1. Introduction
OneAds Inc. ("OneAds," "we," "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our financial technology platform.
2. Information We Collect
2.1 Information You Provide
- Account registration: Name, email address, phone number, password
- Identity verification (KYC): Government-issued ID, date of birth, address, selfie photo (processed by Stripe Identity)
- Financial information: Bank account details, transaction history
- Business information: Company name, business type, tax identification
2.2 Information Collected Automatically
- Device data: IP address, browser type, operating system
- Usage data: Pages visited, features used, timestamps
- Transaction data: Card transactions, deposits, withdrawals, conversions
- Security data: Login attempts, passkey usage, session information
3. How We Use Your Information
- Provide and maintain financial services (card issuing, bank accounts, conversions)
- Verify your identity and comply with KYC/AML regulations
- Process transactions and calculate cashback rewards
- Detect, prevent, and investigate fraud and unauthorized access
- Monitor transactions for suspicious activity (BSA/AML compliance)
- Communicate service updates, security alerts, and account notifications
- Improve our platform, features, and user experience
- Comply with legal obligations and respond to regulatory requests
4. Data Sharing
We share your information only with:
4.1 Service Providers
- Stripe: Payment processing, card issuing, treasury services, identity verification
- Banking partners: Virtual account provision, ACH/wire transfers
- Card networks: Visa/Mastercard for card transaction processing
4.2 Legal Requirements
We may disclose your information when required by law, including responding to subpoenas, court orders, regulatory requests, or filing Suspicious Activity Reports (SARs) with FinCEN.
4.3 No Sale of Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Security
- Encryption: TLS 1.2+ in transit, database-level encryption at rest
- Authentication: Passkey/WebAuthn support, session management via Better Auth
- Card security: Full card numbers never stored — only last 4 digits retained. Card reveal requires passkey verification.
- Password storage: Scrypt hashing (not reversible)
- Access control: Role-based access (user/admin), admin approval required for account activation
- Audit logging: Immutable, append-only audit trail of all financial and administrative actions
- Security headers: CSP, HSTS, X-Frame-Options, CSRF protection
6. Data Retention
We retain your data according to the following schedule:
| Data Type | Retention |
|---|
| KYC/identity data | 5 years after account closure |
| Transaction records | 5 years (BSA requirement) |
| Audit logs | 5 years |
| Session data | 90 days |
| Account data (after closure) | 5 years, then anonymized |
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data (subject to regulatory retention requirements — we cannot delete transaction records required by BSA/AML law)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing of your data
To exercise these rights, contact [email protected].
8. Cookies
We use essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Session cookies expire when you close your browser or after inactivity.
9. Children's Privacy
Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately.
10. International Transfers
Your data is processed and stored on servers located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, which may have different data protection laws than your jurisdiction.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
For privacy-related inquiries:
Email: [email protected]
Address: OneAds Inc., San Francisco, CA