Onereach

Legal

Privacy Policy

Effective date: 28 April 2026

Onereach is an audience analytics platform for content creators. We take privacy seriously and we’ve written this policy in plain English. It explains what we collect, why, and what control you have. By using Onereach, you agree to this policy.

1. Who we are

Onereach is operated by the team behind trackwithonereach.com. For privacy questions or data-rights requests, contact us at support@trackwithonereach.com.

2. What we collect

We collect three categories of data:

  • Account data, your name, email, hashed password (or magic-link state), and subscription details. Provided directly by you when you sign up.
  • Connected platform data, when you link a platform via OAuth, we receive the metrics that platform exposes to you (follower counts, post engagement, audience demographics, content metadata, etc.). We never store your platform passwords; we only hold the OAuth tokens needed to fetch data on your behalf, encrypted at rest.
  • Usage data, basic technical info about how you use Onereach: pages visited, features used, error logs, and IP address. Used to keep the Service working and to improve it.

3. How we use it

We use your data to:

  • provide the Service, render dashboards, run analytics, send digests and alerts;
  • secure your account, prevent fraud, and debug issues;
  • communicate with you about the Service (transactional emails, product updates);
  • improve Onereach in the aggregate (e.g. understanding which features get used).

We do not sell your data, and we do not use it to train third-party AI models.

4. Connected platforms

Onereach integrates with YouTube, Instagram, TikTok, X, and Facebook through their official APIs. When you connect a platform, you’re subject to that platform’s own terms and privacy policy. Specifically, if you connect YouTube, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke a platform connection at any time from your Onereach dashboard or from the platform’s security settings. When you disconnect, we stop fetching new data and delete the OAuth tokens within 30 days.

5. Cookies

We use a small number of essential cookies, primarily to keep you signed in (an auth-session cookie set by Supabase) and to remember basic UI preferences. We don’t use third-party tracking cookies, and we don’t share data with advertising networks.

6. Service providers we share with

To run Onereach, we use a small number of trusted infrastructure providers, each bound by their own data-processing agreements:

  • Supabase, authentication and database hosting.
  • Vercel, application hosting and edge networking.
  • Stripe, subscription billing.
  • Resend, transactional and digest email delivery.
  • Sentry, error monitoring (post-launch).

We don’t share data with anyone else.

7. Where data is stored

Data is stored on infrastructure operated by the providers above, primarily in the United States and the European Union. By using Onereach you acknowledge your data may be processed outside your country of residence.

8. How long we keep it

Active accounts: we retain your account data and connected-platform metrics for the life of your account, plus a 30-day grace period after deletion in case you change your mind. Logs and aggregated analytics: up to 12 months. Billing records: as long as required by law (typically 7 years).

9. Your rights

You have the right to:

  • access the personal data we hold about you;
  • correct anything that’s inaccurate;
  • export your data in a portable format;
  • delete your account and associated data;
  • object to or restrict certain processing;
  • lodge a complaint with your local data-protection authority.

Most of these are self-serve from your dashboard. For anything else, email support@trackwithonereach.com and we’ll respond within 30 days.

10. Security

We use industry-standard practices: TLS for data in transit, encryption at rest for sensitive fields (including OAuth tokens), least-privilege access controls, and regular dependency updates. No system is perfectly secure, but we’ll notify affected users promptly if a breach materially impacts them.

11. Children

Onereach is not intended for users under 16. We don’t knowingly collect data from children under that age. If you believe a child has signed up, contact us and we’ll delete the account.

12. Changes to this policy

We may update this policy as the Service evolves. If we make material changes, we’ll notify you by email or in-app at least 14 days before they take effect. The current version is always available at trackwithonereach.com/privacy.

13. Contact

For privacy questions, data-rights requests, or anything else, email support@trackwithonereach.com.