as all other data on our platform:

  • Encrypted at rest using AES-256 encryption
  • Encrypted in transit using TLS 1.3
  • Processed on our secure, on-premise infrastructure
  • Subject to strict access controls and regular security audits

4.5 Data Retention and Deletion

You maintain full control over your Google user data:

  • Revoke Access: You can revoke Onairos's access to your Google account at any time through your Google Account settings.
  • Request Deletion: You can request deletion of all Google user data we have collected by contacting us at [email protected].
  • Automatic Deletion: Upon revoking access or deleting your Onairos account, all associated Google user data is permanently deleted within 30 days.
  • In-App Controls: You can manage and delete your data directly within the Onairos application settings.

4.6 Consent and Authorization

We only access Google user data after you have provided explicit, informed consent through Google's OAuth consent flow. You will be clearly informed about what data we are requesting and why before granting access. You can withdraw consent at any time.

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a)): Where you have given explicit consent for processing for specific purposes.
  • Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our contract with you and provide our services.
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as security and fraud prevention, provided these interests do not override your rights.

6. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our services
  • To authenticate your identity and manage your account
  • To communicate with you about services, updates, and support
  • To ensure the security and integrity of our platform
  • To comply with legal obligations
  • To protect against fraud and unauthorized access

We do not:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing purposes without consent
  • Share your data with third-party analytics vendors or ad networks
  • Make backdoor data deals or broker your information

7. Data Security

We implement comprehensive technical and organizational measures to protect your personal data:

  • Encryption at Rest: All stored data is encrypted using AES-256 military-grade encryption standards.
  • Encryption in Transit: All data transmitted to and from our services uses TLS 1.3 encryption.
  • End-to-End Encryption: Your data remains encrypted throughout its entire lifecycle on our platform.
  • 100% On-Premise Infrastructure: We do not use third-party AI services (OpenAI, Google, etc.). All processing occurs on our own infrastructure.
  • Privacy-Preserving Design: Our system architecture minimizes data exposure and is designed to limit access to your processed data.
  • Regular Security Audits: We conduct regular security assessments and penetration testing.
  • Access Controls: Strict access controls and authentication mechanisms protect all systems.

8. Data Retention

We adhere to strict data minimization and retention principles:

  • Processed Data: Data you process through our platform is never stored. It is processed ephemerally and immediately forgotten.
  • Account Data: Retained for the duration of your account plus any legally required retention period.
  • Log Data: Retained for a maximum of 90 days for security purposes, then automatically deleted.
  • Support Communications: Retained for up to 2 years to improve our services and for legal compliance.

You may request deletion of your data at any time. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

9. Third-Party Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Service Providers: With trusted service providers who assist in operating our platform, bound by strict data protection agreements.
  • Legal Requirements: When required by law, court order, or governmental regulation.
  • Protection of Rights: To protect the rights, property, or safety of Onairos, our users, or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with continued protection of your data.
  • With Your Consent: When you explicitly authorize us to share specific information.

No Third-Party Tracking: We do not use third-party analytics vendors, advertising networks, or data partners.

10. International Data Transfers

If we transfer personal data outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection laws
  • Binding Corporate Rules where applicable

11. Your Rights Under GDPR (EEA and UK Residents)

If you are a resident of the European Economic Area or United Kingdom, you have the following rights, which we fully support and have implemented:

  • Right of Access (Article 15): Request a copy of your personal data we hold. We will provide this within 30 days of your request.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data. You can update most information directly in your account settings, or contact us for assistance.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"). You can delete your account through the app settings, or contact us to request complete data deletion.
  • Right to Restriction (Article 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (JSON). Contact us to request an export of your data.
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time through your account settings or by contacting us. This will not affect the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority (e.g., the ICO in the UK).

How to Exercise Your Rights

You can exercise your rights through the following methods:

  • In-App: Access account settings to update, export, or delete your data.
  • Email: Contact [email protected] with your request.

We will respond to all requests within 30 days. We may ask you to verify your identity before processing your request to protect your data.

12. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information. Note: Onairos does not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Use: Limit the use and disclosure of sensitive personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected

In the past 12 months, we may have collected:

  • Identifiers (email address, username, IP address)
  • Internet or network activity (browsing history on our platform, interactions)
  • Geolocation data (general location based on IP)

Sale of Personal Information

We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.

To submit a verifiable consumer request, contact us at [email protected]. You may also designate an authorized agent to make a request on your behalf.

13. Cookies and Tracking Technologies

We use minimal, essential cookies necessary for the operation of our services:

  • Essential Cookies: Required for authentication and security.
  • Preference Cookies: Remember your settings and preferences.

We do not use: Third-party tracking cookies, advertising cookies, or analytics cookies from external vendors.

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

14. Children's Privacy

Our services are not directed to individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information immediately. If you believe we have collected information from a child, please contact us at [email protected].

15. Transparency and User Control

We believe in giving you control over your data:

  • Instant Access Revocation: Withdraw access at any moment with no delays or exceptions.
  • Data Export: Request a copy of your data in a portable, machine-readable format at any time.
  • Account Deletion: Delete your account and all associated data through our platform or by contacting support.

16. Regulatory Compliance

  • GDPR: Fully Compliant
  • CCPA/CPRA: Fully Compliant
  • SOC 2: Pending Certification
  • HIPAA: Coming Soon

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a new "Last Updated" date. For significant changes, we will provide additional notice, such as an email notification. We encourage you to review this policy periodically.

18. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

General Support: [email protected]

Privacy Inquiries: [email protected]

Data Subject Requests: [email protected]

We will respond to all requests within 30 days (or sooner as required by applicable law).

19. EU/EEA Representative

For users in the European Economic Area, you may contact our representative for data protection matters at [email protected].