OnceHub welcomes the progress brought forth by the GDPR. As a data processor, we work closely with privacy experts to ensure our security and privacy programs meet the standards outlined in the GDPR. Upon signing up to our platform, users agree to our Data Processing Addendum. The DPA is our contractual obligation to process data in a GDPR compliant manner.

Data protection by design

Data protection is a key consideration right from the early stages of the development lifecycle. We ensure that all our features are fully secure and all data processed by OnceHub is encrypted at rest and in transit.

Data protection by default

Data protection is our default mode of operation. We only collect and store data required to provide our service. If a user deletes their OnceHub account, we remove all their data from our systems within 180 days of deletion.

Compliance officers

OnceHub has designated an internal Data Protection Officer (DPO) to oversee compliance. Additionally, we have nominated VeraSafe, an experienced privacy consultancy, to represent OnceHub in the EU.

Data protection impact assessments

Our application is audited internally and externally on an ongoing basis to identify potential privacy flaws and exposures. Additionally, we perform impact assessments for any new features that may potentially affect the data flow of our application.

Lawful basis for processing

OnceHub obtains consent from users who agree to a Master Service Agreement, Data Processing Addendum, and Privacy Policy when signing up to our platform. Users can withdraw consent at any time by deleting their account. If you have specific security requirements, contact us for a custom agreement.


We hold ourselves accountable to the highest standards by providing visibility to our security program. We make all our legal documentation easily accessible from our Trust center, GDPR center, and Legal center. Upon request, users can access our annual SOC 2 audit report.

Data subject rights

OnceHub has enacted policies to protect users’ rights. We allow OnceHub users to opt-out of our notifications, and are ready to respond to any data access requests from our users.

Data breach notifications

We do our very best to protect your data, though the unexpected could happen. In such cases, we are committed to always being fully transparent and notifying the supervisory authority and all affected parties according to the GDPR requirements.

OnceHub's Data Protection Officer is available at