OnceHub welcomes the progress brought forth by the GDPR. As a data processor, we work closely with privacy experts to ensure our security and privacy programs meet the standards outlined in the GDPR. Upon signing up to our platform, users agree to our Data Processing Addendum. The DPA is our contractual obligation to process data in a GDPR compliant manner.
Data protection is a key consideration right from the early stages of the development lifecycle. We ensure that all our features are fully secure and all data processed by OnceHub is encrypted at rest and in transit.
Data protection is our default mode of operation. We only collect and store data required to provide our service. If a user deletes their OnceHub account, we remove all their data from our systems within 180 days of deletion.
OnceHub has designated an internal Data Protection Officer (DPO) to oversee compliance. Additionally, we have nominated VeraSafe, an experienced privacy consultancy, to represent OnceHub in the EU.
Our application is audited internally and externally on an ongoing basis to identify potential privacy flaws and exposures. Additionally, we perform impact assessments for any new features that may potentially affect the data flow of our application.
We hold ourselves accountable to the highest standards by providing visibility to our security program. We make all our legal documentation easily accessible from our Trust center, GDPR center, and Legal center. Upon request, users can access our annual SOC 2 audit report.
OnceHub has enacted policies to protect users’ rights. We allow OnceHub users to opt-out of our notifications, and are ready to respond to any data access requests from our users.
We do our very best to protect your data, though the unexpected could happen. In such cases, we are committed to always being fully transparent and notifying the supervisory authority and all affected parties according to the GDPR requirements.