The One Collections | the One Life

Last updated: October 4, 2025

This Privacy Policy explains how the One Collections (“we”, “us”, “our”) processes personal data in connection with the website www.theonecollections.com and the the One Life app (available in the Apple App Store and Google Play Store). If anything is unclear, email us at support@theonecollections.com.

Controller: The One Collections, Laan van Meerdervoort 1410, 2555 CH The Hague, The Netherlands

Chamber of Commerce (KvK): 52206122

Email: support@theonecollections.com

1) Categories of data we process

• Account & contact: first and last name, email address, country/region, optional billing address for invoices.
• Transactions: subscription status, receipts and purchase history (from Apple/Google); we do not receive your full card details.
• App & site usage: interactions, progress through modules/sections, preferences, session events, crash logs, device/OS info, IP address and general location derived from IP.
• Support: messages you send us and related metadata.
• Marketing preferences: your opt-ins/opt-outs for email and push notifications.
• User-generated content (UGC): notes you write in the app and photos you optionally upload within Track & Progress to attach to a note.

We do not collect medical records. If you choose to write personal reflections or upload photos, that content remains tied to your account.

2) Purposes and legal bases (GDPR)

• Provide the service (account creation, access, subscriptions, basic analytics to run the app) — Art. 6(1)(b) contract.
• Security, abuse prevention, diagnostics and improvement — Art. 6(1)(f) legitimate interests (balanced against your rights).
• Payments and invoicing — Art. 6(1)(b) and Art. 6(1)(c) (tax compliance).
• Marketing communications (email/push) — Art. 6(1)(a) consent; you can withdraw consent at any time in the app or via the unsubscribe link.

AI-assisted features (forward-looking notice): If we introduce AI-assisted features (for example, automated insights or summaries), these will only process data within the app environment and will not use your content to train external AI models.

3) Device permissions (Android/iOS)

• Camera: used only in Track & Progress when you choose to add a photo to your own note.
• We present an in-app explanation before the system prompt, request opt-in consent via the OS permission dialog, and you can deny or revoke access at any time in device settings.
• No other sensitive permissions listed by Google (e.g., Activity Recognition, Body Sensors, Bluetooth, Location, SMS, Microphone, Calendar read) are used in this version of the app.

We do not use the Android Accessibility API or any restricted APIs to bypass OS permissions. We comply with Google Play’s acceptable-use requirements.

4) Retention

• Account data: retained while your account is active; deleted or anonymised within 90 days after account deletion.
• Invoices/financial records: 7 years (Dutch tax law).
• Technical logs/crash data: up to 12 months, unless a shorter period is sufficient.
• Marketing data: until you unsubscribe or withdraw consent.
• UGC (notes/photos): stored with your account until you delete the note/photo or delete your account. Backups may persist briefly per backup rotation schedule.

5) Cookies and similar technologies

Our site uses:

• Functional cookies (necessary).
• Analytics cookies (aggregated and where possible anonymised).
• Marketing/tracking cookies only with your consent via our cookie banner.

See our Cookie Policy on the website for details and vendor list.

6) Sharing and disclosures

We only share data where necessary:

• Processors (on our instructions): hosting and databases, email service, analytics/diagnostics, crash reporting, customer support tooling, payment facilitators, and app platform infrastructure. Typical vendors may include Stripe, Google, Apple, Passion.io, Zapier, Meta (for integrations you opt into). We sign data processing agreements and use appropriate safeguards.
• Independent controllers: Apple and Google act as their own controllers for App Store/Play distribution, payments, Family Sharing/Legacy and platform-level analytics.
• Legal obligations: where required to comply with law or lawful requests.
• Play Console diagnostics: technical and diagnostic data related to app distribution and performance may also be processed by Google as part of Play Console services used for developer management. See Google’s Privacy Policy for details.

7) International transfers

Some processors are outside the EEA. We use adequate safeguards such as the EU–US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) with supplementary measures. Copies of key safeguards are available on request.

8) Security

We apply technical and organisational measures including TLS encryption in transit, role-based access control, least-privilege principles, periodic access reviews, logging and backup hygiene. No system is perfectly secure; we work to prevent, detect and respond.

9) Your rights (EEA/UK)

You can request access, rectification, erasure, restriction, portability, or object to processing based on legitimate interests or direct marketing. Where processing is based on consent, you can withdraw at any time without affecting prior lawful processing.

Submit requests to support@theonecollections.com. We respond within one month (extendable where permitted).

10) Children

the One Life is not directed to children under 16. If you believe we unintentionally collected data from a child, contact us to delete it.

11) Push notifications & in-app messages

We may send push notifications if you opt in. You can disable push in your device settings. Transactional messages (e.g., password resets, purchase confirmations) may still be sent as part of the service.

12) User controls for notes and photos

Within Track & Progress you can create, view and delete your notes and any attached photos at any time. Deleting a note/photo removes it from your account; residual copies may remain briefly in backups until those rotate.

13) Third-party links

Our content may link to third-party sites or resources. Their privacy practices are their own; review their policies.

14) Changes to this policy

We may update this policy. The “Last updated” date shows the current version. Material changes will be communicated in-app or by email where appropriate.

15) Complaints

You can always contact us first at support@theonecollections.com. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).