Privacy Policy

Last updated: 23 March 2026

1. Who we are

Onelytics is a social media analytics platform operated by Onelytics Ltd. References to "we", "us", or "our" in this policy refer to Onelytics Ltd. You can contact us at privacy@onelytics.com.

2. What data we collect and why

Account data — your email address and display name, collected when you sign up. Used to authenticate you and communicate with you.

OAuth tokens — access and refresh tokens for platforms you connect (YouTube, TikTok, Instagram, Facebook). These are encrypted at rest and used solely to fetch analytics data on your behalf. We never store your social media passwords.

Analytics snapshots — follower counts, post statistics, and audience demographics fetched from connected platforms. Stored as daily snapshots to power growth charts and trend analysis.

AI content profile — if you use our AI analysis feature, we send a sample of your analytics data to the Anthropic API (Claude) to generate a content profile. The profile (account type, niche, audience summary) is stored in our database. No personally identifiable information is sent to Anthropic.

Usage data — counts of AI analysis requests per day, used solely for rate-limiting purposes.

3. Legal basis for processing (GDPR)

For users in the EU/EEA, our legal basis for processing your personal data is contract performance (Article 6(1)(b) GDPR) — processing is necessary to deliver the analytics service you signed up for. Where we process data for security or fraud prevention, our legal basis is legitimate interests (Article 6(1)(f)).

4. Data security

OAuth tokens are encrypted at rest using AES-256 encryption before being stored in our database. All data is stored on Supabase infrastructure within the EU. Access to production data is restricted to authorised personnel only. We use TLS 1.2+ for all data in transit.

5. Data retention

We retain analytics snapshots for as long as your account is active. If you disconnect a platform, associated OAuth tokens are immediately and permanently deleted. If you delete your account, all personal data is permanently erased within 24 hours (see Section 6).

6. Your rights

Under GDPR (if you are in the EU/EEA) and equivalent laws, you have the following rights:

  • Right of access — you can request a copy of all data we hold about you.
  • Right to data portability — you can export your data as a structured JSON file at any time from Settings → Profile → Privacy & Data → Export Data.
  • Right to erasure — you can permanently delete your account and all associated data from Settings → Profile → Privacy & Data → Delete Account. Deletion is confirmed via email and takes effect immediately upon confirmation.
  • Right to rectification — you can update your display name in Settings at any time.
  • Right to restrict processing — you can disconnect any platform at any time, which stops all data collection for that platform.

To exercise any right not covered by the in-app controls, email us at privacy@onelytics.com. We will respond within 30 days.

7. Third-party processors

We share data with the following sub-processors:

  • Supabase — database, authentication, and file storage (EU region).
  • Vercel — hosting and edge network.
  • Anthropic — AI analysis (anonymised analytics data only, no PII).
  • Resend — transactional email delivery.

We do not sell your personal data to any third party.

8. Cookies

We use only strictly necessary session cookies to keep you authenticated. We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is required for strictly necessary cookies under the ePrivacy Directive.

9. Changes to this policy

We may update this policy when our practices change. If we make material changes, we will notify you by email at least 14 days before the change takes effect.

10. Contact & complaints

For any privacy questions, contact us at privacy@onelytics.com. If you are in the EU/EEA and believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.