Privacy Policy

2.1 Personal Information You Provide

Account Information:

• Name and email address during registration
• Company name and business information
• Contact details for billing and support
• Payment information (processed securely through Stripe)

Authentication Information:

• OAuth tokens for Pipedrive and Monday.com accounts
• Refresh tokens for maintaining service access
• Account identifiers and API credentials

2.2 Information from Third-Party Platforms

From Pipedrive (with your authorization):

• Basic account information and user details
• Deal records, stages, values, and related data
• Contact/people records and associated information
• User information for proper data attribution
• Search and configuration data
• Webhook notifications for real-time updates

From Monday.com (with your authorization):

• User profile information and account details
• Board data, structure, columns, and configuration
• Workspace information and organization structure
• Updates, comments, and communication threads
• Account settings and general information
• Webhook configurations and notifications

2.3 Automatically Collected Information

Usage Data:

• Service usage patterns and feature utilization
• Synchronization logs and performance metrics
• Error logs and diagnostic information
• IP addresses and device information
• Browser type and operating system

Technical Data:

• API call logs and response times
• Integration configuration settings
• Data mapping and sync preferences
• System performance and monitoring data

3.1 Service Provision

• Data Synchronization: Transfer and sync data between your Pipedrive and Monday.com accounts
• Real-time Updates: Detect changes and update corresponding platforms automatically
• Field Mapping: Match and map corresponding fields between platforms
• User Attribution: Properly attribute synced data to correct users
• Configuration Storage: Save and apply your custom sync settings

3.2 Service Improvement

• Performance Optimization: Analyze usage patterns to improve service performance
• Feature Development: Understand user needs to develop new features
• Bug Resolution: Identify and fix technical issues and errors
• Security Enhancement: Monitor for security threats and vulnerabilities

3.3 Communication

• Service Notifications: Send important updates about your account or service
• Support Response: Respond to your support requests and inquiries
• Billing Communications: Send invoices, payment confirmations, and billing notices
• Security Alerts: Notify you of security incidents or suspicious activity

3.4 Legal and Compliance

• Legal Obligations: Comply with applicable laws and regulations
• Terms Enforcement: Enforce our Terms and Conditions
• Dispute Resolution: Resolve disputes and investigate violations
• Data Protection: Fulfill data protection and privacy obligations

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.

4.2 Service Providers

We may share information with trusted service providers who assist us in operating our Service:

• Payment Processing: Stripe for secure payment processing
• Cloud Infrastructure: AWS for hosting and data storage
• Analytics: Performance monitoring and usage analytics tools
• Support Tools: Customer support and communication platforms

All service providers are contractually bound to protect your information and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations or court orders
• Protect and defend our rights or property
• Prevent or investigate fraud or security issues
• Protect the safety of users or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES encryption
• Access Controls: Role-based access controls limit data access to authorized personnel only
• Monitoring: Continuous monitoring for security threats and suspicious activity
• Authentication: Multi-factor authentication and secure authentication protocols
• Regular Audits: Regular security audits and vulnerability assessments

5.2 Third-Party Platform Security

• We rely on Pipedrive and Monday.com's security measures for data stored on their platforms
• We use secure OAuth protocols for authentication with third-party services
• We do not store unnecessary copies of your third-party platform data

5.3 Security Incident Response

We maintain comprehensive incident response procedures to address security breaches promptly. Users are notified of any security incidents that may affect their data within 72 hours of discovery, along with steps taken to mitigate the issue.

6.1 Retention Periods

• Account Data: Retained while your account is active and for 30 days after deletion
• Sync Logs: Retained for 90 days for troubleshooting and performance monitoring
• Billing Records: Retained for 7 years as required by tax and accounting regulations
• Support Communications: Retained for 3 years for quality assurance and training

6.2 Data Deletion

• You may request deletion of your data at any time
• Account deletion removes most data within 30 days
• Some data may be retained longer as required by law or legitimate business interests
• Anonymized data may be retained for analytics and service improvement

7.1 Access and Control

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data in a structured, machine-readable format
• Objection: Object to certain processing of your personal information

7.2 Communication Preferences

• You can opt out of non-essential communications
• You cannot opt out of service-related or security communications
• You can update your communication preferences in your account settings

7.3 Data Export

You can export your data in JSON or CSV formats through your account dashboard. Data export requests are fulfilled within 30 days and include all account configurations, sync settings, and integration logs.

8.1 Cookies We Use

• Essential Cookies: Required for basic service functionality and security
• Analytics Cookies: Help us understand service usage and performance
• Preference Cookies: Remember your settings and preferences

8.2 Managing Cookies

• You can control cookies through your browser settings
• Disabling essential cookies may affect service functionality
• We do not use cookies for advertising or marketing purposes

9.1 Data Location

• Primary data processing occurs in secure AWS regions
• Data may be transferred to other countries for processing by service providers
• All transfers comply with applicable data protection laws

9.2 Transfer Safeguards

• We implement appropriate safeguards for international data transfers
• Service providers are contractually bound to protect your information
• We comply with GDPR, CCPA, and other applicable privacy regulations

11.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

• Lawful Basis: We process your data based on contract performance and legitimate interests
• Data Protection Officer: Contact privacy@onespace.com for data protection inquiries
• Supervisory Authority: You may lodge complaints with your local data protection authority
• Right to Restriction: You may request restriction of processing in certain circumstances

11.2 California (CCPA)

If you are a California resident, you have rights under CCPA:

• Right to Know: Categories and specific pieces of information we collect
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information, so no opt-out is required
• Non-Discrimination: We will not discriminate for exercising your rights

11.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. If you have questions about your rights in your jurisdiction, please contact us.

12.1 Policy Updates

• We may update this Privacy Policy from time to time
• Material changes will be communicated via email or service notification
• Continued use after changes constitutes acceptance of the updated policy
• We will provide at least 30 days' notice for material changes

12.2 Version History

• Previous versions of this Privacy Policy are available upon request
• We maintain records of all policy changes and effective dates