oneads

Privacy Policy

Last updated: April 10, 2026

1. Introduction

OneAds Inc. ("OneAds," "we," "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our financial technology platform.

1a. Google Ads Data — Limited Use Disclosure

OneAds' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Google Ads manager account (MCC), we read campaign, ad group, keyword, daily metric, change-history, and recommendation data from the Google Ads API on your behalf. We store an encrypted refresh token (AES-256-GCM at rest) so we can keep that data fresh while your account is linked. We do not sell, transfer, or use this data for advertising or any purpose unrelated to providing the OneAds product. Mutations (campaign pause, budget update, bid update) only ever execute after an explicit click in the OneAds UI; OneAds does not autonomously edit your Google Ads account.

You can disconnect a Google Ads link at any time from/dashboard/integrations/google-ads; disconnecting marks the credential revoked and stops further sync. For full data deletion, email [email protected] and we will purge campaign / metrics data and the encrypted refresh token within 30 days.

2. Information We Collect

2.1 Information You Provide

  • Account registration: Name, email address, phone number, password
  • Identity verification (KYC): Government-issued ID, date of birth, address, selfie photo (processed by Stripe Identity)
  • Financial information: Bank account details, transaction history
  • Business information: Company name, business type, tax identification

2.2 Information Collected Automatically

  • Device data: IP address, browser type, operating system
  • Usage data: Pages visited, features used, timestamps
  • Transaction data: Card transactions, deposits, withdrawals, conversions
  • Security data: Login attempts, passkey usage, session information

3. How We Use Your Information

  • Provide and maintain financial services (card issuing, bank accounts, conversions)
  • Verify your identity and comply with KYC/AML regulations
  • Process transactions and calculate cashback rewards
  • Detect, prevent, and investigate fraud and unauthorized access
  • Monitor transactions for suspicious activity (BSA/AML compliance)
  • Communicate service updates, security alerts, and account notifications
  • Improve our platform, features, and user experience
  • Comply with legal obligations and respond to regulatory requests

4. Data Sharing

We share your information only with:

4.1 Service Providers

  • Stripe: Payment processing, card issuing, treasury services, identity verification
  • Banking partners: Virtual account provision, ACH/wire transfers
  • Card networks: Visa/Mastercard for card transaction processing

4.2 Legal Requirements

We may disclose your information when required by law, including responding to subpoenas, court orders, regulatory requests, or filing Suspicious Activity Reports (SARs) with FinCEN.

4.3 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

  • Encryption: TLS 1.2+ in transit, database-level encryption at rest
  • Authentication: Passkey/WebAuthn support, session management via Better Auth
  • Card security: Full card numbers never stored — only last 4 digits retained. Card reveal requires passkey verification.
  • Password storage: Scrypt hashing (not reversible)
  • Access control: Role-based access (user/admin), admin approval required for account activation
  • Audit logging: Immutable, append-only audit trail of all financial and administrative actions
  • Security headers: CSP, HSTS, X-Frame-Options, CSRF protection

6. Data Retention

We retain your data according to the following schedule:

Data TypeRetention
KYC/identity data5 years after account closure
Transaction records5 years (BSA requirement)
Audit logs5 years
Session data90 days
Account data (after closure)5 years, then anonymized

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to regulatory retention requirements — we cannot delete transaction records required by BSA/AML law)
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing of your data

To exercise these rights, contact [email protected].

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Session cookies expire when you close your browser or after inactivity.

9. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately.

10. International Transfers

Your data is processed and stored on servers located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

For privacy-related inquiries:
Email: [email protected]
Address: OneAds Inc., San Francisco, CA

Terms of Service · Back to Home